Join our Discord Server
Docker Network Security

Step 2 – List Networks

Estimated reading: 2 minutes 69 views

 

In this step you will list the networks visible on node1 (manager node) and node3 (worker node) in your lab. The networks you created in the previous step will be visible on node1 but not node3. This is because Docker takes a lazy approach when propagating networks to worker nodes – a worker node only gets to know about a network if it runs a container or service task that specifically requires that network. This reduces network control plane chatter which assists with scalability and security.

NOTE: All manager nodes know about all networks.

  1. Run the docker network ls command on node1

    node1$ docker network ls
    NETWORK ID          NAME                DRIVER              SCOPE
    70bd606f9f81        bridge              bridge              local
    475a3b8f04de        docker_gwbridge     bridge              local
    f94f673bfe7e        host                host                local
    3ecc06xxyb7d        ingress             overlay             swarm
    xt3jwgsq20ob        net1                overlay             swarm
    uaaw8ljwidoc        net2                overlay             swarm
    b535831c780f        none                null                local
    

    Notice that net1 and net2 are both present in the list. This is expected behavior because you created these networks on node1 and it is also a manager nodeWorker nodes in the Swarm should not be able to see these networks yet.

  2. Run the docker network ls command on node3 (worker node)

    node3$ docker network ls
    NETWORK ID          NAME                DRIVER              SCOPE
    abe97d2963b3        bridge              bridge              local
    42295053cd72        docker_gwbridge     bridge              local
    ad4f60192aa0        host                host                local
    3ecc06xxyb7d        ingress             overlay             swarm
    1a85d1a0721f        none                null                local
    

    The net1 and net2 networks are not visible on this worker node. This is expected behavior because the node is not running a service task that is on that network. This proves that Docker does not extend newly created networks to all worker nodes in a Swarm – it delays this action until a node has a specific requirement to know about that network. This improves scalability and security.

Share this Doc

Step 2 – List Networks

Or copy link

CONTENTS
Join our Discord Server