Management of Docker Containers Network
By default, Docker creates a bridge network for each container. While this can work for simple applications, it can quickly become unmanageable for complex applications. To manage Docker container networks effectively, it’s best to create custom networks. Custom networks allow you to isolate your containers and control their communication. You can also define the IP address range and subnet for your custom networks.
we have multiple implementations of container network model (CNM) for both local and global scope, eg. Bridge, Macvlan, Overlay, Virtual Extensible LAN (VXLan) or other Network Plugin. Here collect some common commands to manage docker network.
bridge
docker network ls
docker network inspect bridge
[
{
"Name": "bridge",
"Id": "3c95bc2a2477f0b36d9bd9f932a3809876d68423546c8f393b48e75ccfbfc236",
"Created": "2021-09-24T16:16:58.135121591Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
tangle docker bridge network
## create
docker network create --driver bridge sample-net
docker network inspect sample-net | grep Subnet
docker network create --driver bridge --subnet "10.1.0.0/16" test-net
docker network ls
NETWORK ID NAME DRIVER SCOPE
3c95bc2a2477 bridge bridge local
7169b9c2108d host host local
b550e8d7e9df none null local
d68a81e0b468 sample-net bridge local
12732e64089b test-net bridge local
create c1, c2 and put them into bridge network
docker container run --name c1 -it --rm alpine:latest /bin/sh
# ip addr show eth0
# ip route
docker container inspect c1
docker container run --name c2 -d alpine:latest ping 127.0.0.1
docker container inspect --format "{{.NetworkSettings.IPAddress}}" c2
docker network inspect bridge
## could see c1 c2 in bridge
create c3, c4 and put them into test-net
docker container run --name c3 -d --network test-net \
alpine:latest ping 127.0.0.1
docker container run --name c4 -d --network test-net \
alpine:latest ping 127.0.0.1
docker network inspect test-net
## could see c3 c4 in test-net
docker container exec -it c3 /bin/sh
### could ping c4
# ping c4
### but cannot ping c2, neither ip nor hostname
# ping c2
# ping 172.17.0.3
create c5 attached test-net and smaple-net
docker container run --name c5 -d \
--network sample-net \
--network test-net \
alpine:latest ping 127.0.0.1
clean up
docker container rm -f $(docker container ls -aq)
docker network rm sample-net
docker network rm test-net
## or
docker network prune --force
host
docker container run --rm -it --network host alpine:latest /bin/sh
### could see host ip in container
# ip addr show eth0
run container in existing network
docker network create --driver bridge test-net
docker container run --name web -d \
--network test-net nginx:alpine
## create a new container and put in the same network as web
docker container run -it --rm --network container:web \
alpine:latest /bin/sh
# curl localhost
## clean up
docker container rm --force web
docker network rm test-net
manage ports
## -P means let Docker decide which host port shall be mapped to
docker container run --name web -P -d nginx:alpine
docker container port web
docker container inspect web | grep HostPort
## user define port mapping
docker container run --name web2 -p 8910:80 -d nginx:alpine