Docker Network mode
This paper first introduces the 4 kinds of network working methods of Docker itself,
Docker as the hottest lightweight container technology at present, there are many commendable features, such as Docker mirroring management. However, Docker also has many imperfect places, the network aspect is the Docker relatively weak part. Therefore, it is necessary for us to have an in-depth understanding of Docker's network knowledge to meet the higher network requirements.
Four types of network models
When we use Docker run to create the Docker container, we can specify the network mode of the container with the--net option, Docker the following 4 network modes:
Host mode , using--net=host designation.
container mode , using--NET=CONTAINER:NAME_OR_ID designation.
None Mode , using--net=none designation.
Bridge mode , using--net=bridge to specify the default settings.
1 host Mode
As we all know, Docker uses Linux's namespaces technology for resource isolation, such as PID namespace isolation process, Mount namespace isolation file system, network namespace isolation network, and so on. A network namespace provides a separate network environment, including NIC, routing, iptable rules, and other network namespace isolation. A docker container is typically assigned an independent network Namespace. However, if the host mode is used when the container is started, the container will not get a separate network Namespace, but instead share a network Namespace with the host. The container will not be virtual out of its own network card, configure its own IP, and so on, but use the host's IP and port.
For example, we use host mode on a 10.10.101.105/24 machine to start a Docker container that contains Web applications and listen for TCP80 ports. When we perform any similar ifconfig command in the container to view the network environment, we see the information on the host. The external access to the application of the container, the direct use of 10.10.101.105:80 can be, without any NAT conversion, like running directly in the host. However, other aspects of the container, such as the file system, the process list, and so on, are isolated from host hosts.
2 Container Mode
After the host mode is understood, the pattern is well understood. This pattern specifies that the newly created container and a container that already exists share a network Namespace instead of being shared with the hosting host. The newly created container does not create its own network card, configures its own IP, but shares the IP, port range, and so on with a specified container. Similarly, two containers are isolated in addition to the network, such as file systems, process lists, and so on. The process of two containers can be communicated through the LO Nic device.
3 None Mode
This pattern differs from the first two. In this mode, the Docker container has its own network Namespace, but does not make any network configuration for the Docker container. In other words, this Docker container does not have the network card, IP, route and so on information. We need to add the NIC, configure IP, etc. for Docker container.
4 Bridge Mode
Bridge mode is docker default network setting, which assigns network Namespace to each container, sets IP, and connects the Docker container on one host to a virtual network bridge. The following highlights this pattern.
Host mode
Use –net=host to specify when using Docker run
The network used by Docker is actually the same as the host, and the IP card that is seen in the container is the IP on the host.
[Root@localhost ~]# Docker run-it--rm--net=host centos_with_net Bash
–RM, delete the mirror while exiting the mirror
[Root@localhost/]# ifconfig docker0:flags=4163<up,broadcast,running,multicast> MTU 1500 inet 172.17.42.1 Netm Ask 255.255.0.0 broadcast 0.0.0.0 inet6 fe80::8cfc:c7ff:fe49:f1ae prefixlen scopeid 0x20<link> ether 4e:9
0:a4:b6:91:91 Txqueuelen 0 (Ethernet) Rx Packets Bytes 3820 (3.7 KiB) Rx errors 0 dropped 0 overruns 0 frame 0 TX Packets 6 Bytes 468 (468.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0:flags=4163<up,b Roadcast,running,multicast> MTU 1500 inet 192.168.1.179 netmask 255.255.255.0 broadcast 192.168.1.255 Inet6 Fe8 0::20c:29ff:fedb:b228 prefixlen ScopeID 0x20<link> ether 00:0c:29:db:b2:28 txqueuelen 1000 (Ethernet) RX Packets 10562 Bytes 868003 (847.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2985 bytes 390673 (381.
5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo:flags=73<up,loopback,running> MTU 65536 inet 127.0.0.1 netmask 255.0.0.0 Inet6:: 1 prefixlen 128 ScopeID 0x10
Comparison of IP information with host hosts
[Root@localhost ~]# ifconfig docker0 Link encap:ethernet hwaddr 4e:90:a4:b6:91:91 inet addr:172.17.42.1-bcast:0.0.0 .0 mask:255.255.0.0 Inet6 addr:fe80::8cfc:c7ff:fe49:f1ae/64 scope:link up broadcast RUNNING multicast MTU:1500
Metric:1 RX packets:58 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 RX bytes:3820 (3.7 KiB) TX bytes:468 (468.0 b) eth0 Link encap:ethernet hwaddr 00:0c:29:db:b2:28 inet addr:192.168 .1.179 bcast:192.168.1.255 mask:255.255.255.0 inet6 addr:fe80::20c:29ff:fedb:b228/64 scope:link up BROADCAST RU
nning multicast mtu:1500 metric:1 RX packets:10661 errors:0 dropped:0 overruns:0 frame:0 TX packets:3012 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:876797 (856.2 KiB) TX bytes:398049 (388.7 KiB) Lo Link encap:local loopback inet addr:127.0.0.1 mask:255.0.0.0 inet6 addr::: 1 /128 ScopE:host up loopback RUNNING mtu:65536 metric:1 RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 RX bytes:960 (960.0 b) TX bytes:960 (960.0 b) veth5e2dff4 Link encap:ethernet hwaddr 96:65:1b:d2:f7:5d inet6 addr:f E80::9465:1BFF:FED2:F75D/64 scope:link up broadcast RUNNING multicast mtu:1500 metric:1 RX packets:7 errors:0 Dr
opped:0 overruns:0 frame:0
TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 RX bytes:558 (558.0 b) TX bytes:1584 (1.5 KiB) vethb086b1c Link encap:ethernet hwaddr de:df:66:d8:f2:df inet6 Addr: FE80::d cdf:66ff:fed8:f2df/64 scope:link up broadcast RUNNING multicast mtu:1500 RX metric:1 packets:8 D
ropped:0 overruns:0 frame:0
TX packets:34 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 RX bytes:636 (636.0 b) TX bytes:2700 (2.6 KiB) Veth55dbbb2 Link Encap:ethernet hwaddr ca:4d:09:cd:da:27 inet6 addr:fe80::c84d:9ff:fecd:da27/64 scope:link up BROADCAST RUNNING
Multicast mtu:1500 metric:1 RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:42 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 RX bytes:558 (558.0 b) TX bytes:3336 (3.2 KiB) veth111b1ca Link encap:ethernet hwaddr 4e:90:a4:b6:91:91 inet6 Addr: FE80::4C90:A4FF:FEB6:9191/64 scope:link up broadcast RUNNING multicast mtu:1500 metric:1 RX packets:7 errors:0 D
ropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 RX bytes:558 (558.0 b) TX bytes:1026 (1.0 KiB) veth628d605 Link encap:ethernet hwaddr 5e:c8:eb:db:ea:69 inet6 Addr: FE80::5CC8:EBFF:FEDB:EA69/64 scope:link up broadcast RUNNING multicast mtu:1500 metric:1 RX packets:7 errors:0 D
ropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:558 (558.0 b) TX bytes:468 (468.0 b) veth991629e Link encap:ethernet hwaddr b6:64:e5:d5:1b:d6 inet6 addr:f E80::B464:E5FF:FED5:1BD6/64 scope:link up broadcast RUNNING multicast mtu:1500 metric:1 RX packets:7 errors:0 Dr
opped:0 overruns:0 frame:0
TX packets:27 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 RX bytes:558 (558.0 b) TX bytes:2142 (2.0 KiB) veth5446780 Link encap:ethernet hwaddr c2:f4:f5:71:f3:bd inet6 Addr: FE80::C0F4:F5FF:FE71:F3BD/64 scope:link up broadcast RUNNING multicast mtu:1500 metric:1 RX packets:7 errors:0 D
ropped:0 overruns:0 frame:0
TX packets:49 errors:0 dropped:0 overruns:0 carrier:0 collisions:0
RX bytes:558 (558.0 b) TX bytes:3894 (3.8 KiB)
Container mode
With –net=container:container_id/container_name, multiple containers use a common network to see IP is the same.
[Root@localhost ~]# Docker PS CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 71 69e8be6d3e CentOS "/bin/bash" about a hour ago up about a hour serene_goldstine 4cd696928bbe CentOS "Bash" about a hour ago up about a hour cent_testv2 4f5bf6f33f2c centos "Bash" About a hour ago up about a hour Gloomy_colden 0a80861145c9 centos "bash" about an hour ago up about a hour Mad_carson fb45150dbc21 centos "bash" about a hour ago up about a hour Cent_testv 3222c7c5c456 CentOS "bash" 2 hours ago up 2 hours Sick_albattani E 136b27a8e17 centos "bash" 2 hours ago up 2 hours tender_euclid [root@localhost ~]# Docker exec-it 7169 Bash [root@7169e8be6d3e/]# ifconfig bash:ifconfig:command not found [root@7169e8be6d3e/]# Yum- Y net-tools ifconfig [root@7169e8be6d3e/]# ifconfig eth0:flags=4163<up,broadcast,running,multicast> MTU 1500 inet 172.17.0.8 netmask 2 55.255.0.0 broadcast 0.0.0.0 inet6 fe80::42:acff:fe11:8 prefixlen scopeid 0x20<link> ether 02:42:ac:11:00
: Txqueuelen 0 (Ethernet) Rx packets 5938 Bytes 15420209 (14.7 MiB) Rx errors 0 dropped 0 overruns 0 frame 0 TX Packets 4841 Bytes 329652 (321.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo:flags=73<up,
Loopback,running> MTU 65536 inet 127.0.0.1 netmask 255.0.0.0:: 1 inet6 prefixlen 128 ScopeID Loop Txqueuelen 0 (local loopback) Rx packets 0 Bytes 0 (0.0 B) Rx Errors 0 dropped 0 overruns 0 frame 0 TX Packets 0 Bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 Collisions 0 [root@7169e8be6d3e/]# exit Exit [R Oot@localhost ~]# Docker run-it--rm--net=container:7169 centos_with_net bash [root@7169e8be6d3e/]# ifconfig-Eth0:flag S=4163<up,broadcast,rUnning,multicast> MTU 1500 inet 172.17.0.8 netmask 255.255.0.0 broadcast 0.0.0.0 INET6 fe80::42:acff:fe11:8 pre Fixlen ScopeID 0x20<link> ether 02:42:ac:11:00:08 txqueuelen 0 (Ethernet) RX packets 5942 Bytes 15420377
(14.7 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4855 bytes 330480 (322.7 KiB) TX errors 0 dropped 0 overruns 0 Carrier 0 Collisions 0 lo:flags=73<up,loopback,running> MTU 65536 inet 127.0.0.1 netmask 255.0.0.0 Inet6 :: 1 prefixlen 128 ScopeID 0x10
None mode
Use –net=none to specify that no network will be configured in this mode.
[Root@localhost ~]# Docker run-it--rm--net=none centos_with_net bash
[root@67d037935636/]# ifconfig \ lo:flags
=73<up,loopback,running> MTU 65536
inet 127.0.0.1 netmask 255.0.0.0
:: 1 inet6 prefixlen 128 ScopeID Lt;host>
Loop Txqueuelen 0 (local loopback)
Rx packets 0 Bytes 0 (0.0 B)
Rx errors 0 dropped 0 overruns 0 f Rame 0
TX Packets 0 Bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Bridge mode (default mode)
Use –net=bridge to specify that this network mode is not specified by default. This pattern assigns a separate network Namespace to each container. A NAT network pattern similar to VMware. All containers on the same host will be able to communicate with each other under the same network segment.
Thank you for reading, I hope to help you, thank you for your support for this site!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
