Docker Networking Basics

Docker overview:

Docker is an open source project to pack, ship and run any application as a lightweight container. The idea is to provide a comprehensive abstraction layer that allows developers to containerize or package any application and have it run on any infrastructure.

Docker leverages LXC (Linux Containers), which encompasses Linux features like cgroups and namespaces for strong process isolation and resource control.

Terminologies:

IP: An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication

Virtual IP: A virtual IP address (VIP or VIPA) is an IP address that doesn’t correspond to an actual physical network interface (port). Uses for VIPs include Network Address Translation (especially, One-to-many NAT), fault-tolerance, and mobility.
Bridge: A bridge device filters traffic at a network boundary. It works at data link layer and decides whether packets should forward or discard.
LXC: LXC (Linux Containers) is an operating-system-level virtualization environment for running multiple isolated Linux systems (containers) on a single Linux control host.
Namespaces: A namespace wraps a global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource.
Cgroups: control groups is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network, etc.) of a collection of processes.
Docker Networking
When Docker starts, it creates a virtual interface named docker0 on the host machine. It randomly chooses an address and subnet from the private range defined by RFC 1918 that are not in use on the host machine, and assigns it to docker0. This subnet is usually /16 and is shared between all containers on the Docker host. docker0 is a bit more than a virtual interface – it is a virtual Ethernet bridge which is created in software inside the kernel of Docker host.
Docker0 is virtual Ethernet bridge that automatically forwards packets between any other network interfaces that are attached to it. This will make containers communicate with host as well as with each other.
Every time Docker creates a container, it creates a pair of “peer” interfaces that are like opposite ends of a pipe — a packet sent on one will be received on the other. It gives one of the peers to the container to become its eth0 interface and keeps the other peer, with a unique name like veth7d399CB, out in the namespace of the host machine. By binding every veth*interface to the docker0 bridge, Docker creates a virtual subnet shared between the host machine and every Docker container.
Start docker container:
[root@centos6-local ~]# docker run -i -t ubuntu /bin/bash
IP address on container:
root@899ba2b2a2c7:/# ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:0a:00:00:03
          inet addr:10.0.0.3  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:aff:fe00:3/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:328 (328.0 B)  TX bytes:238 (238.0 B)
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
IP address on host:
[root@centos6-local ~]# ifconfig
docker0   Link encap:Ethernet  HWaddr 52:7A:56:20:E0:02
          inet addr:10.0.42.1  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::5ccb:a0ff:fe08:2f30/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:972 (972.0 b)  TX bytes:1057 (1.0 KiB)
eth0      Link encap:Ethernet  HWaddr 08:00:27:DB:1A:7C
          inet addr:172.17.101.125  Bcast:172.17.101.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fedb:1a7c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:188801 errors:0 dropped:0 overruns:0 frame:0
          TX packets:33009 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:19832749 (18.9 MiB)  TX bytes:3419967 (3.2 MiB)
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:480 (480.0 b)  TX bytes:480 (480.0 b)
veth7d399cb Link encap:Ethernet  HWaddr 52:7A:56:20:E0:02
          inet6 addr: fe80::507a:56ff:fe20:e002/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:13 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1002 (1002.0 b)  TX bytes:1057 (1.0 KiB)
virbr0    Link encap:Ethernet  HWaddr 52:54:00:0C:3B:0D
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
Notice that all container’s eth0 interface IP address is within the bridge’s range of network addresses and the gateway is docker0 bridge’s IP address. Also note the veth interfaces bound to docker0 bridge.
[root@centos6-local ~]# brctl show
bridge name     bridge id               STP enabled     interfaces
docker0         8000.527a5620e002       no              veth7d399cb
To know more email: marketing@calsoftinc.com
 
Share:

Related Posts

IoT in 2025: Transforming Businesses with Smart Connected Solutions

The Internet of Things (IoT) is no longer a futuristic concept—it’s a present-day reality reshaping industries and redefining how businesses operate. By 2025, IoT will have evolved…

Share:
Top Technology Trends 2025

Top Technology Trends to Watch Out for in 2025: A Calsoft Perspective

In 2024, we have seen Gen AI taking center stage, redefining the technology and industry landscape as we know it. Stepping into 2025, the technology landscape is…

Share:

6 Key Steps and Best Practices in Data Quality Management

Data is one of an organization’s most valuable assets. But what happens when that data isn’t trustworthy or accessible across teams? Most companies must deal with unreliable,…

Share:
Empowering Women at Calsoft: Shaping the Future Together

Empowering Women at Calsoft – Shaping the Future Together

At Calsoft, we believe that empowering women isn’t just about building a diverse workplace—it’s about creating a vibrant community that drives innovation and makes a lasting impact…

Share:
Potential of Multi-Cloud Strategy in Telco Digital Transformation

Potential of Multi-Cloud Strategy in Telco Digital Transformation

Recently, the telecom industry has been undergoing a digital transformation with the adoption of new technologies that transforms the way telcos operate. One such key technology which…

Share:
Gen AI Trends 2025

Top Generative AI Trends Shaping 2025

Modernization of industries began with the Industrial Revolution in the early 19th Century with the use of machines, and it has continued with the digitization of devices…

Share: