Bridge Network in Docker

Here is a hands on tutorial on docker bridge networks. Feel free to install docker and follow along

Show all the docker networks

docker network ls

This command will list all the docker networks currently running on the host machine. The list would include the driver and the scope of the docker networks.

Creating a custom network in docker

Lets first spin up two light-weight containers

docker run -dit --name container-one alpine
docker run -dit --name container-two alpine

On looking them up on the running containers list it would appear that the two light-weight containers that we have created are not listening on any port.

docker ps // command to look up the running container 

However, by default all containers in docker are connected to the bridge network.

docker network inspect bridge

Inspecting the bridge network of the docker ecosystem would return the response in form of a json. Under the Containers key of the response you will see both the light-weight containers connected to the default bridge network.

Let’s ssh into container-one with the ash shell and try pinging the other container. The ping command may be used to ping a host. The number of pings to the host can be limited with the -c flag.

docker exec -it container-one ash // ssh into the container
/ # ping -c 5 container-two      // ping the other container

This would fail with

ping: bad address ‘container-two’

The ip of the containers is specified in the response from docker network inspect bridge under the Containers key. Lets say the ip of container-two happens to be 172.17.0.3.

/ # ping -c 5 172.17.0.3

This would return a successful ping to the other container over the default bridge network which goes by the name docker0.

Default bridge network in docker

However the default bridge network is not recommended in production.

User defined Bridge Network

User defined Bridge networks in docker are custom bridge networks.

Create a user defined bridge network

docker network create user-defined-bridge

The command creates a user defined bridge of the name user-defined-bridge. The newly created network can be seen on running the command

docker network ls

To connect a container to a user defined bridge, the name of the network should be explicitly specified in the docker run command while creating the container

docker run -dit --name container-three network="user-defined-bridge" alpine

That was networking in docker with the bridge driver. The other drivers are the host, the overlay and the macvlan. The command to see the network drivers in docker is:

docker info | grep Network

Container Network Model

Docker uses the libnetwork which is an implementation of the Container Network Model. The Container Network Model(CNM) is an interface that formalizes the steps required to provide networking for containers while providing the abstraction required to support multiple network drivers. The main components of CNN are:

1. Sandbox
   The sandbox contains the configuration for the container’s network stack including the container’s routing table and DNS settings.
2. Endpoint
   The endpoint is usually a veth pair. The endpoint joins the sandbox to the network
3. Network
   The network is a group of endpoints that can communicate with each other directly.
4. Cluster

All the above network drivers are provided by the libnetwork.

References

Networking overview

moby/libnetwork

Docker Networking Drivers - Details and Use Cases | Docker Blog