Bridge for isolated network
Public network with macvlan
Containers in multiple networks on one host
Connect from host machine to Docker container

Bridge network

Features:

create a user-defined network
the network isolates the containers from external networks
The containers you launch into this network must reside on the '''same''' Docker host
Each container in the network can immediately communicate with other containers in the network
access another container by hostname

https://docs.docker.com/engine/userguide/networking/
create network

docker network create --driver bridge --subnet=77.0.0.0/16 my_bridge

container

docker  run -d --net=my_bridge --ip=77.0.0.11 --name temp1 phusion/baseimage:0.9.18 /sbin/my_init

access container from another container:

ping __container_hostname__

Public network with macvlan

Features:

assign a static IP to container. Each container will have a separate IP
container can access Internet (public network)
containers can reside on different hosts and access each other

Bad things:

Host cannot connect container

Solution

assume that
- host network is 10.1.0.0/16 and gateway (route) = 10.1.0.1
- host interface is 'eth0'
we will create two containers with IPs 10.1.0.51, 10.1.0.52, or any IP in the same network
create network with docker

docker network create -d macvlan --subnet=10.1.0.0/16  --gateway=10.1.0.1  -o parent=eth0 pub_net

check network

docker network ls

# see network 'pub_net'

run container1 with IP 10.1.0.51

docker  run --net=pub_net --ip=10.1.0.51 -d --name test1 alpine /bin/sh

run container2

docker  run --net=pub_net --ip=10.1.0.52 -d --name test2 alpine /bin/sh

check network works between two containers

connect to container1 and ping container2:

docker exec -ti test1 bash

ping 10.1.0.52

check connect to Internet:

docker exec -ti test1 bash

ping 8.8.8.8

it should work.

Containers in multiple networks on one host

We want to have our containers in multiple networks:

public network - to access from outside the world
private network - for connecting containers to each other

Public network is a docker macvlan network. Private network is a docker bridge network.

In our example:

public network 10.1.0.0/16 with gateway 10.1.0.1.
we will create subnet 10.1.12.0/24 in public network.
we will create private network 77.0.0.0/16.
public network

docker network create -d macvlan --subnet=10.1.0.0/16  --gateway=10.1.0.1 --ip-range=10.1.12.0/24 -o parent=eth0 pub_net

private network - bridge

docker network create --driver bridge --subnet=77.0.0.0/16 --gateway=77.0.0.1  my_bridge

container

first create with bridge, then public

docker  create --cap-add=NET_ADMIN --ip=77.0.0.11 --net=my_bridge   --name temp1 phusion/baseimage:0.9.18 /sbin/my_init
docker network connect --ip 10.1.12.11  pub_net temp1
docker start temp1

fix routes:

docker exec temp1 ip route change default via 10.1.0.1 dev eth1

check

# from container
docker exec -ti temp1

ip route 

should be:
default via 10.1.0.1 dev eth1 
10.1.0.0/16 dev eth1  proto kernel  scope link  src 10.1.12.11 
77.0.0.0/16 dev eth0  proto kernel  scope link  src 77.0.0.11

create another container
publish ports
check
each container can access each other in network 77.0.0.0/16

Connect from host machine to Docker container

When docker container has IP in macvlan network you cannot connect from host machine.

to fix this we will

add virtual ip interface over eth0 interface of the host machine
fix routing

sudo ip link add link eth0 dev eth0m type macvlan mode bridge
sudo ip link set eth0m up
sudo ip route add __IP_OF_DOCKER_CONTAINER__ dev eth0m

maxivak/docker_network.md

Contents

Bridge network

Public network with macvlan

Solution

Containers in multiple networks on one host

Connect from host machine to Docker container

Valeriyy commented Dec 21, 2017

mathsigit commented Dec 26, 2017

Valeriyy commented Jan 9, 2018

orozcohsu commented Jun 21, 2018