Bridge Networking
bridge or NAT on Windows
aka docker0
But each Bridge is isolated (i.e. an island – they can’t talk to another bridge network) unless we map ports to the host. This is where overlay networking comes in.
Note, out of the box you get a bridge network called bridge. And inspecting it with docker network inspect bridge you can see something like:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
[ { "Name": "bridge", "Id": "79f84aa40524806cc23b566401df397dc4472f7f4a9101b61b336a739fa24b2e", "Created": "2018-09-21T08:32:25.177055934Z", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} } ] |
Note how "Containers": {}, – i.e. no containers.
So, if we ran a container (e.g. docker container run --rm -d alpine sleep 1d) we’d see it on the bridge network.
Overlay Networking
This is a single Level 2 network (Level 2 => MAC addresses; Level 3 => IP addresses) which works on different networks.
docker network create
Control plane encrypted out of the box.
Note:
docker network create -d
-d => –driver
E.g. docker network create -d overlay overnet
MACVLAN
Lets you have an IP / Mac address on the network. But must allow promiscuous mode – which is disabled in cloud.
Example of an overlay network
Assuming we’ve got a swarm set up:
- create a service
docker service create -d --name pinger --replicas 2 --network overnet alpine sleep 1d