This is the part 1 of a number of blog posts about Docker networking.

I’ll be updating this post with the links of the other parts as soon as I publish them.

Networking is probably one of the most challenging skills you will confront in your Docker learning path. I tried to make my explanations simple while giving practical examples, like I already did in Painless Docker Course.

Single Host Vs Multi Host Networking

There two different ways of doing networking in Docker:

  • Networking in a single host
  • Networking in a cluster of two ore more hosts
source pexels.com

Single Host Networking

By default, any Docker container or host will get an IP address that will give it the possibility to communicate with other containers in the same host or with the host machine.

It is possible — as we are going to see — that a Docker container finds another container by its name, since the IP address could be assigned dynamically at the container start up, a name is more efficient to find a running container.

Containers in a single host, could also communicate and reach the outside world.

Create a simple container:

docker run -it -d  --name my_container  busybox

And test if you can ping Google:

docker exec -it my_container ping -w3 google.com
PING google.com (216.58.204.142): 56 data bytes 64 bytes from 216.58.204.142: seq=1 ttl=48 time=2.811 ms
--- google.com ping statistics --- 
3 packets transmitted, 1 packets received, 66% packet loss round-trip min/avg/max = 2.811/2.811/2.811 ms

Now if you inspect the container using docker inspect my_container you will be able to see its network configuration and its IP address:

"NetworkSettings": {
            "Bridge": "",
            "SandboxID": "555a60eaffdb4b740f7b869bac61859ecca1e39be95ee5856ca28019509e4255",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {},
            "SandboxKey": "/var/run/docker/netns/555a60eaffdb",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "20b1b218462e6771155de75788f53b731bbff12019d977aefa7094f57275887d",
            "Gateway": "172.17.0.1",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.2",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:11:00:02",
            "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "2094b393faacbb1cc049f1f136437b1cce6fc41abc304cf2c1ae558a62c5ee2e",
                    "EndpointID": "20b1b218462e6771155de75788f53b731bbff12019d977aefa7094f57275887d",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:02"
                }
            }
        }

my_container has the IP address 172.17.0.2 that the host could reach:

ping -w1 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data. 
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.050 ms 
64 bytes from 172.17.0.2: icmp_seq=2 ttl=64 time=0.045 ms
--- 172.17.0.2 ping statistics --- 
2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.045/0.047/0.050/0.007 ms

If you run a web server, your users must reach the port 80 (or 443) of your server, in this case an nginx container, for example, should be reached at its port 80 (or 443) and it is done through port forwarding that connects it to the host machine and then an external network (Internet in our case).

Let’s create the web server container, forward the port host port 8080 to the container port 80 and test how it responds:

docker run -d -p 8080:80 --name my_web_server nginx

Ngninx should reply if your port 8080 is not used by other applications:

curl http://0.0.0.0:8080
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>

In a single host, containers are able to see each other, to see the external world (if they are not running in isolated networks) and they can receive traffic from an external network.


What’s Next

This was an introduction to single host networking. In the next blog post, I’ll tell you more about the multi host networking. Subscribe to DevOpsLinks and you’ll get all of the coming updates and new articles.

Connect Deeper

This blog post is inspired from my course Painless Docker.

If you liked this article or want to discover similar tutorials, you will enjoy reading Painless Docker course.

You can also sign up to DevOpsLinks, a DevOps professional network and our DevOps Discussion Board where you can ask and answer DevOps related questions !

We also started Shipped Newsletter: An Independent Newsletter Focused On Containers & Orchestration.

Happy hacking 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *