Skip to content

docker-networking.org

Latest commit

 

History

History
635 lines (575 loc) · 16.5 KB

docker-networking.org

File metadata and controls

635 lines (575 loc) · 16.5 KB

Docker Networking

Basics

-d detached -p port host:docker

docker run -p 80:80 -d httpd
curl http://localhost
docker inspect 708 | jq .[].NetworkSettings.Networks

curl http://172.17.0.2

Networked httpd image

cat << EOF | docker build -t nhttpd -
FROM httpd
RUN apt-get update
RUN apt-get install -y iputils-ping
RUN apt-get install -y inetutils-traceroute
RUN apt-get install -y iproute2
RUN apt-get install -y curl telnet dnsutils vim
EOF

Create container based on nhttpd

docker container ls
docker container run --name s1 -d nhttpd
docker container run --name s2 -d nhttpd
docker container stop s1
docker container stop s2
docker container start s1
docker container start s2

Inspecting network settings of containers

docker inspect fe3 | jq .[].NetworkSettings.Networks
docker inspect 5a5 | jq .[].NetworkSettings.Networks

Inspecting bridge network

docker network ls
docker network inspect bridge

Checking connectivity from inside containers

In emacs ctrl+x ctrl+f /docker:<containerId>

docker exec -it s1 bash
ping goole.com
hostname
hostname -i
ping s1
ping s2

In default bridge network there is no connectivity between containers

Create own network

docker network create backend --subnet 10.0.0.0/24

Add services to network

docker network connect backend s1
docker network connect backend s2
docker container inspect s1 | jq .[].NetworkSettings.Networks
docker container inspect s2 | jq .[].NetworkSettings.Networks

Disconnect services from default bridge network

For disabling public internet need to add –internal flag

docker network disconnect bridge s1
docker network disconnect bridge s2
docker container inspect s1 | jq .[].NetworkSettings.Networks
docker container inspect s2 | jq .[].NetworkSettings.Networks

Create second network

docker network create frontend --subnet 10.0.1.0/24

Change network for s2 service

docker network disconnect backend s2
docker network connect frontend s2

Create a router(gateway)

docker run --name gw --network backend -d nhttpd
docker network connect frontend gw

There is need to restart containers s1 and s2 and add flag –cap-add=NET_ADMIN

docker stop s1
docker stop s2
docker rm s1 s2

Add NET_ADMIN capability

docker run --name s1 --network backend --cap-add=NET_ADMIN -d nhttpd
docker run --name s2 --network frontend --cap-add=NET_ADMIN -d nhttpd
docker container ls

Add routing via gateway(gw container)

hostname
hostname -i
nslookup gw
ip route add 10.0.1.0/24 via 10.0.0.3
hostname
hostname -i
nslookup gw
ip route add 10.0.0.0/24 via 10.0.1.3
ping -c 3 10.0.0.2
curl 10.0.0.2
traceroute 10.0.0.2

ping -c 3 10.0.1.2
curl 10.0.1.2
traceroute 10.0.1.2