DOCKER6 's Network containers

How to network your containers.

Launch a container on the default network

Docker includes support for networking containers through the use of the network drivers.

drivers. By default, Docker provides-drivers for you, the and the bridge overlay drivers.

You can also write a, network driver plugin So, can create your own drivers but that's an advanced task.

Every installation of the Docker Engine automatically includes three default networks. You can list them:

$ docker Network lsnetwork ID          NAME                driver18a2866682b8        none                nullc288470c46f6        host                HOST7B369448DCCB        Bridge              Bridge

The network named is bridge a special network. Unless the IT otherwise, Docker always launches your containers in the This network.

$ docker RUN-ITD--name=networktest ubuntu74695c9cea6d9810718fddadc01a727a5dd3ce6a69d09752239736c030599741

Inspecting the network is a easy-to-find out-of-the-container ' s IP address.

$ docker Network Inspect bridge[{"Name": "Bridge", "Id": "F7ab26d71dbd6f557852c7156ae0574bbf62c42f539b5            0c8ebde0f728a253b6f "," Scope ":" Local "," Driver ":" Bridge "," EnableIPv6 ": false," IPAM ": { "Driver": "Default", "Options": null, "Config": [{"Subne  T ":" 172.17.0.1/16 "," Gateway ":" 172.17.0.1 "}]}," Internal ":                False, "Containers": {"3386a527aa08b37ea9232cbcace2d2458d49f44bb05a6b775fba7ddd40d8f92c": { "Name": "Networktest", "EndpointId": "647C12443E91FAF0FD508B6EDFE59C30B642ABB60DFAB890B4BDCCEE38750BC1 "," MacAddress ":" 02:42:ac:11:00:02 "," ipv4address ":" 172.17.0.2/16 "," IPV6AD            Dress ":" "}}," Options ": {" Com.docker.network.bridge.default_bridge ":" true ", "Com.docker.networK.BRIDGE.ENABLE_ICC ":" true "," Com.docker.network.bridge.enable_ip_masquerade ":" true "," Com.docker. " Network.bridge.host_binding_ipv4 ":" 0.0.0.0 "," Com.docker.network.bridge.name ":" Docker0 "," Com.dock ER.NETWORK.DRIVER.MTU ":" 9001 "}," Labels ": {}}]

　　

You can remove a container from a network by disconnecting the container.

To does this, you supply both the network name and the container name.

You can also use the container ID.

In this example, though, the name is faster.

$ docker Network Disconnect Bridge Networktest

While you can disconnect a container from a network, you cannot remove the Builtin bridge network named bridge .

Networks is natural ways to isolate containers from other containers or other Networks.

So, as a get more experienced with Docker, you'll want to create your own networks.

Create Your own bridge network

Docker Engine natively supports both bridge networks and overlay networks.

A bridge network is limited to a single host running Docker Engine.

An overlay network can include multiple hosts and are a more advanced topic.

For the example, you ll create a bridge network:

$ docker Network Create-d Bridge My_bridge

The -d flag tells Docker to use the bridge driver for the new network.

You could has left this flag off as was the bridge default value for this flag.

Go ahead and list the networks on your machine:

$ docker Network lsnetwork ID          NAME                DRIVER7B369448DCCB        bridge              bridge615d565d498c        My_bridge           Bridge18a2866682b8        None                nullc288470c46f6        host                Host

IF you inspect the network, you'll find that it had nothing in it.

$ docker Network Inspect my_bridge[    {        "Name": "My_bridge",        "Id": " 5a8afc6364bccb199540e133e63adb76a557906dd9ff82b94183fc48c40857ac ",        " Scope ":" Local ",        " Driver ":" Bridge ",        " IPAM ": {            " Driver ":" Default ",            " Config ": [                {                    " Subnet ":" 10.0.0.0/24 ",                    " Gateway ":" 10.0.0.1 "                }            ]        },        " Containers ": {},        " Options ": {},        " Labels ": {}    }]

　　

ADD Containers to a network

To build Web applications, the act in concert but does so securely, create a network.

Networks, by definition, provide complete isolation for containers.

You can add containers to a network when you first run a container.

Launch a container running a PostgreSQL database and pass it the --net=my_bridge flag to connect it to your new network:

$ docker run-d--net=my_bridge--name db training/postgres

If you inspect your your see my_bridge it has a container attached. You can also inspect your container to see where it is connected:

$ docker Inspect--format= ' {{json. networksettings.networks}} '  db{"My_bridge": {"Networkid": " 7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99 "," EndpointId ":" 508b170d56b2ac9e4ef86694b0a76a22dd3df1983404f7321da5649645bf7043 "," Gateway ":" 10.0.0.1 "," IPAddress ":" 10.0.0.254 "," Ipprefixlen ":", "Ipv6gateway": "," globalipv6address ":" "," Globalipv6prefixlen ": 0," MacAddress ":" 02:42:ac : 11:00:02 "}}

　　

Now, go ahead and start your by now familiar Web application. This time, don ' t specify a network.

$ docker run-d--name Web Training/webapp python app.py

Which network is your web application running under?

Inspect the application and you'll find it's running in the default bridge network.

$ docker Inspect--format= ' {{json. networksettings.networks}} '  web{"bridge": {"Networkid": " 7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812 "," EndpointId ":" 508b170d56b2ac9e4ef86694b0a76a22dd3df1983404f7321da5649645bf7043 "," Gateway ":" 172.17.0.1 "," IPAddress ":" 10.0.0.2 "," Ipprefixlen ":", "Ipv6gateway": "," globalipv6address ":" "," Globalipv6prefixlen ": 0," MacAddress ":" 02:42:ac : 11:00:02 "}}

Then, get the IP address of yourweb

$ docker Inspect--format= ' {{range. networksettings.networks}}{{. Ipaddress}}{{end}} ' web172.17.0.2

Now, open a shell to your running db container:

$ docker exec-it db bash[email protected]:/# ping 172.17.0.2ping 172.17.0.2PING 172.17.0.2 (172.17.0.2) (+) bytes of D Ata.^c---172.17.0.2 ping statistics---Packets transmitted, 0 received, 100% packet loss, time 43185ms

After a bit, use the end of the and you CTRL-C ping ll find the ping failed.

That is because the containers was running on different networks. Can fix that.

The exit command to close the container.

Docker networking allows-attach a container to as many networks as. You can also attach an already running container.

Go ahead and attach your running web app to the my_bridge .

$ docker Network Connect My_bridge Web

Open a shell into the db application again and try the ping command. This time just use the container name web rather than the IP address.

$ docker exec-it db bash[email protected]:/# ping webping web (10.0.0.2) (+) bytes of data.64 bytes from web (10.0.0.2 ): icmp_seq=1 ttl=64 time=0.095 ms64 bytes from web (10.0.0.2): icmp_seq=2 ttl=64 time=0.060 ms64 bytes from web (10.0.0.2 ): icmp_seq=3 ttl=64 time=0.066 ms^c---Web ping statistics---3 packets transmitted, 3 received, 0% packet loss, time 200 0msrtt Min/avg/max/mdev = 0.060/0.073/0.095/0.018 ms

pingthe shows it is contacting a different IP address and the address on the my_bridge which are different from their address on t He bridge network.

DOCKER6 's Network containers