Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Introduction to Docker Networking

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Introduction to Docker Networking


๐Ÿ’ก Newskategorie: Programmierung
๐Ÿ”— Quelle: dev.to


refine repo

Author: Muhammad Khabbab

Brief overview of what Docker networking is and its significance

In the world of Docker, deploying a container is not simple; properly configuring a container architecture requires strong networking capabilities. A web application with a cluster of databases, applications, and load balancers spanning numerous containers that need to communicate with one another would have a different network architecture than one designed to run on a single Docker container.

The web application container will also need to be accessed by clients from the outside world. To facilitate this, Docker allows communication between Docker containers on the same or different machines and with external resources through the virtual Docker network. You can create complex, scalable, and secure systems using containers by employing multiple network drivers to meet your needs, whether you want to isolate your containers, connect them across hosts, or integrate them with existing networks.

Docker's Default Networks

Three network drivers/interfaces with different use cases are automatically created for you when you install Docker:

Bridge (docker0)

A container connects to this network when it starts running without specifying a network. Containers connected to the bridge network are given an internal IP address to communicate with each other.

Host

A container shares the networking namespace of the host when using the host network mode. As a result, the host's IP address and port will be used by the container to isolate and execute the process directly on the host.

None

As the name indicates, this mode disables the networking stack of the container. The host, other containers, and external systems are all inaccessible to containers running without network. It becomes useful when you do not require any network connectivity or complete isolation.

To view all networks, including the default ones, you can use the command:

docker network ls 

The above command will return the following output:


docker networking

Bridge Networking

Bridge networking is Docker's default mode. When a container is built without specifying a network driver, it's automatically attached to the bridge network, known for its ease of creation, management, and troubleshooting.
Each container on this network receives a unique IP address, typically from a default range set by Docker. These containers can communicate with one another using their private IP addresses. Although bridged to the host system, allowing them to communicate with the LAN and internet, they aren't visible as physical devices on the LAN. External communication is routed via Network Address Translation (NAT) on the host.
To make containers externally accessible, port mapping is Important. For example, a container running a web service on port 80, situated within the bridge network's private subnet, requires a mapping from a host system port (e.g., 8000) to the container's port 80. This enables external traffic to access the service.

You can specify a container to create in a bridge network by executing the following command:

docker run --network=bridge [IMAGE_NAME]

The above command will return the following output:


docker networking

Now, if you want to see which containers are in the bridge network and the details related to them, you can run the following command:

docker network inspect bridge 

The above command will return the following output:


docker networking

Host Networking

In Host Networking, the host drivers utilize the networking capabilities of the host machine. This mode removes the network isolation between the host computer (on which Docker is running) and the container. With Host Networking, Network Address Translation (NAT) is not required, and this simplifies the management of multiple ports simultaneously.

Let's suppose there is a scenario where port 8000 is published by a container using the host network; that port will also be published on the host system. As a result, the application running in a container that uses host networking and binds to port 80 is accessible via port 80 of the host's IP address.
When running the container, we can use the --network flag with the value set to host in order to create a Docker container that uses the host network mode.

docker run --network=host -d [Image_Name]

Here's how we can create an Nginx container using host networking:

docker run --network=host -d nginx 

The above command will show the following output:


docker networking

Overlay Networking

For multi-host network communication, like with Docker Swarm, the Overlay network can be utilized because it is a distributed network layer that makes it easier for nodes and services to communicate with one another. Overlay networking enables connected containers to communicate throughout the swarm securely and efficiently. Swarm services or standalone containers may utilize overlay networks built and controlled by the swarm manager.

You can either initialize your Docker daemon as a swarm manager using docker swarm init or join it to an existing swarm using docker swarm join to build an overlay network for use with swarm services.
Let's suppose we want to create/setup a custom overlay; for that purpose, we can use the following command:

docker network create -d overlay [NETWORK_NAME]

The output shows that by running the command above, we have created an overlay network with the name 'my_network':


docker networking

You can connect Docker services to the overlay network once it has been set up, enabling service-to-service communication among multiple Swarm nodes.
You can use the command below with the 'โ€”network' option to build a service and attach it to the overlay network:

docker service create --network=[NETWORK_NAME] [SERVICE_OPTIONS] [IMAGE_NAME]

Let's say that we want to attach the 'nginx' service to 'my_network'. In order to achieve that purpose, we can replace [NETWORK_NAME] with 'my_network' and [IMAGE_NAME] with 'nginx' in the command above. We can also add [SERVICE_OPTIONS] like 'โ€”name' or '-p' to assign the name or port to the service while attaching it to the network.

docker service create --name nginx-service --network my_network -p 80:80 nginx

The below output shows that the 'nginx' service has been attached to 'my_network':


docker networking

When we inspect the service 'nginx-service', it will show the information about the networks that are attached to this service. This will verify that we have successfully attached our service to the overlay network. Please see the output below:


docker networking

Macvlan Networking

The Macvlan network driver in Docker fills the gap between traditional network structures and container networking.
Each container on the Macvlan network is given a unique MAC address, which makes it seem like an actual device on your network, much like a traditional virtual machine. The traffic is subsequently directed to containers based on their MAC addresses by the Docker daemon. Additionally, you will be able to assign an IP address from the same subnet as the Docker host.

We can create a Macvlan Network by using the following command:

docker network create -d macvlan [options] [name_of_network]

Let's say we want to define a subnet, gateway, and parent interface to set up a new Macvlan network called 'demo-macvlan'.In order to achieve our objective, we can utilize the command given below:

docker network create -d macvlan --subnet=192.168.0.0/24 --gateway=192.168.0.1 -o parent=eth0 demo-macvlan

The output below demonstrates that the new 'demo-macvlan' network is set up with the subnet '192.168.0.0/24' gateway '192.168.0.1' and parent interface 'eth0'. Specifying 'eth0' as the parent interface indicates that the Macvlan network will use the physical network interface eth0 of the Docker host to connect to the external network:


docker networking

Custom Bridge Networks

You can build isolated, safe networks for containers with the help of custom bridge networks. It will allow you to determine DNS resolution across containers by name or alias while at the same time giving you control of networking configurations such as subnets, gateway and IP addresses.
You can make use of the docker network create command with the option '-d' when you want to set up your custom bridge network. The name of the network also needs to be specified.

Suppose if we want to set up a custom bridge network with the name 'my-custom-network', we can run the command below:

docker network create -d bridge my-custom-network 

The above command will return the following output:


docker networking

We can use the 'โ€”network' option of a docker run command to connect containers to this custom network. For example, we can run the command below if we want to start an 'nginx' container and connect it to 'my-custom-network', i.e., a custom bridge network that we created above:

docker run --network=my-custom-network nginx 

The above command will return the following output:

docker networking

Networking Tools and Commands

The Docker system offers a number of networking tools and commands that facilitate container network management, inspection or troubleshooting.
The docker network inspect is a very useful command, which shows detailed information about the specified network, including connection containers, IP addresses and network settings.
For example, you can use the following command to see all information related to the 'my-network':

docker network inspect my-network 

Using 'docker network connect' or 'docker network disconnect', you can connect and disconnect existing containers from a network. Also, if you want to test the connectivity between two hosts, you can use 'ping' to send packets between them and measure response time. For example, if you want to test the container's ability to access the external site, you can run the command 'ping google.com' inside the container shell.

Conclusion and Best Practices

To ensure efficient communication of containers and their integration with wider infrastructure, Docker networking plays an essential role. The system's flexibility enables it to be configured according to specific needs.
The following should be taken into consideration when selecting a network type:

  • In the Single Host Setups, you can build custom bridge networks to improve network isolation.
  • Overlaying networks are necessary to manage multiple nodes in an orchestration with Docker Swarm.
  • Macvlan is appropriate for when containers must physically appear on a network.
  • The best performance is offered by the host network, but it sacrifices isolation.
...



๐Ÿ“Œ Introduction to Docker Networking


๐Ÿ“ˆ 31.53 Punkte

๐Ÿ“Œ Docker users unhappy with latest forced login to download Docker and Docker Store images


๐Ÿ“ˆ 27.77 Punkte

๐Ÿ“Œ Mehrere Probleme in containerd, docker-runc, go1.11, go1.12, golang-github-docker-libnetwork, go und docker (SUSE)


๐Ÿ“ˆ 27.77 Punkte

๐Ÿ“Œ Security: Mehrere Probleme in containerd, docker-runc, go1.11, go1.12, golang-github-docker-libnetwork, go und docker (SUSE)


๐Ÿ“ˆ 27.77 Punkte

๐Ÿ“Œ Mehrere Probleme in containerd, docker-runc, golang-github-docker-libnetwork und docker (SUSE)


๐Ÿ“ˆ 27.77 Punkte

๐Ÿ“Œ Mangelnde Rechteprรผfung in containerd, docker-runc, golang-github-docker-libnetwork und docker (SUSE)


๐Ÿ“ˆ 27.77 Punkte

๐Ÿ“Œ Docker Stack Tutorial | Docker Stack Deploy Docker-Compose.yml


๐Ÿ“ˆ 27.77 Punkte

๐Ÿ“Œ Preisgabe von Informationen in containerd, docker-runc, golang-github-docker-libnetwork und docker (SUSE)


๐Ÿ“ˆ 27.77 Punkte

๐Ÿ“Œ Preisgabe von Informationen in containerd, docker-runc, golang-github-docker-libnetwork und docker (SUSE)


๐Ÿ“ˆ 27.77 Punkte

๐Ÿ“Œ Denial of Service in containerd, docker-runc, golang-github-docker-libnetwork und docker (SUSE)


๐Ÿ“ˆ 27.77 Punkte

๐Ÿ“Œ Preisgabe von Informationen in containerd, docker-runc, golang-github-docker-libnetwork und docker (SUSE)


๐Ÿ“ˆ 27.77 Punkte

๐Ÿ“Œ Ausfรผhren von Code mit hรถheren Privilegien in docker-runc, golang-github-docker-libnetwork, docker und containerd (SUSE)


๐Ÿ“ˆ 27.77 Punkte

๐Ÿ“Œ Mehrere Probleme in docker-runc, golang-github-docker-libnetwork, docker und containerd (SUSE)


๐Ÿ“ˆ 27.77 Punkte

๐Ÿ“Œ Security: Mehrere Probleme in docker-runc, golang-github-docker-libnetwork, docker und containerd (SUSE)


๐Ÿ“ˆ 27.77 Punkte

๐Ÿ“Œ Review: UniFi from Ubiquiti Networking is the ultimate prosumer home networking solution


๐Ÿ“ˆ 22.6 Punkte

๐Ÿ“Œ best way to learn linux in general and for networking. Im new and want to get a job in networking, i keep hearing redhat is good?


๐Ÿ“ˆ 22.6 Punkte

๐Ÿ“Œ Hacking: Networking and Security (2 Books in 1: Hacking with Kali Linux & Networking for Beginners)


๐Ÿ“ˆ 22.6 Punkte

๐Ÿ“Œ Software for Open Networking in the Cloud (SONiC): Neuer Stern am Enterprise-Networking-Himmel?


๐Ÿ“ˆ 22.6 Punkte

๐Ÿ“Œ TP-Linkโ€™s latest networking offerings provide an easy to manage and secure home networking experience


๐Ÿ“ˆ 22.6 Punkte

๐Ÿ“Œ Basic Networking Part 5 -- What is Computer Networking?


๐Ÿ“ˆ 22.6 Punkte

๐Ÿ“Œ Introduction to Linux interfaces for virtual networking


๐Ÿ“ˆ 22.27 Punkte

๐Ÿ“Œ Introduction to Networking | Network Basics for Beginners - Firewalls


๐Ÿ“ˆ 22.27 Punkte

๐Ÿ“Œ Introduction to Computer Networking


๐Ÿ“ˆ 22.27 Punkte

๐Ÿ“Œ Introduction to format string vulnerabilities - Introduction to Binary Exploitation - Hack The Box Leet Test


๐Ÿ“ˆ 21.95 Punkte

๐Ÿ“Œ Docker 1.12.2 App Container Engine Brings Swarm Mode and Networking Improvements


๐Ÿ“ˆ 20.55 Punkte

๐Ÿ“Œ Docker 1.12.2 App Container Engine Brings Swarm Mode and Networking Improvements


๐Ÿ“ˆ 20.55 Punkte

๐Ÿ“Œ Comment: Latest Docker Container Attack Highlights Remote Networking Flaws


๐Ÿ“ˆ 20.55 Punkte

๐Ÿ“Œ How tf does Docker Networking even work?!๐Ÿ˜ตโ€๐Ÿ’ซ


๐Ÿ“ˆ 20.55 Punkte

๐Ÿ“Œ Configure Docker networking on Linux


๐Ÿ“ˆ 20.55 Punkte

๐Ÿ“Œ A Comprehensive Guide: Installing Docker, Running Containers, Managing Storage, and Setting up Networking


๐Ÿ“ˆ 20.55 Punkte

๐Ÿ“Œ Mastering Docker Networking Drivers: Optimizing Container Communication


๐Ÿ“ˆ 20.55 Punkte

๐Ÿ“Œ Introduction to Docker using Raspberry Pi 4


๐Ÿ“ˆ 20.23 Punkte

๐Ÿ“Œ Introduction to Docker for CTFs


๐Ÿ“ˆ 20.23 Punkte

๐Ÿ“Œ Introduction to Elastic Beanstalk with Django, RDS, Docker and Nginx


๐Ÿ“ˆ 20.23 Punkte

๐Ÿ“Œ Dockerize Your App: An Introduction to Docker


๐Ÿ“ˆ 20.23 Punkte











matomo