Networking allows containers to communicate with each other, and the host system.
Suppose we have, 2 Docker containers on the host systembackend
and frontend
and they want to connect, and they need to surely interact with the host system.
To manage and establish the connection between the participants, we need docker networking
We have two 2 questions
How Docker container will take to host
How container will have a 1:1 chat
How a container can talk to the host OS?
Whenever you create a container, Docker creates a virtual eth (docker0).
Without this, Docker cannot talk to the host. This is called Bridge Networking, which is the default in Docker.
Similar to bridge networks, we have different types of networks, which we will see soon.
Till then,
You can check the networks with
docker network ls
We have two types of network bridge network and host network
Bridge Network
- As explained above, the bridge act as an interface between the docker conatiner and host OS.
Host Networking
Containers will directly use the network of the host. This is not preferred
here, when you create a container, docker will directly bind your container with the ip address(eth0) of the host.
- This is very useful when you have multiple hosts.
- Macvlan networking in Docker enables containers to have their own unique MAC addresses and appear as separate physical devices on the network.
Containers inside the same bridge network will share the same network subnet. so, there will be a direct connection between both In our case, container 1 and container 2 can directly talk with each other.
Till now, we have discussed different types of different networks,
but we have an underlying issue.
suppose, that when we have two Docker containers that are connected using the bridge network, they will have to share the docker0 bridge
, which becomes the common path between both the container and host.
This will make the containers not secure,
For example, we have 3 containers: backend
, frontend
, and payment
.
Here, the backend and front end can be kept in one network, but the payment
must be in another network to maintain anonymity.
How do you achieve logical isolation?
This can be achieved using the bridge
networking itself.
Docker allows you to create custom bridge networks.
So, in our scenario, one container can talk to the host with Veth or Docker 0, and the other container will talk using the custom bridge network.
As you can see in the diagram, there is no connection between payment and the frontend and backend; therefore, payment is secure.
DEMO
Inspect Container
docker inspect container_name # Inspect container
List Networks
docker network ls
Create new network
docker network create new_name # new bridge netwok will be created
Attach new network to container
docker run -d --network=new_name --name payment_container payment # attachh new_network to the container
However, you can at any point in time, attach the container to the bridge network and enable communication
docker network connect bridge web
Container with the host network
docker run -d --name demo-host --network=host image
Remove network
docker network rm test
There are many things to learn about docker network, more about hosts,overlay, etc., but for a beginner's experience, this much is sufficient.
If the article helps you, leave a like, follow, or anything ๐.
You can follow me on LinkedIn, GitHub, Dev.to and hashnode.
Bye