Idea by |  05 Mar 2020 |    LEAVE A COMMENT   

Docker Networking

What is a Docker Container?

Containers are generally considered as an executable software unit in which application code is packaged, with all its dependencies to run applications rapidly anywhere, whether it be on desktop, traditional IT, or the cloud. Containers are a streamlined way to build, test, deploy, and redeploy applications in multiple computing environments. A Docker container image is a standalone and executable kind of package of software that includes code, settings, runtime, system tools, system libraries and everything that can be required to run an application.

Core features of Docker containers are the following:

Today we are going to look at the Containers Networking Model. The Network Connectivity Options for Containers are the following:

The container is merely a process in a host running a container runtime (like Docker) and living in its own controlled namespace that shares the kernel of that host. It does not rely on any hardware emulation. Contrary to the process virtual machines work, there will be no connection between containers and emulated hardware like a “virtual network interface card”, instead it will share one or multiple network interfaces or networking spaces of the host where it lives. We can connect the container to the same network interface and namespace that the host used (e.ge. “eth0”), else we can interlink it to a kind of “internal” virtual networking interface of the kernel and then do different things to map between this internal interface and the outside world.

All the different options of “Networking Mode” with their benefits and compromises.

To view docker networks, docker network is:

HOST Mode:

 # docker run –dit –network hostname test alpine

The inside configuration of the container resembles the outside configuration of the container which means it enables a container to connect to your host network.

# docker inspect test

BRIDGE Mode:

In Bridge Mode, a “docker0” virtual ethernet bridge created by Docker daemon that moves the packets between all interfaces attached to it. Inspect this network a little bit more by using the inspect command and specifying the name or ID of the network.

# docker network inspect the bridge

# docker network create -d bridge my-bridge-net

# docker network ls

# docker network inspect mohsin-net

# docker run –dt  – – name test –network mohsin-net alpine

# docker inspect test

NONE Mode:

It provides a container-specific network stack that does not contain a network interface. This container only has a local loopback interface (i.e., no external network interface). 

# docker run -it –network=none –name test ubuntu:14.04 /bin/bash

# docker inspect test | grep “NetworkMode”

# docker inspect test | grep -i ipaddr

Overlay Network

To set up additional layers of network abstraction that is layered on top of a physical network, an overlay network uses software virtualization. An overlay network in docker utilized for multi-host network communication. 

Virtual Extensible LAN (VXLAN) technology is used by this driver that aims to provide portability between cloud, on-premise and virtual environment. Whereas VXLAN extends portability limitations by increasing layer 2 subnets across layer 3 network boundaries, therefore containers can run on foreign IP subnets.

By reading this article you will get ideas about the multiple available options for connecting your dockerized container applications with the network. 

AUTHOR

Mohsin Saeed

Mohsin Saeed Awan - I lead the department of IT, Networks and Security in Zigron Inc. In my role as IT/Networks/Security Lead, I superintend the IT infrastructure, security and network management of Zigron Inc. Moreover, I aim to provide avant-grade security solutions and services to our clients world-wide including i.e. DevOps, DevSecOps, Automation of Infrastructure, Private Cloud, Security Orchestration, Automation and Response and Managed SOC. Some of my core expertise include, Networking, Virtualization, Linux Administration, Windows Administration and Infrastructure and Application Deployment Automation. Prior to Zigron Inc, I supervised IT/Networks department in Protege Global and I got my professional skills tailored in SMEC Oil and Gas Pvt. Ltd as an Assistant IT Lead.

error: Content is protected !!