18 ‐ Docker Networking - CloudScope/DevOpsWithCloudScope GitHub Wiki

Docker Networking

Docker networking is essential for enabling communication between containers, external networks, and the Docker host. Below are key concepts and details you should know:

1. Network Types in Docker

Docker provides different network modes for containers, each with its own use case:

a) Bridge Network (Default Network)

Use Case: Default network for containers when no other network is specified.
Description: Containers on the same bridge network can communicate with each other using container names, but not with containers on other networks.
Command: docker network create bridge

b) Host Network

Use Case: For performance-sensitive applications that need direct access to the host's networking stack.
Description: The container shares the host's network interfaces. No network isolation between the container and the host.
Command: docker run --network host <container_name>

c) None Network

Use Case: When you don’t want any network connectivity for a container.
Description: Disables networking for the container, and it has no access to external networks.
Command: docker run --network none <container_name>

d) Overlay Network

Use Case: Multi-host communication, especially for Docker Swarm or Kubernetes clusters.
Description: Enables containers across different Docker hosts to communicate securely. The network spans across different Docker daemons.
Command: docker network create --driver overlay <network_name>

e) Macvlan Network

Use Case: When you need containers to appear as physical devices on the network.
Description: Provides containers with their own IP addresses on the physical network, bypassing Docker’s default network isolation.
Command: docker network create -d macvlan --subnet=<subnet> <network_name>

2. Key Docker Networking Commands

Inspect Network: To view network details, including IP range, container connections, and settings.
```
docker network inspect <network_name>
```
List Networks: To see the list of networks.
```
docker network ls
```
Connect Container to a Network: To attach a running container to a network.
```
docker network connect <network_name> <container_name>
```
Disconnect Container from a Network: To detach a running container from a network.
```
docker network disconnect <network_name> <container_name>
```

3. Port Binding & Exposing Ports

Expose Ports: This makes a port accessible outside the container.
```
docker run -d -p 8080:80 nginx
```
- Here, port 80 inside the container is bound to port 8080 on the host.
Publishing Ports: This allows external systems to connect to the container through the specified ports.
```
docker run -d -p 8080:80 --name webserver nginx
```
Binding Ports to Multiple Hosts: For scaling applications across multiple hosts.
```
docker run -d -p 192.168.1.100:8080:80 nginx
```

4. Network Aliases

Use Case: You can assign network aliases to containers when they are connected to a network, allowing for easier communication between containers.
```
docker network connect --alias <alias_name> <network_name> <container_name>
```
Accessing Containers: After assigning an alias, other containers on the same network can refer to this container by its alias.

5. DNS in Docker Networking

DNS Resolution: Docker automatically provides DNS resolution for container names, allowing containers to communicate by name.
Custom DNS Server: Docker allows specifying a custom DNS server for container resolution.
```
docker run --dns <dns_server> <container_name>
```

6. Networking in Docker Compose

Default Network: Docker Compose automatically creates a default network for all containers.
Service Communication: Containers in a docker-compose.yml file can refer to each other by service names.

Defining Networks in Compose: You can define custom networks in a docker-compose.yml file.

version: '3'
services:
  web:
    image: nginx
    networks:
      - frontend
  db:
    image: postgres
    networks:
      - backend
networks:
  frontend:
  backend:

7. Swarm Networking

Overlay Network in Docker Swarm: Swarm mode requires an overlay network to allow communication between services across different Docker hosts in the swarm.
```
docker network create --driver overlay my_overlay_network
```
Service Discovery in Swarm: In a Docker Swarm, you can use service names as DNS names for communication between services.

8. Network Security Considerations

Container Isolation: Docker networks can provide isolation between containers. By using custom networks and security options, you can restrict unwanted connections.
Network Policies: Use firewalls, custom IP tables, or Docker's own network controls to manage communication between containers.

9. Debugging Networking Issues

Ping Between Containers: Use docker exec to enter a container and check connectivity.
```
docker exec -it <container_name> ping <target_container_name_or_ip>
```
Checking IP Address: Inside a container, you can check its IP address using:
```
docker exec -it <container_name> ifconfig
```

10. Docker Network Drivers

Docker allows different network drivers that handle networking in different ways:

Bridge: The default networking driver.
Host: The container shares the host’s network stack.
Overlay: Used for multi-host networking, especially in Swarm mode.
Macvlan: Allows containers to have their own MAC addresses and appear as physical devices on the network.

11. Network Bridge Internals

Bridge Network in Detail: When containers are connected to the bridge network, Docker creates a virtual Ethernet bridge (docker0 by default), which acts as a gateway for the containers to communicate.
IPtables Rules: Docker automatically configures iptables rules for traffic routing between the containers and external networks.