Docker Networking

Docker 1.9.0• New top-level UX & API : docker network

• Support for multiple micro-segmented networks

• Built-in multihost networking using VXLAN based overlay driver

• Support for third party network plugins

• Ability to dynamically connect containers to multiple networks

• Pluggable and user-defined IP address mgmt

• Integration with Docker Swarm

Docker 1.10.0• Service Discovery using embedded DNS

• IP stability using `--ip / --ipv6` option

• Network-scoped Alias support

• `—link` support in user-defined networks

• Network isolation using `--internal` option

• Multi-host networking in all supported kernels (3.10+)

• Integration with Docker Compose

Docker 1.11.0• Built-in load-balancing using DNS-RR

• Service Discovery for IPv6 (AAAA Records)

• Experimental Macvlan & IPVlan drivers

Docker Networking use-cases

Use-case1 Default Bridge Network

(docker0)

eth0 eth0 eth0

docker0 docker0 docker0

C1eth0 eth0

C2eth0C3 C1

eth0 eth0C2

eth0C3 C1

eth0 eth0C2

eth0C3

ToR switch / Hypervisor switch / …

iptables : NAT / port-mapping

iptables : NAT / port-mapping

iptables : NAT / port-mapping

Use-case2

User-Defined Bridge Network

Host1 : $ docker network create -d bridge -o com.docker.network.bridge.name=brnet brnet $ docker run --net=brnet -it busybox ifconfig

eth0

brnet 172.18.0.1

ToR switch / Hypervisor switch / …

eth0C1

Host1

eth0C2

eth0C3

iptables : NAT / port-mapping

eth0

brnet 172.18.0.1

eth0C4

Host2

eth0C5

eth0C6

iptables : NAT / port-mapping

eth0

brnet 172.18.0.1

eth0C7

Host3

eth0C8

eth0C9

iptables : NAT / port-mapping

Host2 : $ docker network create -d bridge -o com.docker.network.bridge.name=brnet brnet $ docker run --net=brnet -it busybox ifconfig

Host3 : $ docker network create -d bridge -o com.docker.network.bridge.name=brnet brnet $ docker run --net=brnet -it busybox ifconfig

Use-case 3

Docker Overlay Network

eth0

C1eth1 eth1

C2eth1C3

ToR switch / Hypervisor switch / …

docker0docker_gw

eth0

C1eth1 eth1

C2eth1C3

docker0docker_gw

eth0

C1eth1 eth1

C2eth1C3

docker0docker_gw

ov-net1 ov-net1 ov-net1VXLAN-VNI 100 VXLAN-VNI 100

eth0 eth0 eth0 eth0 eth0 eth0 eth0 eth0 eth0

VXLAN-VNI 100

iptables : NAT / port-mapping

iptables : NAT / port-mapping

iptables : NAT / port-mapping

Use-case 4

Plumbed to underlay vlan with built-in IPAM

Experimental vlan drivers (macvlan & ipvlan) https://github.com/docker/docker/blob/master/experimental/vlan-networks.md

# vlan 10 (eth0.10)$ docker network create -d macvlan —subnet=10.1.10.0/24 —gateway=10.1.10.1 -o parent=eth0.10 mcvlan10

$ docker run --net=mcvlan10 -it --rm alpine /bin/sh

# vlan 20 (eth0.20)$ docker network create -d macvlan —subnet=10.1.20.0/24 —gateway=10.1.20.1 -o parent=eth0.20 mcvlan20

$ docker run --net=mcvlan20 -it --rm alpine /bin/sh

# vlan 30 (eth0.30)$ docker network create -d macvlan —subnet=10.1.30.0/24 —gateway=10.1.30.1 -o parent=eth0.30 mcvlan30

$ docker run --net=mcvlan30 -it --rm alpine /bin/sh

User Guide https://docs.docker.com/engine/userguide/networking/dockernetworks/

Docker overlay networking https://docs.docker.com/engine/userguide/networking/get-started-overlay

http://container42.com/2015/10/30/docker-networking-reborn/

Experimental docker vlan drivers : https://github.com/docker/docker/blob/master/experimental/vlan-

networks.md

Resources