Graduate Program KB

Docker Networking

Docker is a platform that allows you to easily create, deploy, and run applications in containers. Containers are lightweight, portable, and provide an isolated environment for running applications, which makes them a great fit for microservices architecture.

Docker networking is a key aspect of Docker and Docker Compose as it enables communication between containers and the outside world. This explanation will cover the basics of Docker networking, how it works in Docker Compose, and provide examples with code snippets.

  1. Docker Networking:

Docker provides different network drivers to support various types of network configurations. Some common network drivers are:

  • bridge: The default network driver, which creates a private network internal to the host and provides NAT functionality so that containers can communicate with the outside world.
  • host: Removes network isolation between the container and the host, which means the container shares the host's network stack.
  • overlay: Creates an internal, distributed network that spans across multiple Docker hosts, allowing containers on different hosts to communicate with each other.
  • none: Disables all networking for the container.

Let's dive deeper into bridge networking, which is the most commonly used driver.

1.1 Bridge Networking:

When you create a container, Docker automatically connects it to a default bridge network named 'bridge.' Containers connected to the same bridge network can communicate with each other using their IP addresses. To expose a container to the outside world, you can map a host port to a container port using the '-p' flag.

For example, to run a simple Nginx web server and expose it on port 80, you can use the following command:

$ docker run -d --name my-nginx -p 80:80 nginx

You can also create a custom bridge network and connect containers to it:

$ docker network create my-custom-network
$ docker run -d --name my-nginx --network my-custom-network nginx
$ docker run -d --name my-app --network my-custom-network my-app-image
  1. Docker Compose Networking:

Docker Compose is a tool that simplifies the process of defining and running multi-container Docker applications. It uses a YAML file (usually named docker-compose.yml ) to define services, networks, and volumes.

Docker Compose automatically creates a default network for your application and connects all services to that network. By default, each service can reach others using the service name as the hostname.

Here's an example of a docker-compose.yml file with two services - a web server (Nginx) and an API server (Node.js):

version: '3'

services:
  web:
    image: nginx:latest
    ports:
      - "80:80"
    depends_on:
      - api

  api:
    build: ./api
    ports:
      - "3000:3000"

In this example, the web service can communicate with the api service using the hostname 'api' and port 3000.

To create a custom network and connect services to it, you can modify the docker-compose.yml file as follows:

version: '3'

services:
  web:
    image: nginx:latest
    ports:
      - "80:80"
    networks:
      - my-custom-network
    depends_on:
      - api

  api:
    build: ./api
    ports:
      - "3000:3000"
    networks:
      - my-custom-network

networks:
  my-custom-network:

This will create a custom network named 'my-custom-network' and connect both the web and api services to it.

Here are examples for the other types of networking supported by Docker:

  1. Host Networking:

Host networking removes network isolation between the container and the Docker host, allowing the container to share the host's network stack. To use host networking, add the --network host flag when running a container.

For example, let's run an Nginx container using host networking:

$ docker run -d --name my-nginx --network host nginx

With host networking, the Nginx container will bind directly to the host's network interfaces, so you can access the Nginx server using the host's IP address and the container's exposed ports.

  1. Overlay Networking:

Overlay networking allows containers running on different Docker hosts to communicate with each other. This is particularly useful in Docker Swarm mode or when deploying a multi-node application.

First, create an overlay network on the manager node:

$ docker network create --driver overlay my-overlay

Next, create a service connected to the overlay network:

$ docker service create --name my-nginx --network my-overlay --replicas 2 -p 80:80 nginx

In this example, the Nginx service is connected to the overlay network 'my-overlay' and has 2 replicas. Containers belonging to the Nginx service can now communicate with each other using their service name, even if they are on different Docker hosts.

  1. None Networking:

None networking disables all networking for the container. It can be useful in situations where you want complete network isolation, like running a security-sensitive application.

To use none networking, add the --network none flag when running a container:

$ docker run -d --name my-nginx --network none nginx

In this example, the Nginx container will have no network access, and other containers cannot communicate with it.

For Docker Compose, you can specify the network mode for each service in the docker-compose.yml file:

version: '3'

services:
  web:
    image: nginx:latest
    network_mode: host

  api:
    build: ./api
    network_mode: none

In this example, the web service uses host networking, while the api service has no network access.