By default docker puts everything in a bridge network, it shows up in interfaces as docker0
- containers are able to communicate with each other, but other with IP address, not names
docker network command
docker network ls to check available and type of networks
prunedelete all networks that no containers are usingrmdelete a network (if it’s not in use), there is no way to force delete
Connect
docker network connect <network_name> <ct_name>disconnectwill disconnect the container
Inspect
docker network inspect <container_name> | jq .[].Containerswill list all containers attached to the networkIPAMnetwork subnetsNameDriverthe type of networking (Bridge, Host, null)
Create
docker network create <name> -d DRIVER
-dspecify the driver, default is bridge
Additional Options such assubnet,gateway,ip-rangecan be used in IP/MacVLAN
Bridge Networks
Each bridge network will create a virtual interface that is available in ip -o -br link, when a network is removed, the interface will also be removed.
Default Bridge
docker0is the main interface for the default docker bridge network, it’s like a network switch- for each containers in the default interface, a new virtual interface is created that is bridged to
docker0, the virtual interface starts withveth - containers can communicated with each other via IP but not names
User-Defined Bridge
- these bridges are created by the user and the interface name start with a
br- - when there are no containers connected into that network, the br-interface will appear
DOWNand it will beUPonce containers connect - it is separated from host and other networks (unless port mapped), but can communicate within the network via names
docker network create my-network # will error if network already exists
docker run --name some_container --network my-network imageTo use custom networking in docker-compose, refer to docker-compose
Advanced Network
By default a bridge network is created with a /16 CIDR in 172.x.y.y where x is the number assigned when creating the network and y is any number the container can have
--ipis used to specify a custom IP address of a container- this is only possible with user-defined subnet and gateway
--subnetand--gateway
Host Networks
Host is also a default network.
docker run --name some_container --network host imagenetwork_mode: 'host'- use
--network hostwhen running it or in compose to run host network - the IP address of the container will be the same as the host machine
- container will have access to all the host network ports and resources
IP/MacVLAN
The difference between IPVLAN vs MACVLAN is that
- IPVLAN - the virtual interface gets the same MAC address as the host
- useful in the case where a switch refuse traffic if a port/interface has 2 MAC addresses
- MACVLAN - the MAC address will be different for each networks and the host
docker network create -d macvlan/ipvlan \
--subnet 10.10.120.0/24 \ # the subnet of the server
--gateway 10.10.120.1 \ # gateway, or IP addr of home router
-o parent=enp2s0 \ # the physical interface on the computerWhen creating the container, it is also possible to assign custom IP address, the address has to be outside of DHCP range
docker run --name name --network macvlan --ip 10.10.120.201 image- in MAC/IPVLAN, if IP address is not specified, Docker will hand out IP address and ignore DHCP of the normal home network
ip_rangeis used to specify IP addresses, it has to be a CIDR notation (only one CIDR is allowed)
It is also possible to have802.1qorVLAN Trunkingin MacVLAN (Advanced)
L2/L3 IPVLAN
- L2 is the default mode for created network
In L2 another options is needed
-o parent=enp2s0 -o ipvlan_mode=l3- turns the host into a router
None
Does not have access to any other container or the host or the internet.
network=none