Containers Networking

calendar Apr 16, 2024 · 2 min read · containers  ·
Share on: linkedin copy

Container Networking Basics

(based on the introduction here)

  • Containers have networking enabled by default, and they can make outgoing connections.
  • A container has no information about what kind of network it's attached to, or whether their peers are also Docker workloads or not.
  • A container only sees a network interface with an IP address, a gateway, a routing table, DNS services, and other networking details.

Container Networking Interfaces

  • You can list all of docker networks with the following command:
1$> docker network ls
2NETWORK ID     NAME      DRIVER    SCOPE
3bd77d58052f4   bridge    bridge    local
420a101c6cbd8   host      host      local
5d3218355d670   none      null      local
6$>
  • When you are creating a docker bridge network (there is one by default), you are creating a linux bridge, that you can see if you list interfaces:
1$> ip link show type bridge
23: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
3    link/ether 02:42:52:a4:1d:d9 brd ff:ff:ff:ff:ff:ff
4$>
  • This bridge connects to containers via veth interfaces:
1> ip link show type veth
2
35: veth7a1f9a7@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default 
4    link/ether 12:f6:ea:52:a1:74 brd ff:ff:ff:ff:ff:ff link-netnsid 0
57: veth86fdb6f@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default 
6    link/ether a2:38:d3:4e:f5:ae brd ff:ff:ff:ff:ff:ff link-netnsid 1
7$>
  • Inside the container, each veth is connected to a local interface:
 1$> docker exec -it alpine1 ip address show
 21: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
 3    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 4    inet 127.0.0.1/8 scope host lo
 5       valid_lft forever preferred_lft forever
 6    inet6 ::1/128 scope host 
 7       valid_lft forever preferred_lft forever
 84: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP 
 9    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
10    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
11       valid_lft forever preferred_lft forever
12    inet6 fe80::42:acff:fe11:2/64 scope link 
13       valid_lft forever preferred_lft forever
14$>
  • This is how it would look:
    docker bridge networking