Docker Deep Dive: Networking Overview
Docker Networking:
- Container Network Model(CNM) -
- Is a Design specification
- Outlines fundamental building blocks of docker network.
- The libnetwork -
- Is the real world implementation of the CNM.( This is what Docker uses).
- Is also responsible for service discovery
- Ingress based container load balancing and network.
- Management control plane functionality.
- Network Drivers - extends the model by implementing specific network topology.
Network Drivers:
- Bridge network(default)(only works on Linux) -
- Is a link layer device which forwards traffic between network segments.
- Uses a software network which allows containers connected to the same bridge network to be able to communicate.
- Also provides layers of isolation to other containers which not connected to that network.
- Host Network
- Overlay - Want to created distributed network among multiple docker host.
- macvlan - gives physical address to the container(makes it look like real physical device on the network)
- None -
- To disable networking
- Also used in conjunction with custom network driver
- Cannot use it with swarm service
- Network plugins - Third party network plugins
Container Network Model
- Defines three building blocks:
- Sandboxes:
- Isolates the network stacks(networking interfaces, ports, route tables, dns)
- Endpoints:
- Are virtual network interfaces.
- Responsible to connect a sandbox to a network.
- Networks - These networks are software implementation of IEEE 802.1D bridge.
- Sandboxes:
- Here container A has single end point and container B has 2 endpoints. (These are virtual interface)
- Con A and con B can communicate over Network A but con B's endpoint's can't communicate with each other unless there is a layer 3 router involved.
- As interface behave as a real world adapter they can only be connected to a single network.
- even though both containers are running on the host, both host and container's network are completed isolated from each other.