Hello friends! In previous post in this series I described what is Docker ? How it used ? and How you can get started with Docker ? In this post I will explain Networking concepts.
Docker Networking
Docker is very flexible and versatile when it comes configurations. Docker networking is used to enable and configure communication between other docker containers or outside services. Could be a database or REST API in other network. Docker supports different kind of networking configurations. Docker also has internal DNS service that adds new entry to the resolv.conf whenever a new container is created. Will explain in detail.
First of all will describe the underlying networking modes(Drivers). They are Host, Bridge, Overlay and Macvlan. Besides these there is none mode which basically disables networking of a container. This mainly used when there is some custom network driver is used.
Bridge
In Docker, Bridge is a software bridge that help all the containers to connect to the same bridge. So they can communicate and provide isolation to other containers that are not connected. This is the default network mode used if another mode is not defined. Bridge is applied only for containers in the same docker daemon. For communicating with other containers in another Docker daemon hosts we will have to use OS level routing or overlay mode.
Host
Host network mode removes all the isolation between conatiner's network and docker host network. The container will be sharing the host's network. To make more sense, if your container is using port 8000 inside container then there is no need to publish that port using -p, You will be able to access your app at port 8000 of host's localhost/ip address. -p option is ignored when you are using host network mode.
host network mode is useful to reduce latency or expose large number of ports.
Overlay
Overlay network enables networking between multiple Docker daemons. This can be used to connect swarm service together without any OS level routing configurations.
Macvlan
Macvlan let's you to assign a MAC address to your container. This makes your container look like a physical device in your network. This is useful to monitor network traffic, making it look like a physical device. There is lot of configuration that can be done in macvlan mode.
Besides all these network drivers there are third-party network plugins available to integrate with different types of networks.
Container Networking
Ports, IP Addresses and DNS
Every container has a network interface with an IP address, gateway, routing table, DNS service and other networking details. When you are creating a container none of the container's ports are published to the external world (If you are using host mode then no need). To publish a port to outside network or to a container which are not connected to the same network, we can use --publish or -p flag. This creates an firewall rule to map the container port to the port of the Docker host.
Whenever a container is connected to a network, an IP address is assigned from the pool of IP allocated to the network. This is useful for the Docker daemon to connect and act as DHCP server for the each container.
Whenever a container starts it can only be connected to a single network. But we can connect a running container to multiple networks using docker network connect command. In this case you can use --ip and --ip6 flags to specify the container's IP address on the additional network.
Like IP whenever a container is created the it is assigned with a hostname. Container's ID is used as default hostname. To provide custom hostname use --hostname flag. And same as IP address whenever we connecting our container to a existing container we can use --alias flag to provide an alias for the container in that network.
If this confuses and goes above your head. Just keep in mind that docker containers are just like your host system and contains all kind configurations for networking.
Don't worry if everything is going above your head. In next post we will do simple demo of docker networking and will get our hands dirty.