Docker network modes (four) are described in detail

  • 2020-05-27 07:43:04
  • OfStack

Docker network mode

This paper first introduces four network working modes of Docker itself.

As one of the most popular lightweight container technologies, Docker has many admirable features, such as Docker's mirror management. However, Docker also has many imperfections. The network aspect is the weak part of Docker. Therefore, it is necessary to have a deep understanding of Docker's network knowledge to meet higher network needs.

Four network modes

When creating an Docker container using docker run, we can specify the network mode of the container with the --net option. Docker has the following four network modes:

· host mode, specified by --net=host.

· container mode, specified using --net=container:NAME_or_ID.

· none mode, specified using --net=none.

· bridge mode, specified by --net=bridge, default setting.

1 host mode

It is well known that Docker USES Linux's Namespaces technology for resource isolation, such as PID Namespace isolation process, Mount Namespace isolation file system, Network Namespace isolation network, and so on. One Network Namespace provides a separate network environment, including network CARDS, routing, Iptable rules, and so on, isolated from other Network Namespace. 1 Docker container 1 will normally allocate 1 independent Network Namespace. However, if the container is started in host mode, then instead of getting a separate Network Namespace, the container will share an Network Namespace with the host. Instead of virtualizing your own nic, the container will configure its own IP and so on, using the host's IP and port.

For example, we started an Docker container with an web application in host mode on a 10.10.101.105/24 machine, listening on port tcp80. When we execute any command like ifconfig in the container to view the network environment, we see the information on the host. For external access to applications in the container, use 10.10.101.105:80 directly, without any NAT conversion, just like running 1 in the host. However, other aspects of the container, such as file systems, process lists, and so on, are still isolated from the host.

2 container mode

Once you understand the host pattern, the pattern is easy to understand. This pattern specifies that the newly created container shares an Network Namespace with an existing container, rather than with the host. The newly created container will not create its own network card and configure its own IP, but will share IP, port range, and so on with a specified container. Also, the two containers are separate from the network aspects such as file systems, process lists, and so on. The processes of the two containers can communicate through the lo network card device.

3 none mode

This pattern is different from the first two. In this mode, the Docker container has its own Network Namespace, but does not have any network configuration for the Docker container. That is, the Docker container has no network card, IP, routing, or other information. We need to add a network card for the Docker container, configure IP, etc.

4 bridge mode

bridge mode is the default network setting of Docker. This mode allocates Network Namespace for each container, sets IP, etc., and connects the Docker container on one host to a virtual bridge. The following section focuses on this pattern.
host mode

Specify when using Docker run with the use of the wok
The network used by Docker is actually the same as that of the host. The network card ip seen in the container is ip on the host.

[root@localhost ~]# docker run -it --rm --net=host centos_with_net bash

Remove the image when you exit the mirror


[root@localhost /]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 172.17.42.1 netmask 255.255.0.0 broadcast 0.0.0.0
    inet6 fe80::8cfc:c7ff:fe49:f1ae prefixlen 64 scopeid 0x20<link>
    ether 4e:90:a4:b6:91:91 txqueuelen 0 (Ethernet)
    RX packets 58 bytes 3820 (3.7 KiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 6 bytes 468 (468.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.1.179 netmask 255.255.255.0 broadcast 192.168.1.255
    inet6 fe80::20c:29ff:fedb:b228 prefixlen 64 scopeid 0x20<link>
    ether 00:0c:29:db:b2:28 txqueuelen 1000 (Ethernet)
    RX packets 10562 bytes 868003 (847.6 KiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 2985 bytes 390673 (381.5 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
    inet6 ::1 prefixlen 128 scopeid 0x10<host>
    loop txqueuelen 0 (Local Loopback)
    RX packets 16 bytes 960 (960.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 16 bytes 960 (960.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

veth5446780: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::c0f4:f5ff:fe71:f3bd prefixlen 64 scopeid 0x20<link>
    ether c2:f4:f5:71:f3:bd txqueuelen 0 (Ethernet)
    RX packets 7 bytes 558 (558.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 49 bytes 3894 (3.8 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

veth111b1ca: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::4c90:a4ff:feb6:9191 prefixlen 64 scopeid 0x20<link>
    ether 4e:90:a4:b6:91:91 txqueuelen 0 (Ethernet)
    RX packets 7 bytes 558 (558.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 13 bytes 1026 (1.0 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

veth55dbbb2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::c84d:9ff:fecd:da27 prefixlen 64 scopeid 0x20<link>
    ether ca:4d:09:cd:da:27 txqueuelen 0 (Ethernet)
    RX packets 7 bytes 558 (558.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 42 bytes 3336 (3.2 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

veth5e2dff4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::9465:1bff:fed2:f75d prefixlen 64 scopeid 0x20<link>
    ether 96:65:1b:d2:f7:5d txqueuelen 0 (Ethernet)
    RX packets 7 bytes 558 (558.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 20 bytes 1584 (1.5 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

veth628d605: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::5cc8:ebff:fedb:ea69 prefixlen 64 scopeid 0x20<link>
    ether 5e:c8:eb:db:ea:69 txqueuelen 0 (Ethernet)
    RX packets 7 bytes 558 (558.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 6 bytes 468 (468.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

veth991629e: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::b464:e5ff:fed5:1bd6 prefixlen 64 scopeid 0x20<link>
    ether b6:64:e5:d5:1b:d6 txqueuelen 0 (Ethernet)
    RX packets 7 bytes 558 (558.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 27 bytes 2142 (2.0 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

vethb086b1c: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::dcdf:66ff:fed8:f2df prefixlen 64 scopeid 0x20<link>
    ether de:df:66:d8:f2:df txqueuelen 0 (Ethernet)
    RX packets 8 bytes 636 (636.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 34 bytes 2700 (2.6 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost /]# exit
exit

Compare with the host's IP information


[root@localhost ~]# ifconfig
docker0  Link encap:Ethernet HWaddr 4E:90:A4:B6:91:91
     inet addr:172.17.42.1 Bcast:0.0.0.0 Mask:255.255.0.0
     inet6 addr: fe80::8cfc:c7ff:fe49:f1ae/64 Scope:Link
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:58 errors:0 dropped:0 overruns:0 frame:0
     TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:3820 (3.7 KiB) TX bytes:468 (468.0 b)

eth0   Link encap:Ethernet HWaddr 00:0C:29:DB:B2:28
     inet addr:192.168.1.179 Bcast:192.168.1.255 Mask:255.255.255.0
     inet6 addr: fe80::20c:29ff:fedb:b228/64 Scope:Link
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:10661 errors:0 dropped:0 overruns:0 frame:0
     TX packets:3012 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:1000
     RX bytes:876797 (856.2 KiB) TX bytes:398049 (388.7 KiB)

lo    Link encap:Local Loopback
     inet addr:127.0.0.1 Mask:255.0.0.0
     inet6 addr: ::1/128 Scope:Host
     UP LOOPBACK RUNNING MTU:65536 Metric:1
     RX packets:16 errors:0 dropped:0 overruns:0 frame:0
     TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:960 (960.0 b) TX bytes:960 (960.0 b)

veth5e2dff4 Link encap:Ethernet HWaddr 96:65:1B:D2:F7:5D
     inet6 addr: fe80::9465:1bff:fed2:f75d/64 Scope:Link
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:7 errors:0 dropped:0 overruns:0 frame:0
     TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:558 (558.0 b) TX bytes:1584 (1.5 KiB)

vethb086b1c Link encap:Ethernet HWaddr DE:DF:66:D8:F2:DF
     inet6 addr: fe80::dcdf:66ff:fed8:f2df/64 Scope:Link
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:8 errors:0 dropped:0 overruns:0 frame:0
     TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:636 (636.0 b) TX bytes:2700 (2.6 KiB)

veth55dbbb2 Link encap:Ethernet HWaddr CA:4D:09:CD:DA:27
     inet6 addr: fe80::c84d:9ff:fecd:da27/64 Scope:Link
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:7 errors:0 dropped:0 overruns:0 frame:0
     TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:558 (558.0 b) TX bytes:3336 (3.2 KiB)

veth111b1ca Link encap:Ethernet HWaddr 4E:90:A4:B6:91:91
     inet6 addr: fe80::4c90:a4ff:feb6:9191/64 Scope:Link
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:7 errors:0 dropped:0 overruns:0 frame:0
     TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:558 (558.0 b) TX bytes:1026 (1.0 KiB)

veth628d605 Link encap:Ethernet HWaddr 5E:C8:EB:DB:EA:69
     inet6 addr: fe80::5cc8:ebff:fedb:ea69/64 Scope:Link
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:7 errors:0 dropped:0 overruns:0 frame:0
     TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:558 (558.0 b) TX bytes:468 (468.0 b)

veth991629e Link encap:Ethernet HWaddr B6:64:E5:D5:1B:D6
     inet6 addr: fe80::b464:e5ff:fed5:1bd6/64 Scope:Link
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:7 errors:0 dropped:0 overruns:0 frame:0
     TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:558 (558.0 b) TX bytes:2142 (2.0 KiB)

veth5446780 Link encap:Ethernet HWaddr C2:F4:F5:71:F3:BD
     inet6 addr: fe80::c0f4:f5ff:fe71:f3bd/64 Scope:Link
     UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
     RX packets:7 errors:0 dropped:0 overruns:0 frame:0
     TX packets:49 errors:0 dropped:0 overruns:0 carrier:0
     collisions:0 txqueuelen:0
     RX bytes:558 (558.0 b) TX bytes:3894 (3.8 KiB)

container mode

net=Container:container_id/container_name, multiple containers using a common network to see ip is one like.


[root@localhost ~]# docker ps
CONTAINER ID    IMAGE        COMMAND       CREATED       STATUS       PORTS        NAMES
7169e8be6d3e    centos       "/bin/bash"     About an hour ago  Up About an hour            serene_goldstine
4cd696928bbe    centos       "bash"       About an hour ago  Up About an hour            cent_testv2
4f5bf6f33f2c    centos       "bash"       About an hour ago  Up About an hour            gloomy_colden
0a80861145c9    centos       "bash"       About an hour ago  Up About an hour            mad_carson
fb45150dbc21    centos       "bash"       About an hour ago  Up About an hour            cent_testv
3222c7c5c456    centos       "bash"       2 hours ago     Up 2 hours               sick_albattani
e136b27a8e17    centos       "bash"       2 hours ago     Up 2 hours               tender_euclid
[root@localhost ~]# docker exec -it 7169 bash
[root@7169e8be6d3e /]# ifconfig
bash: ifconfig: command not found
[root@7169e8be6d3e /]# yum install -y net-tools ifconfig
[root@7169e8be6d3e /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 172.17.0.8 netmask 255.255.0.0 broadcast 0.0.0.0
    inet6 fe80::42:acff:fe11:8 prefixlen 64 scopeid 0x20<link>
    ether 02:42:ac:11:00:08 txqueuelen 0 (Ethernet)
    RX packets 5938 bytes 15420209 (14.7 MiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 4841 bytes 329652 (321.9 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
    inet6 ::1 prefixlen 128 scopeid 0x10<host>
    loop txqueuelen 0 (Local Loopback)
    RX packets 0 bytes 0 (0.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 0 bytes 0 (0.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@7169e8be6d3e /]# exit
exit
[root@localhost ~]# docker run -it --rm --net=container:7169 centos_with_net bash
[root@7169e8be6d3e /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 172.17.0.8 netmask 255.255.0.0 broadcast 0.0.0.0
    inet6 fe80::42:acff:fe11:8 prefixlen 64 scopeid 0x20<link>
    ether 02:42:ac:11:00:08 txqueuelen 0 (Ethernet)
    RX packets 5942 bytes 15420377 (14.7 MiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 4855 bytes 330480 (322.7 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
    inet6 ::1 prefixlen 128 scopeid 0x10<host>
    loop txqueuelen 0 (Local Loopback)
    RX packets 0 bytes 0 (0.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 0 bytes 0 (0.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

none mode

Specify using the WSD: WSD 160en = WSD 161en. No network is configured in this mode.


[root@localhost ~]# docker run -it --rm --net=none centos_with_net bash
[root@67d037935636 /]# ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
    inet6 ::1 prefixlen 128 scopeid 0x10<host>
    loop txqueuelen 0 (Local Loopback)
    RX packets 0 bytes 0 (0.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 0 bytes 0 (0.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

bridge mode (default mode)

Using � net = bridge specified, don't need to specify a default is the network mode. This pattern assigns a separate Network Namespace to each container. nat network mode similar to Vmware. All containers on the same host will be under the same network segment and will be able to communicate with each other.

Thank you for reading, I hope to help you, thank you for your support of this site!


Related articles: