Details of the working principle of Docker network

  • 2020-05-27 07:39:54
  • OfStack

How the Docker network works

When Docker server namely docker daemon starts, automatically creates a name is docker0 bridge, whenever docker create a Container, one would have created on the host name is veth * ethernet port, and to bring the eth * to join docker0 bridge, automatically creates a name is in the container eth0 ethernet port, the eth0 and veth * can form a similar pipes for, 11.

Configuration DNS

How docker allocates the hostname and DNS configurations for each container can be seen from the mount command in contain:


/dev/disk/by-uuid/5f3d0920-98a8-434a-9c02-8163dccf6c62 on /etc/resolv.conf type ext4 (rw,relatime,errors=remount-ro,data=ordered)
/dev/disk/by-uuid/5f3d0920-98a8-434a-9c02-8163dccf6c62 on /etc/hostname type ext4 (rw,relatime,errors=remount-ro,data=ordered)
/dev/disk/by-uuid/5f3d0920-98a8-434a-9c02-8163dccf6c62 on /etc/hosts type ext4 (rw,relatime,errors=remount-ro,data=ordered)

docker run -h can be configured to container hostname by -h HOSTNAME or --hostname=HOSTNAME. docker writes HOSTNAME to /etc/hostname

Such as:

xiaogang@Ubuntu:~/shadowsocks$ sudo docker run -t -i --hostname ubuu --rm ubuntu:14.04 /bin/bash

root@ubuu:/# cat /etc/hostname

--link=CONNTAINER_NAMEorID:ALIAS, this option will add an ALIAS in /etc/hosts, pointing to CONTAINER_NAMEorID, without knowing the specific IP address, you can directly use ALIAS instead.

Such as:

--dns=IP_ADDRESS, and one IP_ADDRESS is added to the server tag of /etc/ resolv.conf

-- dns-search =DOMAIN, one DOMAIN will be added to the search tag of /etc/ resolv.conf. If one is added to the search tag, will also be searched when container needs to find one host IP.

container /etc/ resolv.conf is copied from the host /etc/ resolv.conf, only to filter out the host local nameserver. If there is no nameserver after filtering,docker will add google public nameserver, and to namerserver. container will be notified when the host's resolv.conf is modified

Communication between container and between container and the outside

1. System parameters of ip_forward must be set to 1

$ sysctl net.ipv4.conf.all.forwarding
net.ipv4.conf.all.forwarding = 0
$ sysctl net.ipv4.conf.all.forwarding=1
$ sysctl net.ipv4.conf.all.forwarding
net.ipv4.conf.all.forwarding = 1

2. iptables needs to be set to allow communication between them

Thank you for reading, I hope to help you, thank you for your support of this site!

Related articles: