Docker Network Command

Ext: 51627821

Original address: https://docs.docker.com/engine/userguide/networking/work-with-networks/

Docker Network Command

All the sub-commands of the Docker network are as follows:

• Docker Network Create
• Docker Network Connect
• Docker Network LS
• Docker Network RM
• Docker Network Disconnect
• Docker Network Inspect

Create a network

A default bridge network is created automatically when you install the Docker engine docker0 .
In addition, you can create your own bridge network or overlay network.

bridgeThe network is attached to a single host running Docker engine, and the overlay network can cover a multi-host environment that runs its own Docker engine.

Creating a bridge network is simple as follows:

# 不指定网络驱动时默认创建的bridge网络 docker network create simple-network # 查看网络内部信息 docker network inspect simple-network # 应用到容器时，可进入容器内部使用ifconfig查看容器的网络详情

However, to create a overlay network requires some prerequisites (please refer to the Docker容器网络 relevant content for specific operation):
-Key-value Store (engine supports Key-value store for distributed storage such as Consul, ETCD and zookeeper)
-All hosts in the cluster are connected to the Key-value store
-The following daemon parameters are configured for each host in the Swarm cluster
-–cluster-store
-–cluster-store-opt
-–cluster-advertise
Then create the overlay network:

# 创建网络时，使用参数`-d`指定驱动类型为overlaydocker network create -d overlay my-multihost-network

With --subnet the option to create a subnet, the bridge network can only specify one subnet, and the overlay network supports multiple subnets.

Networks created under bridge and overlay network can specify different parameters, please refer to: https://docs.docker.com/engine/userguide/networking/work-with-networks/

Connecting containers

Create three containers, the first two using the default network boot container, and the third using a custom bridge network boot.
Then add a second container to the custom network. The network conditions for these three containers are as follows

• First container: Only the default Docker0
• Second container: belongs to two network--DOCKER0, a custom network
• Third container: Only custom networks

Description: Starting a specified network through a container overrides the default bridge network Docker0.

# Create three containers Container1,container2,container3dockerrun-itd --name=container1 busyboxdocker run-itd --name=container2 busybox# Create a network Mynetdocker Network create-d bridge --subnet 172.25.0.0/16 mynet# Connect container containerr2 to new network Mynetdocker connect mynet con Tainer2# Use MyNet network to container container3docker run --net=mynet--ip=172.25.3.3-itd --name=container3 busybox # View the network of these three containers Docker networks inspect Container1 # docker0docker Network inspect Container2 # Docker0, Mynetdocke R network Inspect Container3 # mynet             

Differences between the default network and the Custom Bridge network

Default network Docker0: All hosts in the network can only access each other with IP. --linkcontainers created with options allow direct access to the linked container name (container-name) as a hostname.
Custom Network (BRIDGE): All hosts in the network, in addition to IP access, can also be accessed directly with the container name (container-name) as hostname.

# 进入container2内部docker attach container2ping -w 4 container3 # 可访问ping -w 4 container1 # 不可访问ping -w 4 172.17.0.2 # 可访问container1的IP# Ctrl+P+Q退出容器，让container2以守护进程运行

The difference between the default network and the custom Bridge network in the container connection

Use link legency in the default network, as follows:
-use container name as hostname
-Specify alias when the link container: --link=<Container-Name>:<Alias>
-For --icc=false secure connection between containers with isolation
-Environment variable Injection

Using Docker net in a custom network provides the following features:
-Automating name resolution with DNS
-A secure, isolated environment for a network-provided container
-Dynamically attach and detach to multiple networks
-Support is --link used with the option to provide an alias for the linked container (can be the maximum difference between the link container and the –link used in the default container)

The link in the default network is static, does not allow the linking container to restart, and the link under the custom network is dynamic and supports link container restart (and IP change)
Therefore, the --link containers that are linked at the time of use must be created in advance in the default network, and the custom network does not have to be pre-built.

When you use docker network connetct a container to connect to a new network, you --link can specify different aliases when you link the same container with parameters, which are for different networks.

#Run the container using a custom network while using the--Link links container5 containers that do not yet existDockerRun--Net=mynet-Itd--Name=container4--LinkContainer5:c5BusyBox#Creating a container Container5DockerRun--Net=mynet-Itd--Name=container5--link container4:c4 busybox#  Although the same container, but in different network environment connection can be different alias link network connect --link container5:foo local_alias container4docker network connect - -link container4:bar local_ Alias container5          

Specify the container's alias on the Network range (network-scoped alias)

Network-scoped alias is an alias that specifies the container to be accessed by other containers within the same network scope.
Unlike the link alias, the link alias is provided by the user of the linked container, only it can be used by itself;
The specified network-wide alias is used by the container for other containers in the network.

network-scoped alias: Multiple containers on the same network can specify the same alias, but only the container with the first specified alias will be in effect.
The alias of the second container that specifies the same alias will only begin to take effect when the first container is closed.

run --net=mynet -itd --name=container6 --net-alias app busyboxdocker network connect --alias scoped-app local_alias container6docker run --net=isolated_nw -itd --name=container7 --net-alias app busyboxdocker network connect --alias scoped-app local_alias container7# 在container4中docker attach container4ping app # 访问container6的IP# 从container4中以守护进程运行退出：Ctrl+P+Qdocker stop container6docker attach container4ping app # 访问的container7的IP

Disconnecting and removing networks

# 容器从mynet网络中断开（它将无法再网络中的容器container3通讯）docker network disconnect mynet container2# 测试与容器container3失败docker attach container2ping contianer3 # 访问失败 

In a multi-host network environment, an error occurs when a container is connected to the network with the removed container name. container already connected to network
The new container needs to be forcibly removed docker rm -f , rerun, and connected to the network.

Removing a network requires that all containers in the network shut down or disconnect from this network to be able to use the Remove command:

# 断开最后一个连接到mynet网络的容器docker network disconnet mynet container3# 移除网络docker network rm mynet

(GO) Docker Network command