Bridge Networking
bridge or NAT on Windows
aka docker0
But each Bridge is isolated (i.e. an island – they can’t talk to another bridge network) unless we map ports to the host. This is where overlay networking comes in.
Note, out of the box you get a bridge network called bridge. And inspecting it with docker network inspect bridge you can see something like:
[
{
"Name": "bridge",
"Id": "79f84aa40524806cc23b566401df397dc4472f7f4a9101b61b336a739fa24b2e",
"Created": "2018-09-21T08:32:25.177055934Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
Note how "Containers": {}, – i.e. no containers.
So, if we ran a container (e.g. `docker container run –rm -d alpine sleep 1d`) we’d see it on the bridge network.
Overlay Networking
This is a single Level 2 network (Level 2 => MAC addresses; Level 3 => IP addresses) which works on different networks.
docker network create
Control plane encrypted out of the box.
Note:
docker network create -d
-d => –driver
E.g. docker network create -d overlay overnet
MACVLAN
Lets you have an IP / Mac address on the network. But must allow promiscuous mode – which is disabled in cloud.
Example of an overlay network
Assuming we’ve got a swarm set up:
- create a service
docker service create -d --name pinger --replicas 2 --network overnet alpine sleep 1d