Docker Network Operations

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

Internal

Overview

List Networks

docker network ls

Get Detailed Information about a Network

docker network inspect <network-name>

The containers listed in the "Containers" list are connected (plugged into) to the network.

[
    {
        "Name": "bridge",
        "Id": "3c9a92ee1a7d1d4208e7f924343b85d1af9152ea3d02634c48007d27103f9d36",
        "Created": "2018-04-30T20:12:12.943677437-07:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "4e5c55294dcc0b4274c73639268c2a570c1e0cae0819ea2fbe21f58d7fdbeba5": {
                "Name": "alpine1",
                "EndpointID": "779600189ed5197e2ab2fb081f0e5d71d4348bc9af096c8ee77b83c7500afef3",
                "MacAddress": "02:42:ac:11:00:02",
                "IPv4Address": "172.17.0.2/16",
                "IPv6Address": ""
            },
            "e3092a676f3d9ace791fd7ebb297b71950f1bbd3abe0383f6c7ad78d1fd76523": {
                "Name": "alpine2",
                "EndpointID": "f060429bfcaf8b2af04f071d88cd886b2a4e352a032ac9e2b2c98f40fb0dc759",
                "MacAddress": "02:42:ac:11:00:03",
                "IPv4Address": "172.17.0.3/16",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]

Create a New User-Defined Bridge Network

https://docs.docker.com/engine/reference/commandline/network_create/#specify-advanced-options

Command creates a user-defined bridge network:

docker network create \
   [--driver=bridge] \
   [--subnet=172.29.0.0/16] \
   [--ip-range=172.28.5.0/24 ] \
   [--gateway=172.29.5.253] \
 <user-defined-bridge-network-name>

Example:

docker network create --driver=bridge green
docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
...
663b4388fb68        green               bridge              local

Remove a User-Defined Bridge Network

docker network rm <user-defined-bridge-network-name>

Note that containers need to be disconnected first from the network being removed.

Connect a Container to a Network

At Container Creation Phase

When a container is created with docker create, one more more --network flags can be specified. Docker will use this information to connect the container to the specified network(s).

 docker create --name <container-name> \
   --network <network-name> \
   --publish <host-port>:<container-port> \
 ...

=By 'docker run' Command

docker run ... --network <network-name> ...

When the Container is Running

The container can be connected dynamically to a network while it is running:

docker network connect <network-name> <container-name>

Disconnect a Container from a Network

docker network disconnect <network-name> <container-name>

Enable IP Forwarding from Containers on the Default Bridge

By default, IP forwarding from containers connected to the default bridge is not enabled. To enabled it:

1. Configure the Linux kernel on the Docker host to allow forwarding.

2. Change the iptables FORWARD policy from DROP to ACCEPT:

sudo iptables -P FORWARD ACCEPT

These settings do not persist across a reboot, so in order to survive, they need to be added to a script.