Container Networking Basics

A simple, static web server
Run the Docker Hub image nginx, which contains a basic web server:

imran@DevOps:~$ docker run -d -P nginx
b53c99839ccf662b17ff96424352701cc494b788e4d97525d930406b0cfdb237

Docker will download the image from the Docker Hub.
-d tells Docker to run the image in the background.
-P tells Docker to make this service reachable from other computers.
(-P is the short version of --publish-all.)
But, how do we connect to our web server now?

Finding our web server port

We will use docker ps:

The web server is running on ports 80 and 443 inside the container. Those ports are mapped to ports 32769 and 32768 on our Docker host. We will explain the whys and hows of this port mapping. But first, let's make sure that everything works properly.

Connecting to our web server (GUI)
Point your browser to the IP address of your Docker host, on the port shown by docker ps for container port 80.

Connecting to our web server (CLI)
You can also use curl directly from the Docker host.
Make sure to use the right port number if it is different from the example below:

Why are we mapping ports?

We are out of IPv4 addresses. Containers cannot have public IPv4 addresses. They have private addresses. Services have to be exposed port by port. Ports have to be mapped to avoid conflicts.
Finding the web server port in a script
Parsing the output of docker ps would be painful. There is a command to help us:
$ docker port < containerID>
80 32769 Manual allocations of port numbers

We are running two NGINX web servers. The first one is exposed on port 80. The second one is exposed on port 8000. The third one is exposed on ports 8080 and 8888.Note: the convention is port-on-host: port-on-container.

Plumbing containers into your infrastructure
There are many ways to integrate containers in your network. Start the container, letting Docker allocate a public port for it. Then retrieve that port number and feed it to your configuration. Pick a fixed port number in advance, when you generate your configuration. Then start your container by setting the port numbers manually. Use a network plugin, connecting your containers with e.g. VLANs, tunnels... Enable Swarm Mode to deploy across a cluster. The container will then be reachable through any node of the cluster.
Finding the container's IP address

Docker inspect is an advanced command, that can retrieve a ton of information about our containers. Here, we provide it with a format string to extract exactly the private IP address of the container.

Pinging our container
We can test connectivity to the container using the IP address we've just discovered. Let's see this now by using the ping tool.

The different network drivers
A container can use one of the following drivers:
bridge (default)
none
host
container
The driver is selected with docker run --net...
The default bridge
By default, the container gets a virtual eth0 interface. (In addition to its own private lo loopback interface.) That interface is provided by a vethpair. It is connected to the Docker bridge.
(Named docker0 by default; configurable with --bridge.)
Addresses are allocated on a private, internal subnet.
(Docker uses 172.17.0.0/16 by default; configurable with –bip.)
Outbound traffic goes through an iptables MASQUERADE rule. Inbound traffic goes through an iptables DNAT rule. The container can have its own routes, iptables rules, etc.

For more information about Visualpath, visit www.visualpath.in and follow the company on Facebook and Twitter.

Visualpath DevOps Material

Search This Blog