Docker 1.9 new networking is Software Defined Networking (SDN) for containers. Pushing the experimental version to the public was a right thing Docker Inc. did few months back and now when it is production ready, it is surely going to make Docker, an Enterprise Ready product.With SDN ,developers can breathe a flexibility to network their apps as you want without having to wait on the network operations team.
Docker 1.9 brings totally a new way of getting started with Networking straight away by using the new docker network command.In Docker 1.9, Networking is ready to use in production and works with Swarm and Compose. Networking is a feature of Docker Engine that allows you to create virtual networks and attach containers to them so you can create the network topology that is right for your application. The networked containers can even span multiple hosts, so you don’t have to worry about what host your container lands on. They seamlessly communicate with each other wherever they are – thus enabling true distributed applications.
Docker networking allows connectivity for containers to each other across different physical or virtual hosts. An Interesting stuff is containers using Networking can be easily stopped, started and restarted without disrupting the connections to other containers – You don’t need to create a container before you can link to it. With Networking containers be created in any order and discover each other using their container names.
Libnetwork implements Container Network Model (CNM) which offers networking for containers while providing an abstraction that can be used to support multiple network drivers. It lies on 3 major components:
Sandbox
A Sandbox contains the configuration of a container’s network stack. This includes management of the container’s interfaces, routing table and DNS settings. An implementation of a Sandbox could be a Linux Network Namespace, a FreeBSD Jail or other similar concept. A Sandbox may contain many endpoints from multiple networks.
Endpoint
An Endpoint joins a Sandbox to a Network. An implementation of an Endpoint could be a veth pair, an Open vSwitch internal port or similar. An Endpoint can belong to only one network but may only belong to one Sandbox.
Network
A Network is a group of Endpoints that are able to communicate with each-other directly. An implementation of a Network could be a Linux bridge, a VLAN, etc. Networks consist of many endpoints.
I spent couple of hours understanding how Docker network actually works.
Let me share my findings with you all:
Installing Docker 1.9 on Ubuntu 14.04.3
Below script will help you setup Docker 1.9 on Ubuntu 14.04.3 on the fly:
root@dell-virtual-machine:~# less script
# Check that HTTPS transport is available to APT
if [ ! -e /usr/lib/apt/methods/https ]; then
apt-get update
apt-get install -y apt-transport-https
fi
# Add the repository to your APT sources
echo deb https://get.docker.com/ubuntu docker main > /etc/apt/sources.list.d/docker.list
# Then import the repository key
apt-key adv –keyserver hkp://p80.pool.sks-keyservers.net:80 –recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
# Install docker
apt-get update
apt-get install -y lxc-docker
#
# Alternatively, just use the curl-able install.sh script provided at https://get.docker.com
#
Executing the script will help you with Docker 1.9. I could see lxc-docker getting installing removing docker.io package. Good going ..
The following extra packages will be installed:
lxc-docker-1.9.0
The following packages will be REMOVED:
docker.io
The following NEW packages will be installed:
lxc-docker lxc-docker-1.9.0
0 upgraded, 2 newly installed, 1 to remove and 181 not upgraded.
Need to get 8,487 kB of archives.
After this operation, 1,236 kB of additional disk space will be used.
Get:1 https://get.docker.com/ubuntu/ docker/main lxc-docker amd64 1.9.0 [2,092 B]
Fetched 8,487 kB in 40s (211 kB/s)
(Reading database … 209652 files and directories currently installed.)
Removing docker.io (1.6.2~dfsg1-1ubuntu4~14.04.1) …
docker stop/waiting
Processing triggers for man-db (2.6.7.1-1ubuntu1) …
Selecting previously unselected package lxc-docker-1.9.0.
(Reading database … 209562 files and directories currently installed.)
Preparing to unpack …/lxc-docker-1.9.0_1.9.0_amd64.deb …
Unpacking lxc-docker-1.9.0 (1.9.0) …
Selecting previously unselected package lxc-docker.
Preparing to unpack …/lxc-docker_1.9.0_amd64.deb …
Unpacking lxc-docker (1.9.0) …
Processing triggers for man-db (2.6.7.1-1ubuntu1) …
Processing triggers for ureadahead (0.100.0-16) …
Setting up lxc-docker-1.9.0 (1.9.0) …
Installing new version of config file /etc/init.d/docker …
Installing new version of config file /etc/init/docker.conf …
docker start/running, process 1838
Processing triggers for ureadahead (0.100.0-16) …
Setting up lxc-docker (1.9.0) …
root@dell-virtual-machine:~#
Running Docker daemon
root@dell-virtual-machine:~# docker daemon -H unix:///var/run/docker.sock INFO[0000] API listen on /var/run/docker.sock
INFO[0000] [graphdriver] using prior storage driver “aufs”
INFO[0000] Firewalld running: true
INFO[0000] Default bridge (docker0) is assigned with an IP address 172.17.42.1/16. Daemon option –bip can be used to set a preferred IP address
WARN[0000] Your kernel does not support swap memory limit.
INFO[0000] Loading containers: start.
………………………………………………………………………………………………………………………………….
INFO[0000] Loading containers: done.
INFO[0000] Daemon has completed initialization
INFO[0000] Docker daemon commit=76d6bc9 execdriver=native-0.2 graphdriver=aufs version=1.9.0
Switch to new terminal in case you are keen on seeing what goes behind the hood.
Hurray!! a new Docker 1.9 is right there on your Ubuntu box.
root@dell-virtual-machine:/home/dell# docker version
Client:
Version: 1.9.0
API version: 1.21
Go version: go1.4.3
Git commit: 76d6bc9
Built: Tue Nov 3 19:20:09 UTC 2015
OS/Arch: linux/amd64
Server:
Version: 1.9.0
API version: 1.21
Go version: go1.4.3
Git commit: 76d6bc9
Built: Tue Nov 3 19:20:09 UTC 2015
OS/Arch: linux/amd64
root@dell-virtual-machine:/home/dell#
I am keen on looking what new commands has arrived right there:
root@dell-virtual-machine:/home/dell# docker
Usage: docker [OPTIONS] COMMAND [arg…]
docker daemon [ –help | … ]
docker [ –help | -v | –version ]
A self-sufficient runtime for containers.
Options:
–config=~/.docker Location of client config files
-D, –debug=false Enable debug mode
–disable-legacy-registry=false Do not contact legacy registries
-H, –host=[] Daemon socket(s) to connect to
-h, –help=false Print usage
-l, –log-level=info Set the logging level
–tls=false Use TLS; implied by –tlsverify
–tlscacert=~/.docker/ca.pem Trust certs signed only by this CA
–tlscert=~/.docker/cert.pem Path to TLS certificate file
–tlskey=~/.docker/key.pem Path to TLS key file
–tlsverify=false Use TLS and verify the remote
-v, –version=false Print version information and quit
Commands:
attach Attach to a running container
build Build an image from a Dockerfile
commit Create a new image from a container’s changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes on a container’s filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container’s filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on a container or image
kill Kill a running container
load Load an image from a tar archive or STDIN
login Register or log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
network Manage Docker networks
pause Pause all processes within a container
port List port mappings or a specific mapping for the CONTAINER
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart a container
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save an image(s) to a tar archive
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop a running container
tag Tag an image into a repository
top Display the running processes of a container
unpause Unpause all processes within a container
version Show the Docker version information
volume Manage Docker volumes
wait Block until a container stops, then print its exit code
Run ‘docker COMMAND –help’ for more information on a command.
root@dell-virtual-machine:/home/dell#
Docker 1.9.0 Client Binary
Docker Machine 0.5.0
Docker Compose 0.5.0
Docker Toolbox 1.9.0
Docker Swarm 1.0.0
Wow…swarm, toolbox, compose, machine all with a new version. Awesome !!
Let’s start playing around Docker network command. I am going to pull nginx first.
root@dell-virtual-machine:~# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
d0ca40da9e35: Pull complete
d1f66aef36c9: Pull complete
192997133528: Pull complete
c4b09a941684: Pull complete
4174aa7c7be8: Pull complete
0620b22b5443: Pull complete
87c3b9f58480: Pull complete
7d984375a5e7: Pull complete
e491c4f10eb2: Pull complete
edeba58b4ca7: Pull complete
a96311efcda8: Pull complete
914c82c5a678: Pull complete
Digest: sha256:b24651e86659a5d1e4103f8c1ea49567335528281c1678697783ae7569114e1e
Status: Downloaded newer image for nginx:latest
root@dell-virtual-machine:~#
Let’s see what Docker network has to say:
root@dell-virtual-machine:~# docker network ls
NETWORK ID NAME DRIVER
69b253ef50d1 bridge bridge
a743bde2e8b9 web bridge
c03582079d99 none null
9a7a4791e2ec host host
root@dell-virtual-machine:~#
Cool…
Its time to start nginx on the new network of my interest. I will name it “web”.(sounds good Huh !!!)
root@dell-virtual-machine:~# docker run -itd –net=web –name web nginx
2012c42e577b0f0eb4da7cbe7955bd5137021a6851770578a791e4f32c2f677f
root@dell-virtual-machine:~#
Let me check the docker network again.
root@dell-virtual-machine:~# docker network ls
NETWORK ID NAME DRIVER
69b253ef50d1 bridge bridge
a743bde2e8b9 web bridge
c03582079d99 none null
9a7a4791e2ec host host
root@dell-virtual-machine:~#
Fair enough. I can see it listed here.
Let’s play around it again. This time let me name it as “newapp”.
root@dell-virtual-machine:~# docker run -itd –net=newapp –net=myapp nginx
23722f062a29e735d027c324968e732124215e028d72d416f601807c5e28d448
root@dell-virtual-machine:~#
Let’s check it again.
root@dell-virtual-machine:~# docker network ls
NETWORK ID NAME DRIVER
69b253ef50d1 bridge bridge
a743bde2e8b9 web bridge
c03582079d99 none null
9a7a4791e2ec host host
8fdc0ce3c468 myapp bridge
root@dell-virtual-machine:~#
Yipee.. there goes my “myapp” listed.
let us connect my web container to myapp network as shown:
root@dell-virtual-machine:~# docker network connect myapp web
root@dell-virtual-machine:~# docker network ls
NETWORK ID NAME DRIVER
c03582079d99 none null
9a7a4791e2ec host host
8fdc0ce3c468 myapp bridge
69b253ef50d1 bridge bridge
a743bde2e8b9 web bridge
root@dell-virtual-machine:~#
Good. Let us try to see if inspect works for network command too.
root@dell-virtual-machine:~# docker network inspect myapp
[
{
“Name”: “myapp”,
“Id”: “8fdc0ce3c468e8fccd513acc63171e168a823f80d61aca3529605961c5b96aab”,
“Scope”: “local”,
“Driver”: “bridge”,
“IPAM”: {
“Driver”: “default”,
“Config”: [
{}
]
},
“Containers”: {
“2012c42e577b0f0eb4da7cbe7955bd5137021a6851770578a791e4f32c2f677f”: {
“EndpointID”: “fa6efb254809007debb75ea3ce694624809452466a14a1306844eaf97ca2094a”,
“MacAddress”: “02:42:ac:13:00:03”,
“IPv4Address”: “172.19.0.3/16”,
“IPv6Address”: “”
},
“23722f062a29e735d027c324968e732124215e028d72d416f601807c5e28d448”: {
“EndpointID”: “35cfb86fe4c7bab266a1e671a37fc3ea28fb5382ccd7e1d032f6d1c53b50e509”,
“MacAddress”: “02:42:ac:13:00:02”,
“IPv4Address”: “172.19.0.2/16”,
“IPv6Address”: “”
}
},
“Options”: {}
}
]
root@dell-virtual-machine:~#
root@dell-virtual-machine:~# docker network inspect web
[
{
“Name”: “web”,
“Id”: “a743bde2e8b912838dc1216b338b367b0c8fc9f224c7625f1078fbf96a7990ef”,
“Scope”: “local”,
“Driver”: “bridge”,
“IPAM”: {
“Driver”: “default”,
“Config”: [
{}
]
},
“Containers”: {
“2012c42e577b0f0eb4da7cbe7955bd5137021a6851770578a791e4f32c2f677f”: {
“EndpointID”: “e3297e59f8613806ad1e4d9fb505f9636e581ad9986c3e5bbd2b1391d0d488ed”,
“MacAddress”: “02:42:ac:12:00:02”,
“IPv4Address”: “172.18.0.2/16”,
“IPv6Address”: “”
}
},
“Options”: {}
}
]
This is super cool. I can see detailed information of all container tied to my web applications.
How about network bridge? Let’s try it :
root@dell-virtual-machine:~# docker network inspect bridge
[
{
“Name”: “bridge”,
“Id”: “69b253ef50d1640934b467c9a1ced5dee1b187082fa95da9ed6c9e1e9eb972bb”,
“Scope”: “local”,
“Driver”: “bridge”,
“IPAM”: {
“Driver”: “default”,
“Config”: [
{
“Subnet”: “172.17.42.1/16”,
“Gateway”: “172.17.42.1”
}
]
},
“Containers”: {},
“Options”: {
“com.docker.network.bridge.default_bridge”: “true”,
“com.docker.network.bridge.enable_icc”: “true”,
“com.docker.network.bridge.enable_ip_masquerade”: “true”,
“com.docker.network.bridge.host_binding_ipv4”: “0.0.0.0”,
“com.docker.network.bridge.name”: “docker0”,
“com.docker.network.driver.mtu”: “1500”
}
}
]
root@dell-virtual-machine:~#
root@dell-virtual-machine:~# docker network inspect host
[
{
“Name”: “host”,
“Id”: “9a7a4791e2ecc6b745721109d7d77c4ef5fa601e3b43c4b6415fd4851351d759”,
“Scope”: “local”,
“Driver”: “host”,
“IPAM”: {
“Driver”: “default”,
“Config”: []
},
“Containers”: {},
“Options”: {}
}
]
root@dell-virtual-machine:~#
I think the new “docker network” command is simply awesome.Docker is all about application and Docker folks have done a right job of concentrating completely on application design. This tool is surely going to be an amazing tool for developers as they now don’t have to worry about “Network Administrator” job. Its all purely “Dev-Ops Re-Org”.
Will be back with more exploration on “Docker Networking”.
Comments are closed.