Exploring Docker Networking – Bridge

Exploring Docker Networking – Bridge

Now let’s spin up a CentOS container.  First I’ll pull it down from the Docker repository:

[root@dockernet ~]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
7b6bb4652a1b: Pull complete
Digest: sha256:c1010e2fe2b635822d99a096b1f4184becf5d1c98707cbccae00be663a9b9131
Status: Downloaded newer image for centos:latest

Then I’ll run it in interactive mode:

[root@dockernet ~]# docker run -it centos
[root@98c3dbff6afc /]#

If you haven’t seen this before, notice my prompt change which indicates I’m now at a terminal for my container.  I’m also going to reconnect to my host on a second SSH session so I’ll have access to both the container as well as the server.

So first up, I’ll look at the network config again on the server like we did before.

[root@dockernet ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet scope host lo
 valid_lft forever preferred_lft forever
 inet6 ::1/128 scope host
 valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
 link/ether 00:50:56:82:f0:87 brd ff:ff:ff:ff:ff:ff
 inet brd scope global ens192
 valid_lft forever preferred_lft forever
 inet6 fe80::250:56ff:fe82:f087/64 scope link
 valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
 link/ether 02:42:a4:4f:37:85 brd ff:ff:ff:ff:ff:ff
 inet scope global docker0
 valid_lft forever preferred_lft forever
 inet6 fe80::42:a4ff:fe4f:3785/64 scope link
 valid_lft forever preferred_lft forever
5: veth304f268@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
 link/ether 72:f9:71:83:12:22 brd ff:ff:ff:ff:ff:ff link-netnsid 0
 inet6 fe80::70f9:71ff:fe83:1222/64 scope link
 valid_lft forever preferred_lft forever

Several things to notice right off the bat.  First, the docker0 interface is now up.  This is good as we’ve got something attached to it now.

Second, there is now an additional interface, a veth interface which is also up.  No IP address here, see?  In fact, this veth interface is attached to the docker0 bridge.  You can see this noted by ‘master docker0’.

Third, notice that there is no interface 4 (we go 1, 2, 3, 5) but the veth is @if4.  Also see the netnsid at the end, which will be meaningful in a moment.

Veths are paired/peered interfaces, so this veth…@if4 is peered with interface #4, even though we don’t see it.  I can check this with ethtool if we don’t trust the name:

[root@dockernet ~]# ethtool -S veth304f268
NIC statistics:
 peer_ifindex: 4

We can see the veth attached to the bridge by using brctl again.

[root@dockernet ~]# brctl show
bridge name bridge id         STP enabled    interfaces
docker0     8000.0242a44f3785 no             veth304f268

Next we take a look at the networking on the container itself.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s