Docker Networking Concepts: Difference between revisions
(→none) |
(→none) |
||
Line 53: | Line 53: | ||
==none== | ==none== | ||
{{https://docs.docker.com/network/none/}} | {{External|https://docs.docker.com/network/none/}} | ||
Container networking can be disabled altogether. | Container networking can be disabled altogether. |
Revision as of 19:09, 25 April 2018
External
- https://docs.docker.com/engine/userguide/networking/
- https://stackoverflow.com/questions/24319662/from-inside-of-a-docker-container-how-do-i-connect-to-the-localhost-of-the-mach
Internal
TODO
- https://docs.docker.com/network/bridge/
- https://docs.docker.com/network/host/
- https://docs.docker.com/network/overlay/
- https://docs.docker.com/network/macvlan/
- https://docs.docker.com/network/none/
- https://docs.docker.com/network/iptables/
Overview
Docker's networking subsystem uses drivers. Docker comes with several drivers, and others can be developed and deployed. The drivers available by default are described below:
Network Drivers
bridge
This is the default network driver. This configuration is appropriate when multiple containers need to communicate on the same Docker host.
host
This network driver removes network isolation between the container and the Docker host, and it uses the host's networking directly. This use case is appropriate when the container's network stack should not be isolated from the Docker host, but other aspects of the containers should be isolated.
overlay
Overlay networks connect multiple Docker daemons together.
macvlan
The macvlan driver allows assigning a MAC address to a container, making it appear as a physical device on the network. The Docker daemon routes traffic to containers by their MAC addresses.
none
Container networking can be disabled altogether.
Docker Server Networking
Container Networking
A Docker container behaves like a host on a private network. Each container has its own virtual network stack, Ethernet interface and its own IP address. All containers managed by the same server are connected via bridge interfaces to a default virtual network and can talk to each other directly. Logically, they behave like physical machines connected through a common Ethernet switch. In order to get to the host and the outside world, the traffic from the containers goes over an interface called docker0: the Docker server acts as a virtual bridge for outbound traffic. The Docker server also allows containers to "bind" to ports on the host, so outside traffic can reach them: the traffic passes over a proxy that is part of the Docker server before getting to containers.
The default mode can be changed, for example --net configures the server to allow containers to use the host's own network device and address.
Also see: