Networking with standalone containers (original) (raw)

This series of tutorials deals with networking for standalone Docker containers. For networking with swarm services, seeNetworking with swarm services. If you need to learn more about Docker networking in general, see theoverview.

This topic includes two different tutorials. You can run each of them on Linux, Windows, or a Mac, but for the last one, you need a second Docker host running elsewhere.

• Use the default bridge network demonstrates how to use the default bridge network that Docker sets up for you automatically. This network is not the best choice for production systems.
• Use user-defined bridge networks shows how to create and use your own custom bridge networks, to connect containers running on the same Docker host. This is recommended for standalone containers running in production.

Althoughoverlay networks are generally used for swarm services, you can also use an overlay network for standalone containers. That's covered as part of thetutorial on using overlay networks.

In this example, you start two different alpine containers on the same Docker host and do some tests to understand how they communicate with each other. You need to have Docker installed and running.

1. Open a terminal window. List current networks before you do anything else. Here's what you should see if you've never added a network or initialized a swarm on this Docker daemon. You may see different networks, but you should at least see these (the network IDs will be different):
   The default bridge network is listed, along with host and none. The latter two are not fully-fledged networks, but are used to start a container connected directly to the Docker daemon host's networking stack, or to start a container with no network devices. This tutorial will connect two containers to the bridge network.
2. Start two alpine containers running ash, which is Alpine's default shell rather than bash. The -dit flags mean to start the container detached (in the background), interactive (with the ability to type into it), and with a TTY (so you can see the input and output). Since you are starting it detached, you won't be connected to the container right away. Instead, the container's ID will be printed. Because you have not specified any--network flags, the containers connect to the default bridge network.
   Check that both containers are actually started:
3. Inspect the bridge network to see what containers are connected to it.
   Near the top, information about the bridge network is listed, including the IP address of the gateway between the Docker host and the bridgenetwork (172.17.0.1). Under the Containers key, each connected container is listed, along with information about its IP address (172.17.0.2 foralpine1 and 172.17.0.3 for alpine2).
4. The containers are running in the background. Use the docker attachcommand to connect to alpine1.
   The prompt changes to # to indicate that you are the root user within the container. Use the ip addr show command to show the network interfaces for alpine1 as they look from within the container:
   The first interface is the loopback device. Ignore it for now. Notice that the second interface has the IP address 172.17.0.2, which is the same address shown for alpine1 in the previous step.
5. From within alpine1, make sure you can connect to the internet by pinging google.com. The -c 2 flag limits the command to two pingattempts.
6. Now try to ping the second container. First, ping it by its IP address,172.17.0.3:
   This succeeds. Next, try pinging the alpine2 container by container name. This will fail.
7. Detach from alpine1 without stopping it by using the detach sequence,CTRL + p CTRL + q (hold down CTRL and type p followed by q). If you wish, attach to alpine2 and repeat steps 4, 5, and 6 there, substituting alpine1 for alpine2.
8. Stop and remove both containers.

Remember, the default bridge network is not recommended for production. To learn about user-defined bridge networks, continue to thenext tutorial.

In this example, we again start two alpine containers, but attach them to a user-defined network called alpine-net which we have already created. These containers are not connected to the default bridge network at all. We then start a third alpine container which is connected to the bridge network but not connected to alpine-net, and a fourth alpine container which is connected to both networks.

1. Create the alpine-net network. You do not need the --driver bridge flag since it's the default, but this example shows how to specify it.
2. List Docker's networks:
   Inspect the alpine-net network. This shows you its IP address and the fact that no containers are connected to it:
   Notice that this network's gateway is 172.18.0.1, as opposed to the default bridge network, whose gateway is 172.17.0.1. The exact IP address may be different on your system.
3. Create your four containers. Notice the --network flags. You can only connect to one network during the docker run command, so you need to usedocker network connect afterward to connect alpine4 to the bridgenetwork as well.
   Verify that all containers are running:
4. Inspect the bridge network and the alpine-net network again:
   Containers alpine3 and alpine4 are connected to the bridge network.
   Containers alpine1, alpine2, and alpine4 are connected to thealpine-net network.
5. On user-defined networks like alpine-net, containers can not only communicate by IP address, but can also resolve a container name to an IP address. This capability is called automatic service discovery. Let's connect to alpine1 and test this out. alpine1 should be able to resolvealpine2 and alpine4 (and alpine1, itself) to IP addresses.

   Note

   Automatic service discovery can only resolve custom container names, not default automatically generated container names,

6. From alpine1, you should not be able to connect to alpine3 at all, since it is not on the alpine-net network.
   Not only that, but you can't connect to alpine3 from alpine1 by its IP address either. Look back at the docker network inspect output for thebridge network and find alpine3's IP address: 172.17.0.2 Try to ping it.
   Detach from alpine1 using detach sequence,CTRL + p CTRL + q (hold down CTRL and type p followed by q).
7. Remember that alpine4 is connected to both the default bridge network and alpine-net. It should be able to reach all of the other containers. However, you will need to address alpine3 by its IP address. Attach to it and run the tests.
8. As a final test, make sure your containers can all connect to the internet by pinging google.com. You are already attached to alpine4 so start by trying from there. Next, detach from alpine4 and connect to alpine3(which is only attached to the bridge network) and try again. Finally, connect to alpine1 (which is only connected to the alpine-net network) and try again.
9. Stop and remove all containers and the alpine-net network.

• Host networking tutorial
• Overlay networking tutorial
• Macvlan networking tutorial