Docker use network commands to create your own network

Docker officially recommends users to use their own custom network, so it is best to use a custom network when using the container, the default Docker use the Bridge network, the bridge network under the Docker container can not resolve each other's container name. If you need a container to be able to communicate over a bridge network, the official permission to use the old version of--link,--link is the only use case recommended. Finally, the authorities strongly consider using a user-defined network.

OK, start talking about the basic network configuration for Docker (no Overlay network is used):

1. First, create and run two containers, Container1 and Container2:

$ docker run-itd--name=container1 BusyBox

18c062ef45ac0c026ee48a83afa39d25635ee5f02b58de4abc8f467bcaa28731

$ docker run-itd--name=container2 BusyBox

498eaaaf328e1018042c04b2de04036fc04719a6e39a097a4f4866043a2c2152

2. Create an isolated bridge network to test (i.e., customize the network).

$ docker Network create-d bridge--subnet 172.25.0.0/16

ISOLATED_NW 06a62f1c73c4e3107c0f555b7a5f163309827bfbbf999840166065a8f35455a8

3. Connect Container2 to the network, then inspect network authentication connection:

$ docker Network Connect ISOLATED_NW container2

$ docker Network inspect ISOLATED_NW

[
    {
        ' Name ': ' ISOLATED_NW ",
        " Id ":" 06a62f1c73c4e3107c0f555b7a5f163309827bfbbf999840166065a8f35455a8 ",
        " Scope ":" Local " ,
        "Driver": "Bridge",
        "IPAM": {
            "Driver": "Default",
            "Config": [
                {
                    "Subnet": "172.25.0.0/ ",
                    " Gateway ":" 172.25.0.1/16 "
                }
            ]
        },
        " containers ": {
            " 90e1f3ec71caf82ae776a827e0712a68a110a3f175954e5bd4222fd142ac9428 ": {
                " Name ":" Container2 ","
                EndpointId ":" 11cedac1810e864d6b1589d92da12af66203879ab89f4ccd8c8fdaa9b1c48b1d ","
                MacAddress ":" 02:42:ac:19:00:02 ",
                "ipv4address": "172.25.0.2/16",
                "ipv6address": "
            }
        },
        " Options ": {}
    }
]

Note Container2 automatically assigns an IP address. Because you--subnet specified an IP address when you created the network, you selected an IP address from the subnet.

To remind you, Container1 can only connect to the default bridge network.

4. Start a third container, but this time use the--IP flag to assign it an IP address and isolated_nw it to the network using the--network option of the Docker Run command:

$ docker Run--NETWORK=ISOLATED_NW--ip=172.25.3.3-itd--name=container3 busybox

467a7863c3f0277ef8e661b38427737f28099b61fa55622d6c30fb288d88c551

Whenever you specify an IP address for a container that is part of a network subnet, you can assign a container to a container by connecting the IPV4 or IPV6 address to the network by using the--IP or--IP6 flag. When you specify an IP address in this way when you use a user-defined network, the configuration is retained as part of the container configuration and applied when the container is reloaded. When you use a non-user-defined network, the assigned IP address is retained because the container's subnet does not change until the Docker daemon restarts, unless you are using a user-defined network.

5. Check the container3 of the network resources used. For brevity, truncate the following output.

$ docker Inspect--format= ' Container3 {"ISOLATED_NW": {"Ipamconfig": {"ipv4address":
      " 172.25.3.3 "},
      " Networkid ":" 1196a4c5af43a21ae38ef34515b6af19236a3fc48122cf585e3f3054d509679b ",
      " EndpointId ":" dffc7ec2915af58cc827d995e6ebdc897342be0420123277103c40ae35579103 ","
      Gateway ":" 172.25.0.1 ", "
      IPAddress": "172.25.3.3", "
      Ipprefixlen": "
      Ipv6gateway": "",
      "globalipv6address": "",
      ' Globalipv6prefixlen ': 0,
      ' MacAddress ': ' 02:42:ac:19:03:03 '}}}}

Because the connection Container3 to ISOLATED_NW when you start, it is not connected to the default bridge network at all.

6. Check the container2 of the network resources used. If you have Python installed, you can print out the output.

$ docker Inspect--format= ' Container2 | Python-m Json.tool {"bridge": {"Networkid": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee71298 "," EndpointId ":" 0099f9efb5a3727f6a554f176b1e96fca34cae773da68b3b6a26d046c12cb365 "," Gateway ":" 172.17. " 0.1 "," globalipv6address ":" "," Globalipv6prefixlen ": 0," ipamconfig ": null," IPAddress ": "172.17.0.3", "Ipprefixlen": "Ipv6gateway": "", "MacAddress": "02:42:ac:11:00:03"}, " ISOLATED_NW ": {" Networkid ":" 1196a4c5af43a21ae38ef34515b6af19236a3fc48122cf585e3f3054d509679b "," EndpointI D ":" 11cedac1810e864d6b1589d92da12af66203879ab89f4ccd8c8fdaa9b1c48b1d "," Gateway ":" 172.25.0.1 "," Globalip V6address ":" "," Globalipv6prefixlen ": 0," ipamconfig ": null," IPAddress ":" 172.25.0.2 "," Ipprefixlen ":", "Ipv6gateway": "", "MacAddress": "02:42:ac:19:00:02"}

Note that Container2 belongs to two networks. Bridge When you start it, it joins the default network and connects it to ISOLATED_NW.

eth0 Link EnCap: Ethernet hwaddr 02:42:ac:11:00:03

eth1 Link EnCap: Ethernet hwaddr 02:42:ac:15:00:02

7. Use the Docker attach command to connect to run Container2 and check its network stack:

$ Docker Attach Container2

Use this ifconfig command to check the network stack of the container. You should see two Ethernet interfaces, one for the default bridge network and another for the ISOLATED_NW network.

$ sudo ifconfig-a eth0 Link encap:ethernet hwaddr 02:42:ac:11:00:03 inet addr:172.17.0.3 bcast:0.0.0.0 mask:255.255.0.0 Inet6 addr:fe80::42:acff:fe11:3/64 scope:link up broadcast RUNNING multicast mtu:9
          001 metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 RX bytes:648 (648.0 b) TX bytes:648 (648.0 b) eth1 Link encap:ethernet hwaddr 02:42:ac:15:00:02 inet Add r:172.25.0.2 bcast:0.0.0.0 mask:255.255.0.0 inet6 addr:fe80::42:acff:fe19:2/64 scope:link up BROADC
          AST RUNNING multicast mtu:1500 metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 RX bytes:648 (648.0 b) TX bytes:648 (648.0 b) Lo Link encap:local loopback inet addr:127.0.0.1 Mask:255.0.0.0 Inet6 Addr::: 1/128 scope:host up loopback RUNNING mtu:65536 metric:1 RX PAC
          kets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 RX bytes:0  (0.0 B) TX bytes:0 (0.0 B)

8.

Docker an embedded DNS server can connect to a container for a given network for name resolution. This means that any connected container can ping another container on the same network through its container name. From inside Container2, you can ping Container3 by name.

/# ping-w 4 container3
ping Container3 (172.25.3.3): bytes bytes from
172.25.3.3:seq=0 .070 Ms
bytes from 172.25.3.3:seq=1 ttl=64 time=0.080 ms bytes from 172.25.3.3:seq=2 ttl=64 time=0.080
c4/>64 bytes from 172.25.3.3:seq=3 ttl=64 time=0.097 ms

---container3 ping statistics---
4 packets transmitted, 4 Packets received 0% packet loss round-trip Min/avg/max
= 0.070/0.081/0.097 ms

This feature does not apply to the default bridge network. Both Container1 and Container2 connect to the bridge network, but you cannot ping container1 the name of the container used from Container2.

/# ping-w 4 container1
ping:bad address ' container1 '

You can still ping the IP address directly:

/# ping-w 4 172.17.0.2
ping 172.17.0.2 (172.17.0.2): bytes bytes from
172.17.0.2:seq=0 .095 ms
bytes from 172.17.0.2:seq=1 ttl=64 time=0.075 ms bytes from 172.17.0.2:seq=2 ttl=64 time=0.072
c4/>64 bytes from 172.17.0.2:seq=3 ttl=64 time=0.101 ms

---172.17.0.2 ping statistics---
4 packets transmitted, 4 Packets received 0% packet loss round-trip Min/avg/max
= 0.072/0.085/0.101 ms

From separating the container2, leave it to use the run Ctrl-p ctrl-q. 9.

Currently, Container2 is connected to these two bridge and