On Day 9, Day 10 and Day 11 I discussed Docker Networking, let go one level down and dig deeper into it.
What is Container Networking Model(CNM) and Libnetwork?
- The CNM is an open-source container networking specification that contributed to the community by Docker Inc.
- Docker’s libnetwork is a library that provides an implementation for CNM.
- However, third-party plugins can be used to replace the built-in Docker driver.
- Libnetwork is cross-platform and open-source.
- CNM has interfaces for both IPAM plugins and network plugin. The IPAM plugin APIs can be used to create/delete address pools and allocate/deallocate container IP addresses. The network plugin APIs are used to create/delete networks and add/remove containers from networks.
Docker Networking on Linux
- Docker networking uses the Linux Kernel extensive networking capabilities(eg: TCP/IP stack, VXLAN, DNS)
- Docker networking utilizes many Linux Kernel networking features(network namespaces, bridges, iptables, veth pairs…)
- Linux Bridges: L2 virtual switches implemented in the kernel
- Network namespaces: Used for isolating container network stacks
- veth pairs: Connecting containers to container networks
- iptables: Used for port mapping, load balancing, network isolation
Docker Overlay Driver
- The
overlaynetwork driver creates a distributed network among multiple Docker daemon hosts. This network sits on top of (overlays) the host-specific networks, allowing containers connected to it (including swarm service containers) to communicate securely. Docker transparently handles routing of each packet to and from the correct Docker daemon host and the correct destination container.
How does it works?
- The overlay driver uses VXLAN technology to build the network
- A VXLAN tunnel is created through the underlay network(s)
Network Troubleshooting
- The first step in any troubleshooting is to check the container logs
docker container logs <container id>- If you want to check docker daemon logs
sudo journalctl -u docker- Let discuss one handy tool called netshoot
- Docker network troubleshooting can become complex. With a proper understanding of how Docker networking works and the right set of tools, you can troubleshoot and resolve these networking issues. The
netshootcontainer has a set of powerful networking troubleshooting tools that can be used to troubleshoot Docker networking issues. - If you’re having networking issues with your application’s container, you can launch
netshootwith that container’s network namespace. netshootincludes a set of powerful tools
apache2-utils
bash
bind-tools
bird
bridge-utils
busybox-extras
calicoctl
conntrack-tools
ctop
curl
dhcping
drill
ethtool
file
fping
iftop
iperf
iproute2
ipset- To illustrate that let’s take a simple example
- Let create a custom bridge network
$ docker network create my-custom-net
b56567c0609dda35f8312c08b6c974875217447e6d3618ea9d63256e3013d2cf- Run and attach a container to this network
$ docker container run -dt --name my-nginx --network my-custom-net -p 80:80 nginx
0564f1f854c004911ea42edd0d7492a8c5f32cafba72993022ec99d36e0c8c33- Let say we are facing some issue in connecting to the nginx container, now to check that
docker container run --rm --network my-custom-net nicolaka/netshoot curl my-nginx:80
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
100 612 100 612 0 0 76500 0 --:--:-- --:--:-- --:--:-- 87428- One of the most powerful features of netshoot, if you’re having networking issues with your application’s container, you can launch
netshootwith that container’s network namespace like this :
$ docker run -it --net container:<container_name> nicolaka/netshoot
- The case we have discussed above, we can do it
$ docker container run --rm -it --net container:my-nginx nicolaka/netshoot curl localhost:80
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>For more info
https://github.com/nicolaka/netshoot
Please follow me with my Journey
- Website:https://100daysofdevops.com/
- Twitter:@100daysofdevops OR @lakhera2015
- Facebook:https://www.facebook.com/groups/795382630808645/
- Medium:https://medium.com/@devopslearning
- GitHub:https://github.com/100daysofdevops/21_Days_of_Docker
This time to make learning more interactive, I am adding
- Slack
- Meetup
Please feel free to join this group.
Slack:
Meetup Group
If you are in the bay area, please join this meetup group https://www.meetup.com/100daysofdevops/