Skip to content

Latest commit

 

History

History
1218 lines (1022 loc) · 54.4 KB

README.md

File metadata and controls

1218 lines (1022 loc) · 54.4 KB

Docker Networking Intro

This guide provides information about the basic steps on installing Docker Community Edition on Ubuntu 16.04 and how Docker default networking works from a network engineer point of view. There are tons of blog articles on Docker itself. Docker' s website has great amount of information on networking here .

Table Of Contents

Background
Preperation
Installation
Docker Basics
Docker Networking
Connectivity
Linux Bridge
Creating Containers
Creating a Docker Bridge Network
CLI Cheatsheet

Background

Back to Table of Contents

  • Docker is the short version of "Dock Worker"

  • The idea is to build better -> to ship better -> to deploy (run) better

  • Components of Docker is written in Go or Golang

  • Open Container Initiative : Standardize container format and runtime , vendor neutral, platform neutral (OCI operates under Linux Foundation)

  • Containers provide scalable, self healing and portable apps

Preperation

Back to Table of Contents

A single Ubuntu 16.04.5 LTS based virtual machine is used in this guide. It is configured with a static IP address. As shown below in Ubuntu's shell.


root@ubuntu26:~# more /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback
auto ens160
iface ens160 inet static
address 10.190.16.120
netmask 255.255.255.0
broadcast 10.190.16.255
gateway 10.190.16.1
dns-nameservers 192.168.1.185
root@ubuntu26:~#
  • Escalate to root

vmware@ubuntu26:~$ 
vmware@ubuntu26:~$ sudo -H bash
root@ubuntu26:/home/vmware#
  • Ensure the integrity and authenticity of the images that are downloaded from Docker Hub. GPG is based on Public Key Cryptogragphy (more info is here)

root@ubuntu26:/home/vmware#curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
OK
  • Configure Docker Hub as the APT source rather than the Ubuntu 16.04 repository

root@ubuntu26:/home/vmware# sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
root@ubuntu26:/home/vmware#
  • Update Docker packages

    "apt-get update" basically downloads the package lists from the repositories and "updates" them to get information on the newest versions of packages and their dependencies.


root@ubuntu26:/home/vmware# apt-get update
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu xenial InRelease [247 kB]
|
|
Output Omitted
|
|
Get:48 http://us.archive.ubuntu.com/ubuntu xenial-backports/universe Translation-en [4,184 B]
Fetched 30.0 MB in 9s (3,233 kB/s)
Reading package lists... Done
root@ubuntu26:/home/vmware#
  • Make sure the repository for Docker is Docker repo rather than Ubuntu repo

root@ubuntu26:/home/vmware# apt-cache policy docker-ce
docker-ce:
  Installed: (none)
  Candidate: 5:18.09.6~3-0~ubuntu-xenial
  Version table:
     5:18.09.6~3-0~ubuntu-xenial 500
        500 https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
    |
    Output Omitted
    |
     17.03.0~ce-0~ubuntu-xenial 500
        500 https://download.docker.com/linux/ubuntu xenial/stable amd64 Packages
root@ubuntu26:/home/vmware# ^C

Installation

Back to Table of Contents

  • Install Docker

root@ubuntu26:/home/vmware# apt-get install -y docker-ce
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  aufs-tools cgroupfs-mount containerd.io docker-ce-cli libltdl7 pigz
Suggested packages:
  mountall
The following NEW packages will be installed:
  aufs-tools cgroupfs-mount containerd.io docker-ce docker-ce-cli libltdl7 pigz
0 upgraded, 7 newly installed, 0 to remove and 161 not upgraded.
Need to get 50.5 MB of archives.
After this operation, 243 MB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 pigz amd64 2.3.1-2 [61.1 kB]
Get:2 https://download.docker.com/linux/ubuntu xenial/stable amd64 containerd.io amd64 1.2.5-1 [19.9 MB]
Get:3 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 aufs-tools amd64 1:3.2+20130722-1.1ubuntu1 [92.9 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 cgroupfs-mount all 1.2 [4,970 B]
Get:5 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 libltdl7 amd64 2.4.6-0.1 [38.3 kB]
Get:6 https://download.docker.com/linux/ubuntu xenial/stable amd64 docker-ce-cli amd64 5:18.09.6~3-0~ubuntu-xenial [13.0 MB]
Get:7 https://download.docker.com/linux/ubuntu xenial/stable amd64 docker-ce amd64 5:18.09.6~3-0~ubuntu-xenial [17.4 MB]
Fetched 50.5 MB in 10s (4,785 kB/s)
Selecting previously unselected package pigz.
(Reading database ... 59693 files and directories currently installed.)
Preparing to unpack .../pigz_2.3.1-2_amd64.deb ...
|
|
Output Omitted
|
|
Setting up aufs-tools (1:3.2+20130722-1.1ubuntu1) ...
Setting up cgroupfs-mount (1.2) ...
Setting up containerd.io (1.2.5-1) ...
Setting up docker-ce-cli (5:18.09.6~3-0~ubuntu-xenial) ...
Setting up docker-ce (5:18.09.6~3-0~ubuntu-xenial) ...
update-alternatives: using /usr/bin/dockerd-ce to provide /usr/bin/dockerd (dockerd) in auto mode
Setting up libltdl7:amd64 (2.4.6-0.1) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for systemd (229-4ubuntu21.4) ...
Processing triggers for ureadahead (0.100.0-19) ...
root@ubuntu26:/home/vmware#
  • Make sure Docker is running

root@ubuntu26:/home/vmware# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-06-17 12:33:25 EDT; 3min 48s ago
     Docs: https://docs.docker.com
 Main PID: 3305 (dockerd)
   CGroup: /system.slice/docker.service
           └─3305 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

Jun 17 12:33:24 ubuntu26 dockerd[3305]: time="2019-06-17T12:33:24.322015384-04:00" level=warning msg="Your kernel does not support swap memory limit"
Jun 17 12:33:24 ubuntu26 dockerd[3305]: time="2019-06-17T12:33:24.322303782-04:00" level=warning msg="Your kernel does not support cgroup rt period"
Jun 17 12:33:24 ubuntu26 dockerd[3305]: time="2019-06-17T12:33:24.322529745-04:00" level=warning msg="Your kernel does not support cgroup rt runtime"
Jun 17 12:33:24 ubuntu26 dockerd[3305]: time="2019-06-17T12:33:24.323451458-04:00" level=info msg="Loading containers: start."
Jun 17 12:33:24 ubuntu26 dockerd[3305]: time="2019-06-17T12:33:24.867494590-04:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip
Jun 17 12:33:24 ubuntu26 dockerd[3305]: time="2019-06-17T12:33:24.944308261-04:00" level=info msg="Loading containers: done."
Jun 17 12:33:25 ubuntu26 dockerd[3305]: time="2019-06-17T12:33:25.012992693-04:00" level=info msg="Docker daemon" commit=481bc77 graphdriver(s)=overlay2 version=18.09.6
Jun 17 12:33:25 ubuntu26 dockerd[3305]: time="2019-06-17T12:33:25.013579127-04:00" level=info msg="Daemon has completed initialization"
Jun 17 12:33:25 ubuntu26 dockerd[3305]: time="2019-06-17T12:33:25.038175853-04:00" level=info msg="API listen on /var/run/docker.sock"
Jun 17 12:33:25 ubuntu26 systemd[1]: Started Docker Application Container Engine.
root@ubuntu26:/home/vmware#

As you may have already noticed in the output above, a default bridge ("docker0") is created with 172.17.0.0/16 subnet. Details of this bridge will be explained later on.

The first three error messages are about being able to put memory, CPU and swap limitations to containers. Means that the current Kernel version in Ubuntu 16.04 does not seem to support these features. More info here and also here. It is ok as these features will not be used in this lab.

  • Check the Docker version

dtimuralp-a02:Applications dtimuralp$ docker version
root@ubuntu26:/home/vmware# docker version
Client:
 Version:           18.09.6
 API version:       1.39
 Go version:        go1.10.8
 Git commit:        481bc77
 Built:             Sat May  4 02:35:27 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.6
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.8
  Git commit:       481bc77
  Built:            Sat May  4 01:59:36 2019
  OS/Arch:          linux/amd64
  Experimental:     false
root@ubuntu26:/home/vmware#

The logic is Docker Client ===== API Calls ===> Docker Server (Daemon) ; both running on the Ubuntu OS. Hence there are two docker versions are shown in this output, one for client and one for server version.

Docker Basics

Back to Table of Contents

  • Check Docker information
root@ubuntu26:/home/vmware# docker info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 18.09.6
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
init version: fec3683
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.4.0-131-generic
Operating System: Ubuntu 16.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.859GiB
Name: ubuntu26
ID: 6CX6:X6JC:7QVT:KKOG:ZZO7:35XC:WLVZ:EK3Z:XD7J:CFID:CRNI:7OBA
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

WARNING: No swap limit support
root@ubuntu26:/home/vmware#

Docker Swarm shows up as inactive cause I am going to use a single host for now. Swarm is Docker's own container orchestration solution.

Note for curious ones : Runc is the runtime container by Docker which is donated to the Open Container Project (OCP) . Containerd is the container runtime wrapper which has runc as a component in it. For more info please check here. There is also info about containerd and runc here and here

  • Check whether if any containers run by default

root@ubuntu26:/home/vmware# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
root@ubuntu26:/home/vmware#

No containers running by default.

  • Check whether if there is any container images in the local repository

root@ubuntu26:/home/vmware# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
root@ubuntu26:/home/vmware#

No images in the local repository by default.

Note : Images can be interpreted as "stopped containers" (like VM Templates). Containers can be interpreted as "running images" (like a VM template turned into an actual VM).

Whenever you' d like to build or run a container you need to find and use a base image. Below figure helps to understand the overall picture.

Docker Networking

Back to Table of Contents

Official Docker documentation on "Configuring Networking" can be found here

Docker has various network drivers . Most popular ones are Bridge, Overlay and MACVLAN. This article summarizes them well. In this guide we are focusing on "Bridge" network driver.

  • Check which Docker networks are created by default :

root@ubuntu26:/home/vmware# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
8dc12dd156a0        bridge              bridge              local
f4238f561257        host                host                local
70c020e17c5e        none                null                local
root@ubuntu26:/home/vmware#

By default Docker (on Ubuntu OS) creates three networks as shown in the above output. Notice their driver types are bridge, host and none. Scope "local" means, single-host mode.

What Docker implements with network named as "bridge" is, a Linux bridge named as "docker0" . This will be verified on Ubuntu shell.

  • Inspect the Docker network "bridge" config ("docker network inspect < Docker NETWORK NAME > / OR / < Docker NETWORK ID >)

root@ubuntu26:/home/vmware# docker network inspect bridge
[
    {
        "Name": "bridge",
        "Id": "8dc12dd156a08710bd4f6bbb384de6e803d942854b28e84c35f89ee9db75497f",
        "Created": "2019-06-17T12:33:24.867585642-04:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]
root@ubuntu26:/home/vmware#

ID the first couple of characters in the ID field matches the NETWORK ID shown in "docker network ls" output.

IPAM => Config => Subnet is configured as 172.16.0.0/16. Which means, Docker will assign an IP address from this subnet to every container connected to this Docker network.

enable_icc:true means that inter container communication is allowed on this Docker network.

enable_ip_masquerade: true means that "iptables" rules will be modified on this host to apply SNAT (source NAT) for all the containers connected to this Docker network. Docker manipulates "iptables" rules on the host (Ubuntu virtual machine) to provide network isolation for containers from the external network. IPtables will be explained in a seperate article. More info on this in official Docker documentation is here

bridge name : docker0 Notice that the bridge name is "docker0" . This is the name assigned to the Linux bridge which is configured and managed by Docker.

  • Let' s examine the Linux bridge on Ubuntu shell. To do that "bridge-utils" package needs to be installed.

root@ubuntu26:/home/vmware# apt-get install bridge-utils
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  bridge-utils
0 upgraded, 1 newly installed, 0 to remove and 161 not upgraded.
Need to get 28.6 kB of archives.
After this operation, 102 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 bridge-utils amd64 1.5-9ubuntu1 [28.6 kB]
Fetched 28.6 kB in 0s (31.3 kB/s)
Selecting previously unselected package bridge-utils.
(Reading database ... 59983 files and directories currently installed.)
Preparing to unpack .../bridge-utils_1.5-9ubuntu1_amd64.deb ...
Unpacking bridge-utils (1.5-9ubuntu1) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up bridge-utils (1.5-9ubuntu1) ...
root@ubuntu26:/home/vmware#
  • Let' s check the bridge information from the Linux bridge commands which all start with "brctl"

root@ubuntu26:/home/vmware# brctl show
bridge name     bridge id               STP enabled     interfaces
docker0         8000.0242ed408e96       no
root@ubuntu26:/home/vmware#

Remember "docker0" is the name of the Linux bridge. This Linux bridge is being used by the Docker network named as "bridge" ("docker network ls" output)

  • Let' s check the link layer state of the interfaces on Ubuntu

root@ubuntu26:/home/vmware# ip link show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens160:  mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:50:56:b4:47:61 brd ff:ff:ff:ff:ff:ff
3: ens192:  mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:50:56:b4:9b:ec brd ff:ff:ff:ff:ff:ff
4: docker0:  mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
    link/ether 02:42:ed:40:8e:96 brd ff:ff:ff:ff:ff:ff
root@ubuntu26:/home/vmware#

Notice docker0 interface is down.

  • Let' s check the network layer state of the interfaces on Ubuntu

root@ubuntu26:/home/vmware# ip address show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens160:  mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:b4:47:61 brd ff:ff:ff:ff:ff:ff
    inet 10.190.16.120/24 brd 10.190.16.255 scope global ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:feb4:4761/64 scope link
       valid_lft forever preferred_lft forever
3: ens192:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 00:50:56:b4:9b:ec brd ff:ff:ff:ff:ff:ff
4: docker0:  mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:ed:40:8e:96 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:edff:fe40:8e96/64 scope link
       valid_lft forever preferred_lft forever
root@ubuntu26:/home/vmware#

ens160 is the first NIC of the Ubuntu OS, ens192 is the second NIC. ens192 is not used in this lab hence it does not have an IP address configured.

  • Let' s check the routing table on Ubuntu

root@ubuntu26:/home/vmware# ip route show
default via 10.190.16.1 dev ens160 onlink
10.190.16.0/24 dev ens160  proto kernel  scope link  src 10.190.16.120
172.17.0.0/16 dev docker0  proto kernel  scope link  src 172.17.0.1 linkdown
root@ubuntu26:/home/vmware#

Connectivity

Back to Table of Contents

At this stage, the connectivity diagram in the Ubuntu host is shown below.

There is a new term mentioned in this diagram, "network namespace". The easiest analogy to use for network namespace is VRF (Virtual Routing Forwarding) instances on an ordinary router in the routing & switching world. Although there are a few slight differences in between, in Linux, network namespaces are used for isolating network domains from each other. Here is a good definition of it. This is a good blog article on practical usage. Network namespaces become relevant in the case of containers and it will be explained in the next section.

The way root network namespace id can be identified is by using the ip netns list-id command shown below.


root@ubuntu26:/home/vmware# ip netns list-id
nsid 0
root@ubuntu26:/home/vmware#

Linux Bridge

Back to Table of Contents

As mentioned a few times already, when Docker is installed, what Docker actually does is creating a Linux bridge named as "docker0". This also creates a new interface in Linux IP stack. This is native Linux bridge logic. Nothing specific. All Docker does is using Linux networking features at the backend.

In fact all this can easily be tested by manually creating a test Linux bridge and by verifying as shown below.

  • Create a Linux test bridge

root@ubuntu26:/home/vmware# brctl addbr testbridge
root@ubuntu26:/home/vmware# brctl show
bridge name     bridge id               STP enabled     interfaces
docker0         8000.0242ed408e96       no              
testbridge              8000.000000000000       no
  • Verify the new interface in Linux IP stack

root@ubuntu26:/home/vmware# ip link show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens160:  mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:50:56:b4:47:61 brd ff:ff:ff:ff:ff:ff
3: ens192:  mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:50:56:b4:9b:ec brd ff:ff:ff:ff:ff:ff
4: docker0:  mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
    link/ether 02:42:ed:40:8e:96 brd ff:ff:ff:ff:ff:ff
5: testbridge:  mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 62:bc:ca:07:1d:37 brd ff:ff:ff:ff:ff:ff
  • Assign an IP address to the interface

root@ubuntu26:/home/vmware# ip addr add 10.10.10.1/24 dev testbridge

root@ubuntu26:/home/vmware# ip address show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens160:  mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:b4:47:61 brd ff:ff:ff:ff:ff:ff
    inet 10.190.16.120/24 brd 10.190.16.255 scope global ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:feb4:4761/64 scope link
       valid_lft forever preferred_lft forever
3: ens192:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 00:50:56:b4:9b:ec brd ff:ff:ff:ff:ff:ff
4: docker0:  mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:ed:40:8e:96 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:edff:fe40:8e96/64 scope link
       valid_lft forever preferred_lft forever
5: testbridge:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 62:bc:ca:07:1d:37 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.1/24 scope global testbridge
       valid_lft forever preferred_lft forever
  • Delete the Linux test bridge

root@ubuntu26:/home/vmware# brctl delbr testbridge
root@ubuntu26:/home/vmware# brctl show
bridge name     bridge id               STP enabled     interfaces
docker0         8000.0242ed408e96       no              

Creating containers

Back to Table of Contents

Docker uses various Linux namespace technologies for isolation. (ie user namespace, process namespace, etc.) For networking, it uses Linux network namespaces. Each container runs in its own Linux network namespace which means it has its own IP address, routing table, etc. Docker creates the content related to each network namespace here on Ubuntu => /var/run/docker/netns/

Note : This is different than checking network namespaces that are created directly through Linux (which can be investigated by "ip netns list" command. Something I learned the hardway.) Cause Docker created network namespaces are under the specific Docker folder mentioned above. This thread explains the whole details quite well.

  • Let' s create a container and see how docker0 bridge, interface connections and other things change

root@ubuntu26:/home/vmware# docker run -d --name test1 dumlutimuralp/networktest
Unable to find image 'dumlutimuralp/networktest:latest' locally
latest: Pulling from dumlutimuralp/networktest
357ea8c3d80b: Pull complete
|
|
Output Omitted
|
|
74525030d7c5: Pull complete
Digest: sha256:9e1ab3bffe246ec101e6a3cefa012c480035b5518225b108e47faa424d062ca3
Status: Downloaded newer image for dumlutimuralp/networktest:latest
b908e176393711f48e6e425526b2858e428711ce364ada295be9b769739ddfa2

"docker run" is the Docker command to pull a Docker image and then run it with the parameters provided.

"-d" means run this container in detached mode so that it can run in the background (not foreground, aka the terminal, which runs the shell) More info here and here

--name is used to assign a name to this container, "Test1" is given as the container name in this example

dumlutimuralp/networktest is the location and the name of the Docker image to be used to create the container from (Since this image does not exist locally, Docker pulls the image from Docker Hub. I have a repository in Docker hub and the Docker image name is networktest)

  • Let' s check the status of the container

root@ubuntu26:/home/vmware# docker ps
CONTAINER ID        IMAGE                       COMMAND                  CREATED             STATUS              PORTS               NAMES
b908e1763937        dumlutimuralp/networktest   "/docker-entrypoint.…"   10 seconds ago      Up 8 seconds        80/tcp, 443/tcp     test1
  • Let' s check what has changed on the Linux bridge

root@ubuntu26:/home/vmware# brctl show
bridge name     bridge id               STP enabled     interfaces
docker0         8000.0242ed408e96       no              vethaafb3cd
root@ubuntu26:/home/vmware#

Nice. We got a new interface attached to the bridge. (vethaafb3cd) Notice that when creating the container in the previous step we did not specify any specific Docker network to connect the container to. Docker network "bridge" is selected by default.

  • Let' s check how the IP interfaces have changed on Ubuntu

root@ubuntu26:/home/vmware# ip link show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens160:  mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:50:56:b4:47:61 brd ff:ff:ff:ff:ff:ff
3: ens192:  mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:50:56:b4:9b:ec brd ff:ff:ff:ff:ff:ff
4: docker0:  mtu 1500 qdisc noqueue state UP mode DEFAULT group default
    link/ether 02:42:ed:40:8e:96 brd ff:ff:ff:ff:ff:ff
14: vethaafb3cd@if13:  mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
    link/ether a2:cf:f6:c2:96:79 brd ff:ff:ff:ff:ff:ff link-netnsid 0
root@ubuntu26:/home/vmware#

A few interesting things in the above output :

The docker0 interface has now changed its state to "UP".

"vethaafb3cd" interface shows up in IP interface output of the Ubuntu host and its index is #14 and this "vethaafb3cd" interface has an expression "if13" at the end. The master for this "vethaafb3cd" interface seems to be "docker0". The other thing is there is an expression at the end "link-netnsid 0".

  • Let' s check the current network namespace list on Ubuntu

root@ubuntu26:/home/vmware# ls /var/run/docker/netns
4532a922fbb7
root@ubuntu26:/home/vmware#

Hmmm..There is a new network namespace. Could it be the one that the recently created container is in ?

  • Let' s inspect the container that we just created

root@ubuntu26:/home/vmware# docker ps
CONTAINER ID        IMAGE                       COMMAND                  CREATED             STATUS              PORTS               NAMES
b908e1763937        dumlutimuralp/networktest   "/docker-entrypoint.…"   About an hour ago   Up About an hour    80/tcp, 443/tcp     test1
root@ubuntu26:/home/vmware#
root@ubuntu26:/home/vmware#
root@ubuntu26:/home/vmware# docker inspect b908e1763937
[
    {
        "Id": "b908e176393711f48e6e425526b2858e428711ce364ada295be9b769739ddfa2",
        "Created": "2019-06-18T12:39:59.599260556Z",
        "Path": "/docker-entrypoint.sh",
        "Args": [],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 6861,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2019-06-18T12:40:01.033430219Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
        "Image": "sha256:f06aa1d7d63a447137e7f8aa41945a707659afc5c531e639672e3477cb300499",
        "ResolvConfPath": "/var/lib/docker/containers/b908e176393711f48e6e425526b2858e428711ce364ada295be9b769739ddfa2/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/b908e176393711f48e6e425526b2858e428711ce364ada295be9b769739ddfa2/hostname",
        "HostsPath": "/var/lib/docker/containers/b908e176393711f48e6e425526b2858e428711ce364ada295be9b769739ddfa2/hosts",
        "LogPath": "/var/lib/docker/containers/b908e176393711f48e6e425526b2858e428711ce364ada295be9b769739ddfa2/b908e176393711f48e6e425526b2858e428711ce364ada295be9b769739ddfa2-json.log",
        "Name": "/test1",
       |
       |
       |
       Output Omitted
       |
       |
       |
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "4532a922fbb7ca920b42d7ce99c3b78d12cecfa4c53ff6b631f02b2722ac288b",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
                "443/tcp": null,
                "80/tcp": null
            },
            "SandboxKey": "/var/run/docker/netns/4532a922fbb7",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "1b12b1e5001cc0d33c9e6c2083599519b7c4c75d2364946f1d3fe25c4b7bca33",
            "Gateway": "172.17.0.1",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.2",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:11:00:02",
            "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "8dc12dd156a08710bd4f6bbb384de6e803d942854b28e84c35f89ee9db75497f",
                    "EndpointID": "1b12b1e5001cc0d33c9e6c2083599519b7c4c75d2364946f1d3fe25c4b7bca33",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:02",
                    "DriverOpts": null
                }
            }
        }
    }
]
root@ubuntu26:/home/vmware#

So based on the output above, the container has an IP address of "172.17.0.2" , its network namespace is created with an ID of "4532a922fbb7" .

  • Let' s check the IP interfaces in the container's network namespace. We can do this this from Ubuntu shell as shown below

root@ubuntu26:/home/vmware# nsenter --net=/var/run/docker/netns/4532a922fbb7 ip address show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
13: eth0@if14:  mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
root@ubuntu26:/home/vmware#

In the above output, #13 is the interface ID in the container itself, #14 is the interface ID on the other end; and that other end is Ubuntu host itself.

The connection between eth0 (Interface ID#13) in root network namespace (netnsid : 0) and vethaafb3cd (Interface ID#14) in container network namespace (netnsid :4532a922fbb7) is called "veth Pair".

A container gets connected to the root network namespace through a connection called "veth pair" and the container has its own network namespace.

  • Let' s check the IP route table in the container' s network namespace.

root@ubuntu26:/home/vmware# nsenter --net=/var/run/docker/netns/4532a922fbb7 ip route show
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2
  • There is another way to verify this, which is more or less brings the same output in the previous step, but directly from the container network namespace itself

root@ubuntu26:/home/vmware# docker exec -it b908e1763937 bash
bash-4.4# ip address show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
13: eth0@if14:  mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
bash-4.4#ip route show
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2

In the above command

"-t" is for connecting to the terminal inside that container "-i" stands for interactive, since we are using the shell for executing the commands in the container itself

  • Below is the current connectivity

  • Let' s inspect the default Docker network "bridge"

root@ubuntu26:/home/vmware# docker network inspect bridge
[
    {
        "Name": "bridge",
        "Id": "8dc12dd156a08710bd4f6bbb384de6e803d942854b28e84c35f89ee9db75497f",
        "Created": "2019-06-17T12:33:24.867585642-04:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "b908e176393711f48e6e425526b2858e428711ce364ada295be9b769739ddfa2": {
                "Name": "test1",
                "EndpointID": "1b12b1e5001cc0d33c9e6c2083599519b7c4c75d2364946f1d3fe25c4b7bca33",
                "MacAddress": "02:42:ac:11:00:02",
                "IPv4Address": "172.17.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]
root@ubuntu26:/home/vmware#

Notice that the "Containers" section in the output above is now populated with the "Test1" container' s information.

  • Let' s create another container from the same Docker image

root@ubuntu26:/home/vmware# docker run -d --name test2 dumlutimuralp/networktest
b194dcfda013843fa5752715cc188ab21af8dca3939210675145dbc55ce67f7e
root@ubuntu26:/home/vmware# docker ps
CONTAINER ID        IMAGE                       COMMAND                  CREATED             STATUS              PORTS               NAMES
b194dcfda013        dumlutimuralp/networktest   "/docker-entrypoint.…"   11 seconds ago      Up 8 seconds        80/tcp, 443/tcp     test2
b908e1763937        dumlutimuralp/networktest   "/docker-entrypoint.…"   10 minutes ago      Up 10 minutes       80/tcp, 443/tcp     test1
root@ubuntu26:/home/vmware#
  • Let' s check the network namespaces on Ubuntu

root@ubuntu26:/home/vmware# ls /var/run/docker/netns
68372b922ca7
4532a922fbb7
root@ubuntu26:/home/vmware#

Notice that there is a new network namespace created since we have created the second container.

  • Let' s inspect the Docker network "bridge" once again

root@ubuntu26:/home/vmware# docker network inspect bridge
[
    {
        "Name": "bridge",
        "Id": "8dc12dd156a08710bd4f6bbb384de6e803d942854b28e84c35f89ee9db75497f",
        "Created": "2019-06-17T12:33:24.867585642-04:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "b194dcfda013843fa5752715cc188ab21af8dca3939210675145dbc55ce67f7e": {
                "Name": "test2",
                "EndpointID": "9e682ad8687c1b15f149f0c0e14ed8f36b10022fe335d27b1b774f13daf1de0a",
                "MacAddress": "02:42:ac:11:00:03",
                "IPv4Address": "172.17.0.3/16",
                "IPv6Address": ""
            },
            "b908e176393711f48e6e425526b2858e428711ce364ada295be9b769739ddfa2": {
                "Name": "test1",
                "EndpointID": "1b12b1e5001cc0d33c9e6c2083599519b7c4c75d2364946f1d3fe25c4b7bca33",
                "MacAddress": "02:42:ac:11:00:02",
                "IPv4Address": "172.17.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]
root@ubuntu26:/home/vmware#

There are two entries in "Containers" section, shown above.

  • The current connectivity looks like below

  • Let' s check inter container connectivity (Test1 Container -> Test 2 Container ICMP traffic)

root@ubuntu26:/home/vmware# docker exec -it b908e1763937 bash
bash-4.4# ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data.
64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=4.63 ms
64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.076 ms
64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.088 ms
64 bytes from 172.17.0.3: icmp_seq=4 ttl=64 time=0.085 ms
64 bytes from 172.17.0.3: icmp_seq=5 ttl=64 time=0.072 ms
64 bytes from 172.17.0.3: icmp_seq=6 ttl=64 time=0.070 ms
^C
--- 172.17.0.3 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5000ms
rtt min/avg/max/mdev = 0.070/0.837/4.634/1.698 ms
bash-4.4#exit
root@ubuntu26:/home/vmware# 
  • Let' s delete the containers

root@ubuntu26:/home/vmware# docker ps
CONTAINER ID        IMAGE                       COMMAND                  CREATED             STATUS              PORTS               NAMES
b194dcfda013        dumlutimuralp/networktest   "/docker-entrypoint.…"   2 minutes ago       Up 82 minutes       80/tcp, 443/tcp     test2
b908e1763937        dumlutimuralp/networktest   "/docker-entrypoint.…"   20 minutes ago      Up 20 minutes       80/tcp, 443/tcp     test1
root@ubuntu26:/home/vmware#

root@ubuntu26:/home/vmware# docker rm b194dcfda013
Error response from daemon: You cannot remove a running container b194dcfda013843fa5752715cc188ab21af8dca3939210675145dbc55ce67f7e. Stop the container before attempting removal or force remove
root@ubuntu26:/home/vmware#

As you can see above you can not delete a container without stopping it.


root@ubuntu26:/home/vmware# docker stop b194dcfda013
docker stop b908e1763937b194dcfda013
root@ubuntu26:/home/vmware# docker stop b908e1763937
docker rm b194dcfda013b908e1763937
root@ubuntu26:/home/vmware# docker rm b194dcfda013
b194dcfda013
root@ubuntu26:/home/vmware# docker rm b908e1763937
b908e1763937
root@ubuntu26:/home/vmware# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
root@ubuntu26:/home/vmware#

Creating a Docker Bridge Network

Back to Table of Contents

  • Let' s create a new Docker network (using bridge driver)

root@ubuntu26:/home/vmware# docker network create -d bridge --subnet 10.0.0.1/24 testbridge
3ce4abd5217ddbdc682ebc3e59b364f900419308c902322ed422549546675502
root@ubuntu26:/home/vmware#

"-d" specifies the driver type for the network. command has created a new bridge named as "testbridge" with subnet 10.0.0.0/24. "docker network create --help" can be used to gather information about the command usage.

  • Let' s check the Docker network list again

root@ubuntu26:/home/vmware# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
8dc12dd156a0        bridge              bridge              local
f4238f561257        host                host                local
70c020e17c5e        none                null                local
3ce4abd5217d        testbridge          bridge              local
  • Let' s check the Linux bridge output

root@ubuntu26:/home/vmware# brctl show
bridge name     bridge id               STP enabled     interfaces
br-3ce4abd5217d 8000.0242b997f9f8       no
docker0         8000.0242ed408e96       no
root@ubuntu26:/home/vmware#

In the above output the new Linux bridge created as a result of this new Docker network is highlighted. Notice that the ID that comes after "br-" string is the NETWORK ID that is shown in the "docker network ls" output previously.

  • Let' s check the IP interfaces on Ubuntu

root@ubuntu26:/home/vmware# ip address show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens160:  mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:b4:47:61 brd ff:ff:ff:ff:ff:ff
    inet 10.190.16.120/24 brd 10.190.16.255 scope global ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:feb4:4761/64 scope link
       valid_lft forever preferred_lft forever
3: ens192:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 00:50:56:b4:9b:ec brd ff:ff:ff:ff:ff:ff
4: docker0:  mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:ed:40:8e:96 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:edff:fe40:8e96/64 scope link
       valid_lft forever preferred_lft forever
26: br-3ce4abd5217d:  mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:b9:97:f9:f8 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global br-3ce4abd5217d
       valid_lft forever preferred_lft forever
    inet6 fe80::42:b9ff:fe97:f9f8/64 scope link
       valid_lft forever preferred_lft forever
root@ubuntu26:/home/vmware#

As shown above the newly created "br-3ce4abd5217d" s state is down.

  • Let' s examine this new bridge network ("docker network inspect < Docker NETWORK NAME > / OR / < Docker NETWORK ID >)

root@ubuntu26:/home/vmware# docker network inspect testbridge
[
    {
        "Name": "testbridge",
        "Id": "3ce4abd5217ddbdc682ebc3e59b364f900419308c902322ed422549546675502",
        "Created": "2019-06-26T09:10:39.669511746-04:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "10.0.0.1/24"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]
root@ubuntu26:/home/vmware#
  • Let's create a container in this bridge network

root@ubuntu26:/home/vmware# docker run -d --name container1 --network testbridge dumlutimuralp/networktest
cb4caea106e3e7799a65fef53343f7747d11960c98ce947c73a0f20bd828cf40
root@ubuntu26:/home/vmware#
  • Let' s check the network namespace of the container

root@ubuntu26:/home/vmware# docker ps
CONTAINER ID        IMAGE                       COMMAND                  CREATED             STATUS              PORTS               NAMES
cb4caea106e3        dumlutimuralp/networktest   "/docker-entrypoint.…"   6 minutes ago       Up 6 minutes        80/tcp, 443/tcp     container1
root@ubuntu26:/home/vmware# docker inspect cb4caea106e3 | box
root@ubuntu26:/home/vmware# docker inspect cb4caea106e3 | grep Sandbox
            "SandboxID": "ed5636607092c584adbb7231032a1a4b438a160b2d7ae979d7d5160efc726a76",
            "SandboxKey": "/var/run/docker/netns/ed5636607092",
root@ubuntu26:/home/vmware#

Above you can see the network namespace created for this container.

As shown in the previous section, the network namespace list of the Ubuntu host can be queried as below, and it is expected to see that the network namespace ID in below output should match the one that is shown in the above output.


root@ubuntu26:/home/vmware# ls /var/run/docker/netns/
ed5636607092
root@ubuntu26:/home/vmware#
  • Let' s check the IP interfaces in the container

root@ubuntu26:/home/vmware# nsenter --net=/var/run/docker/netns/ed5636607092 ip address show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
33: eth0@if34:  mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:0a:00:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.0.0.2/24 brd 10.0.0.255 scope global eth0
       valid_lft forever preferred_lft forever
root@ubuntu26:/home/vmware#nsenter --net=/var/run/docker/netns/ed5636607092 ip route show
default via 10.0.0.1 dev eth0
10.0.0.0/24 dev eth0  proto kernel  scope link  src 10.0.0.2

As shown above container has an interface #33 (with notation of @if34 on the other end) and its IP is 10.0.0.2/24 and it is linked to network namespace "0" (link-netnsid 0) which is the root network namespace. So this is the veth Pair.

  • Let' s check the IP interfaces on Ubuntu host

root@ubuntu26:/home/vmware# ip address show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens160:  mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:b4:47:61 brd ff:ff:ff:ff:ff:ff
    inet 10.190.16.120/24 brd 10.190.16.255 scope global ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:feb4:4761/64 scope link
       valid_lft forever preferred_lft forever
3: ens192:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 00:50:56:b4:9b:ec brd ff:ff:ff:ff:ff:ff
4: docker0:  mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:ed:40:8e:96 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:edff:fe40:8e96/64 scope link
       valid_lft forever preferred_lft forever
26: br-3ce4abd5217d:  mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:b9:97:f9:f8 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global br-3ce4abd5217d
       valid_lft forever preferred_lft forever
    inet6 fe80::42:b9ff:fe97:f9f8/64 scope link
       valid_lft forever preferred_lft forever
34: veth52b0150@if33:  mtu 1500 qdisc noqueue master br-3ce4abd5217d state UP group default
    link/ether de:af:56:12:3c:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::dcaf:56ff:fe12:3c02/64 scope link
       valid_lft forever preferred_lft forever
root@ubuntu26:/home/vmware#

Couple of things. Notice that now that the other end of the Veth Pair is shown as interface #34 in the above output (veth52b0150).

The other thing is since there is a container connected to this recently created bridge network, the state of "br-3ce4abd5217d" has changed to "UP".

  • Current connectivity is as shown below

CLI CHEATSHEET

Back to Table of Contents

  • docker run : creates a new container from the referenced Docker image

  • docker run -d --name test1 dumlutimuralp/networktest (this would start the container in background)

  • docker exec -it < container id > bash (This would attach the terminal to the container that is running in the background. To execute commands in the container)

  • docker run -it --name test1du mlutimuralp/networktest /bin/bash (This command would start the container in the foreground and attach the terminal to the container right away. To properly exit, without killing the container, use ctrl + P + Q)

  • docker pull : copies images to docker host

  • docker images : lists images on the docker host

  • docker rmi : removes images from the docker host

  • docker ps : lists the running containers

  • docker ps -a : lists all the containers

  • docker stop : stops running container

  • docker start : starts an already stopped container

  • docker restart :restarts a running container

  • docker rm : removes stopped container

  • docker stop $(docker ps -aq) : stop all containers

  • docker rm $(docker ps -aq) : remove all containers

  • docker rmi $(docker images -q) : remove all Docker images

  • docker login : login to docker hub

  • docker tag : tag a docker image (ie . docker tag < image id > dumlutimuralp/networktest:v1)

  • docker push : push an image to docker repository (docker push dumlutimuralp/networktest:v1)

  • docker network create -d bridge --subnet 10.0.0.1/24 testbridge : creates a docker bridge with the respective ip subnet

  • docker run -d --name container1 --network testbridge dumlutimuralp/networktest : create a new container an attaches it to the respective docker bridge

  • ls /var/run/docker/netns : lists the existing network namespaces creates by docker