Now let’s spin up a CentOS container. First I’ll pull it down from the Docker repository:
[root@dockernet ~]# docker pull centos Using default tag: latest latest: Pulling from library/centos 7b6bb4652a1b: Pull complete Digest: sha256:c1010e2fe2b635822d99a096b1f4184becf5d1c98707cbccae00be663a9b9131 Status: Downloaded newer image for centos:latest
Then I’ll run it in interactive mode:
[root@dockernet ~]# docker run -it centos [root@98c3dbff6afc /]#
If you haven’t seen this before, notice my prompt change which indicates I’m now at a terminal for my container. I’m also going to reconnect to my host on a second SSH session so I’ll have access to both the container as well as the server.
So first up, I’ll look at the network config again on the server like we did before.
[root@dockernet ~]# ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:50:56:82:f0:87 brd ff:ff:ff:ff:ff:ff inet 10.0.0.205/24 brd 10.0.0.255 scope global ens192 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:fe82:f087/64 scope link valid_lft forever preferred_lft forever 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 02:42:a4:4f:37:85 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:a4ff:fe4f:3785/64 scope link valid_lft forever preferred_lft forever 5: veth304f268@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP link/ether 72:f9:71:83:12:22 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::70f9:71ff:fe83:1222/64 scope link valid_lft forever preferred_lft forever
Several things to notice right off the bat. First, the docker0 interface is now up. This is good as we’ve got something attached to it now.
Second, there is now an additional interface, a veth interface which is also up. No IP address here, see? In fact, this veth interface is attached to the docker0 bridge. You can see this noted by ‘master docker0’.
Third, notice that there is no interface 4 (we go 1, 2, 3, 5) but the veth is @if4. Also see the netnsid at the end, which will be meaningful in a moment.
Veths are paired/peered interfaces, so this veth…@if4 is peered with interface #4, even though we don’t see it. I can check this with ethtool if we don’t trust the name:
[root@dockernet ~]# ethtool -S veth304f268 NIC statistics: peer_ifindex: 4
We can see the veth attached to the bridge by using brctl again.
[root@dockernet ~]# brctl show bridge name bridge id STP enabled interfaces docker0 8000.0242a44f3785 no veth304f268
Next we take a look at the networking on the container itself.