Docker-Some understanding of the network

Docker provides us with a variety of (4) network modes that we can use to suit our needs. For example, when we run Continer on a host or the same Docker engine, we can choose Bridge Network mode, and when we need to run multiple container on multiple hosts to work together, The overlay model is our first choice.

When we complete the installation of the Docker engine, Docker generates 3 networks on each engine: bridge, none and host.

Default network Mode-bridge

First of all to Kan kan docker0. The reason is that it is the default network, because when we run container there is no "display" of the specified network, our running container will be added to the "default" Docker0 network. His pattern is bridge.

No Network mode-None

As the name implies, all container that are added to this network mode "cannot" communicate on the network. Looks like a little chicken ...

Host network Mode-host

This network mode will container and host network connection, although very direct, but cracked container isolation, so also more chicken ...

Custom Network

Because of the limitations of the 3 network models introduced earlier, Docker recommends that you customize your network. By customizing the network, we can implement "service discovery" and "DNS resolution".

Docker allows us to create 3 types of custom networks, Bridge,overlay,macvlan (which I haven't used yet).

Custom Bridge Network

Like Docker0, we can customize the bridge network, and by using a custom bridge network, we can implement communication between multiple container on a single host. His network model is as follows (image from Docker website):

docker_gwbridge

He is essentially a local bridge network, but he is the basis for us to implement container communication between multiple hosts. Normally, when we link swarm nodes, the Docker_gwbridge network is automatically created on each swarm node.

Customizing the Overlay Network

Docker provides us two ways to define the overlay network, before docker1.12, we need to rely on third-party tools (Consul, ETCD, and ZooKeeper (distributed store)) to register in a unified " Key-value "To implement" service discovery "and" DNS resolution "to achieve multiple container communication on different host. However, after docker1.12, we can use the "original ecological" swarm to achieve "service discovery" and "DNS resolution".

Swarm was designed for service (a set of container), so overlay networks created through Swarm did not support a single container at the outset. But in docker1.13, we can declare that the currently created overlay network can be joined directly by the container by the "--attach" parameter.

Before we create the overlay network, we need to build a swarm cluster, which can refer to my previous essays:

Docker-run containers using the network of overlay mode created in swarm mode

Docker built-in DNS server

Here, we will be wondering why Docker can communicate between container?  The answer is Docker's built-in DNS server. For a detailed description of him, please refer to the website link.

https://docs.docker.com/engine/userguide/networking/configure-dns/

Docker-Some understanding of the network