21 Days of Docker-Day 9- Docker Networking – Part 1

This is one of the most common question

  • The Docker Engine default bridge network is conflicting with our internal network hosts access. How do I configure the default bridge (docker0) network for Docker Engine to a different subnet?
  • You can configure the default bridge network by providing the bip option along with the desired subnet in the daemon.json (default location at /etc/docker/daemon.json on Linux) file as follows:
{
  "bip": "172.20.0.1/16"
}
  • Then restart the docker daemon (sudo systemctl restart docker on systemd based Linux operating systems)

Let’s dig deeper into networking

  • Docker networking subsystem is pluggable with the help of drivers and there are several drivers available by default which provides core networking functionality
* bridge(default)
* host
* overlay
* macvlan 
* none
* Network Plugins
  • If you are using a docker community edition, by default you have bridge, host and none driver.
# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
d406e0c8c10f        bridge              bridge              local
4f11e6932b02        host                host                local
e45452374cfa        none                null                local
  • In case if you are using Docker Enterprise Edition you will get an overlay driver or in case if you are using Swarm.
  • Let’s try to spin few more containers using default bridge driver
$ docker container run -dt centos:7 bash
84e5cf877fcc1cb80d8cd0f44428b162e248fd1b6496f6da0f68041fcdedabc4

$ docker container run -dt centos:7 bash
b94ecea90fa8e9c159c700d244efe2600749ac2078730f348b79233e004fd1d2

Once you have one or more containers up and running, you can confirm that Docker has properly connected them to the docker0 bridge by running the brctl command on the host machine and looking at the interfaces column of the output. This example shows a docker0 bridge with two containers connected

$ brctl show
bridge name	bridge id		STP enabled	interfaces
docker0		8000.0242d6df2360	no		veth4ab97ab
							vetha5382aa
							vethd7b2787

If the brctl command is not installed on your Docker host, then on Centos you should be able to run

sudo yum -y install bridge-utils

OR

  • Using docker network inspect and check the container section
$ docker inspect bridge
[
    {
        "Name": "bridge",
        "Id": "f5c120ec2b2d3838e797fe3d5ed3e7234e5aa35567ac0a12ba912b2b9acb4db1",
        "Created": "2019-10-15T15:02:40.83080346Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "51cf7e39240929c8748ba7d2f82424b6e79c18cd9a966fe6242fcf90fba73fc6": {
                "Name": "centosserv",
                "EndpointID": "8586b322c1f4e818590ab55a381d9a3d10d7588b6e24edfc31d0c589a6560187",
                "MacAddress": "02:42:ac:11:00:02",
                "IPv4Address": "172.17.0.2/16", <---
                "IPv6Address": ""
            },
            "84e5cf877fcc1cb80d8cd0f44428b162e248fd1b6496f6da0f68041fcdedabc4": {
                "Name": "inspiring_yonath",
                "EndpointID": "19ef803804db2723ab359bc523e42db1e8ec5cadb7700abb76b46c6838ba79ec",
                "MacAddress": "02:42:ac:11:00:03",
                "IPv4Address": "172.17.0.3/16", <---
                "IPv6Address": ""
            },
            "b94ecea90fa8e9c159c700d244efe2600749ac2078730f348b79233e004fd1d2": {
                "Name": "tender_hoover",
                "EndpointID": "e51039554e6777db7ae407e242e739e73593b112ae3a4f2656cebe32db5809b4",
                "MacAddress": "02:42:ac:11:00:04",
                "IPv4Address": "172.17.0.4/16", <---
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]

To check the Network Driver currently available

$ docker info |grep Network
  Network: bridge host ipvlan macvlan null overlay

I think this is a good place to stop for Day9, tomorrow I am going to discuss about other networking drivers comes with Docker.

Please follow me with my Journey

This time to make learning more interactive, I am adding

  • Slack
  • Meetup

Please feel free to join this group.

Slack: 

https://100daysofdevops.slack.com/join/shared_invite/enQtNzg1MjUzMzQzMzgxLWM4Yjk0ZWJiMjY4ZWE3ODBjZjgyYTllZmUxNzFkNTgxZjQ4NDlmZjkzODAwNDczOTYwOTM2MzlhZDNkM2FkMDA

Meetup Group

If you are in the bay area, please join this meetup group https://www.meetup.com/100daysofdevops/