When Docker starts, it creates a virtual interface named on the host Docker0. It randomly chooses an, and subnet from the private range defined by RFC 1918 that are does not under the host Machi NE, and assigns it to DOCKER0. Docker made the choice 172.17.42.1/16 when I started it a few minutes ago, for Example-a 16-bit, netmask providing 65,534 Addresses for the host machine and its containers.
When rocker is started, a Docker0 virtual NIC is created on the host. He randomly picked a segment of the RFC1918 private network to DOCKER0. For example, the network segment of the 172.17.42.1/16,16 bitmask can have 65,534 addresses to use, which should be sufficient for the host and the container.
Note:this document discusses advanced networking configuration and options for Docker. In most cases your won ' t need this information. If you are looking to get started with a simpler explanation of Docker networking and a introduction to of con Tainer linking the Docker User Guide.
Note: This article describes the advanced network customization configuration of Docker, which you do not need to know to make the Docker work normally. Simple network configuration and introduction look at the above link on it.
But docker0 is no ordinary interface. It is a virtual ethernet bridge that automatically forwards packets between any other network e attached to it. This is lets containers communicate both with the host machine and. Every time Docker creates a container, it creates a pair of ' peer ' interfaces that are like opposite ends of a pipe-a pa Cket sent on one is received on the other. It gives one of the peers to the container to become its eth0 interface and keeps the other peer, with a unique Name LIKE VETHAQI2QT, out in the namespace of the host machine. By binding Every veth* interface to The docker0 bridge, Docker creates a virtual subnet shared Betwee n the host machine and every Docker container.
Docker0 is not a normal network card, he is a virtual network card bridge to other network cards, the container uses it to communicate with the host. When a docker container is created, it creates a pair of interfaces, and when packets are sent to an interface, another interface can receive the same packet, which is bound to a twin interface. The name of the interface in the container is eth0, and the interface on the host specifies a unique name, such as VETHAQI2QT, whose name is no longer in the host's namespace. All veth* interfaces are bridged to DOCKER0, so Docker creates a virtual shared network between the host and all containers.
The remaining sections of this document explain all of the ways, can use Docker options and-in advanced cases- Raw Linux networking commands to tweak, supplement, or entirely replace Docker ' s default networking configuration.
The next section will introduce the Docker of all network customization configurations in the advanced scenario. The native commands of Linux will adjust, supplement, and even replace the Docker default network configuration.
Quick Guide to the Options
Quick Configuration Guide
Here are a quick list of the networking-related Docker command-line options, in case it helps your find the section below th At your are looking for.
Here is a list of commands related to the Docker network that will allow you to quickly find the information you need.
Some Networking command-line options can only is supplied to the Docker server as it starts up, and cannot is changed on Ce it is running:
Some command options can only be executed when the Docker service is started and cannot take effect immediately.
-B or--bridge=bridge-see building your own bridge bridging
--bip=cidr-see Customizing Docker0 Custom Docker0
-H SOCKET ... or--host=socket...-this might sound like it would affect container, networking it but actually in th E Other direction:it tells the Docker server over what channels it should is willing to receive commands like "Run Contai" Ner "and" Stop container. " This may seem to affect the Docker network, but he actually refers to the other side of the content: it tells Docker which channel to receive commands like run container stop container.
Communication between--icc=true|false-see communication between containers containers
--ip=ip_address-see Binding container ports bound container port
Communication between--ip-forward=true|false-see communication between containers containers
Communication between--iptables=true|false-see communication between containers containers
--mtu=bytes-see Customizing Docker0 Custom Docker0
There are two networking options that can then supplied either at startup or when Docker the run is invoked. When provided in startup, set the default value that Docker run'll later use if the options are not specified:
The following 2 can be specified at the time of the Docker service startup and Docker run execution, and when the service is started, a default value is set for Docker run, Docker run to specify that the default value can be overridden.
--dns=ip_address...-see Configuring DNS DNS configuration
--dns-search=domain...-see Configuring DNS
Finally, several networking options can only is provided when calling Docker run because they specify something specific t O One container:
Finally, these options are only executed after Docker run because it is for the container's feature content.
-h HOSTNAME or--hostname=hostname-see configuring DNS and how Docker Networks a container host name
--link=container_name:alias-see configuring DNS and communication between containers links
--net=bridge|none|container:name_or_id|host-see how Docker Networks a container bridge
-P SPEC or--publish=spec-see Binding container ports port bindings
-P or--publish-all=true|false-see Binding container ports port bindings
The following sections tackle all of the above topics in a order this moves roughly from simplest to most.
The following is a detailed description of the above list, from simple to complex. Configuring DNS configuration DNS
How can docker supply the container with a hostname and DNS configuration, without have to build a custom image with th e hostname written inside? Its trick are to overlay three crucial/etc files inside the container with virtual files where it can write fresh Informat Ion. You can running mount inside a container:
Docker does not have a custom image, how to provide the host name and DNS configuration of the container. The trick is to overwrite the 3 files in the container with 3 profiles on the host, and use the Mount command in the container to see:
$$ Mount ... /dev/disk/by-uuid/1fec ... EBDF on/etc/hostname type ext4 ... /dev/disk/by-uuid/1fec ... EBDF on/etc/hosts type ext4 ... Tmpfs on/etc/resolv.conf type Tmpfs ... ...
This is arrangement allows Docker to do clever things like keep the up to date resolv.conf all across the host MA Chine receives new configuration over DHCP later. The exact details of how Docker maintains this files inside the container can change from one Docker version to the next, So your should leave the files themselves alone and use the following Docker options instead.
This mechanism allows the host to update the DNS configuration of all Docker containers immediately after the DNS information is updated from DHCP. If you want to keep these files fixed in docker, you can configure them without overwriting the configuration files in the container, and then using the options below.
Four different options affect container domain name services.
method for configuring the container DNS service in 4
-H HOSTNAME or--hostname=hostname-sets the HOSTNAME by which the container knows. This is written into/etc/hostname, into/etc/hosts as the name of the container ' s host-facing IP addresses, and is the name That/bin/bash inside the container would display inside its prompt. The But the hostname is not easy to the outside the container. It will isn't appear in Docker PS nor in the/etc/hosts file of any other container. Sets the host name of the container, which is written to the I in/etc/hostname,/etc/hosts The P address is automatically written as an assigned IP address, and the host name is displayed in/bin/bash. However, it is not displayed in Docker PS or in the/etc/hosts of other containers.
--link=container_name:alias-using This option as your run a CONTAINER gives the new CONTAINER ' s
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
