Network

One of Docker's strengths is encapsulation. With Docker we can package an application into a container by building an image. Behind that are many things that make up this encapsulation, one of which is the Docker network.

Docker network will be responsible for connecting the network between containers, connecting the container to the outside, as well as connecting between clusters of docker containers.

With Docker containers and services, you can connect them together or connect them to other networks outside of Docker.

Docker containers don't even need to know that they are deployed on Docker, or whether the other processes it is communicating with are Docker workloads. Whether your Docker server runs Linux, Windows, or a combination of both, you can use Docker to run it regardless of the platform in use.

From the perspective of a beginner docker, in today's article I will summarize the basic Docker network and a few points to note when using the Docker network that I have learned (go).

Types of Docker network drivers

The Docker network system is plugable, using drivers. Most drivers are provided by default, with core functions of common network functions.

Docker network can provide most of the functions that a normal network system needs.

- BRIDGE

This is Docker's default network driver. If no driver is specified, the bridge will be the default network driver upon initialization.

When we install Docker, virtual bridge docker0 will be created, docker finds an unused subnet on the host and assigns an address to docker0

$ ifconfig
docker0   Link encap:Ethernet  HWaddr 02:42:c4:7d:f6:13  
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

Bridge networks are often used when applications need to be run as independent containers that need to communicate with each other. Containers in the same network can communicate with each other via IP addresses. Docker does not support host identification on this network, so if you want to connect, you must use options links so that Docker can understand the addresses of the services.

Bridge is the best driver for communicating multiple containers on a single host.

- HOST

Used when the container needs to communicate with the host and use the network at the host, because it uses the network of the running server, there is no network layer between the container and the Docker Host suitable when needing to connect from the container directly to the host.

And it use for containers that need high performance by bypassing Docker’s network stack.

docker run -d --name my_container --network host my_image

- OVERLAY

Overlay network creates a distributed network between multiple Docker hosts. Connect multiple Docker daemons together and enable clusters of services to communicate with each other. We can use an overlay network to easily communicate between a cluster of services and an independent container, or between two containers located on different Docker daemons.

Thanks to the Overlay network, there is no need to set up routing between containers through the operating system. Overlay networks create an overlay on the host network and allow connected containers (including clusters of containers) to communicate securely. Docker ensures routing of packets to and from the correct destination container.

And it's used for Docker Swarm services to enable communication across multiple Docker hosts.

docker network create -d overlay my_overlay_network
docker service create --name my_service --network my_overlay_network my_image

- MACVLAN

Macvlan network allows us to assign MAC addresses to containers, this makes each container as a physical device in the network. Docker daemon routes access to containers by MAC address. Using the macvlan driver is a good choice when other applications need to connect to physical addresses rather than through the server's network layers.

- NONE

For containers that do not need networking or need to disable all networking, we will choose this driver. Often used with custom networks. This driver cannot be used in a swarm cluster.

Completely isolates a container from any network.

docker run -d --name my_container --network none my_image

Some ways to use docker network

Initialize a docker network

$ docker network create [OPTIONS] NETWORK
$ docker network create -d bridge my-bridge-network

In which options -dis the driver, to create an overlay network you can use it. -d overlay In addition, there are many options depending on the level of customization that we can add. Many of these numbers I don't really understand, I only care about one thing. several options

--gateway: Địa chỉ Ip của Gateway (IPv4 hay IPv6) cho mạng con
--ip-range: Xác định một dải IPs sử  dụng trong mạng
--internal: Hạn chế  access từ bên ngoài vào mạng
--ipv6: Bật IPv6
--subnet: Chọn mạng con

Example: Initialize network with bridge driver with subnet 10.11.0.0/16, gateway ip is 10.11.0.1

$ docker network create -d bridge  --subnet=10.11.0.0/16 --gateway=10.11.0.1  my-bridge-net

$ docker network inspect my-bridge-net
[
    {
        "Name": "my-bridge-net",
        "Id": "877846e542d208a526e6d02025d99332e8d5a07a667003ca457c5477e10e232b",
        "Created": "2020-07-22T08:59:10.373614208+07:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "10.11.0.0/16",
                    "Gateway": "10.11.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]

Use network when running a container

Use the --network option to run a container on that network bridge

docker run --network=bridge -itd --name=container1 normal-app:dev

Use network via docker-compose

When using docker-compose, if you do not declare a network, docker will automatically create a network for the app and the driver will be the bridge.

$ docker-compose up
Creating network "api_default" with the default driver

Now check the network list and there will be the network that docker-compose just created

$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
4bdb10fc8926        api_default         bridge              local
72550e811311        bridge              bridge              local
74548f1aa34c        host                host                local
125591bf59af        none                null                local
bd9d957fec97        normalapp_default   bridge              local

And when you stop the app, docker will delete this network

$ docker-compose down
Stopping api_api_1       ... done
Stopping api_redis-api_1 ... done
Stopping api_db_1        ... done
Removing api_api_1       ... done
Removing api_redis-api_1 ... done
Removing api_db_1        ... done
Removing network api_default

If we want to declare the network for each container in a cluster, we can use the following two ways:

• Declare the host driver for the container app via network_mode. This declaration can change the driver for the container

In case we want the app to use the host's network without using the docker network, declare it as follows:

services:
  app:
    network_mode: host

• Declare over networks in docker-compose.yml

...
services:
  app:
    networks:
      - api-net
...
networks:
  api-net:
    driver: host

Using network in docker swarm cluster

Docker swarm often uses the docker-compose.yml file to deploy, and in this file it is necessary to select the network overlayso that docker can connect multiple host networks together.

...
services:
  app:
    networks:
      - api-net
...
networks:
  api-net:
    driver: overlay

Delete network

docker network rm my-bridge-network

When to Use Docker Networks

1. Isolating Containers:

   • Scenario: You need to ensure that containers are isolated from each other and can only communicate through defined networks.

   • Example: Running multiple applications on the same host without them interfering with each other.

2. Enabling Container Communication:

   • Scenario: Containers need to communicate with each other, such as a web server communicating with a database server.

   • Example: A multi-container application with a frontend, backend, and database.

3. Custom Network Configurations:

   • Scenario: You require custom IP address management, subnet configuration, or DNS settings.

   • Example: Assigning static IP addresses to containers for easier management and troubleshooting.

4. Connecting to External Services:

   • Scenario: Containers need to connect to external services or databases running outside of Docker.

   • Example: A Dockerized application connecting to a cloud-hosted database.

5. Service Discovery:

   • Scenario: Automatically discovering services without hardcoding IP addresses.

   • Example: Using service names to refer to containers, enabling dynamic scaling and reconfiguration.