Docker networking commands explained

Introduction

Our last article was a theoretical introduction to the Docker networking stack comprising the container network model and its components. In this article, we’ll be demonstrating some useful docker networking related commands including how to create and inspect networks in Docker. Before getting started with the docker networking commands let’s run ifconfig command on our docker host to see the adapters.

[sahil@linuxnix ~]$ ifconfig -a
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:c1:a9:d8:99 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9001
inet 172.21.17.134 netmask 255.255.240.0 broadcast 172.21.21.255
inet6 2406:da18:77c:6102:6682:ca26:b37:c059 prefixlen 128 scopeid 0x0<global>
inet6 fe80::471:43ff:fec0:81a4 prefixlen 64 scopeid 0x20<link>
ether 06:71:43:c0:81:a4 txqueuelen 1000 (Ethernet)
RX packets 2185 bytes 814542 (795.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2880 bytes 596702 (582.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 16 bytes 1036 (1.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16 bytes 1036 (1.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [sahil@linuxnix ~]$

In the above output, the first adapter we see is docker0. This gets created when we install docker and is a bridged network that will bind itself to the ens5 adapter and the loopback device.
We have an IP range of 172.17.0.1 assigned to the network. This is the pool of IPs Docker will use to assign IP addresses to containers when they get created.

Listing available commands (help)
To list the available docker networking commands type docker network –help.

[sahil@linuxnix ~]$ docker network --help Usage: docker network COMMAND Manage networks Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks Run 'docker network COMMAND --help' for more information on a command.
[sahil@linuxnix ~]$

Between this post and the next one, we will be covering all of these commands.

List available networks
To view the networks created on this host, type docker network ls.

[sahil@linuxnix ~]$ docker network ls
NETWORK ID NAME DRIVER SCOPE
682dd9e66c94 bridge bridge local
deda9b99818c host host local
e548460a0fe1 none null local
[sahil@linuxnix ~]$

The above networks get created during the docker install. Please be mindful of the fact that if you delete any of these networks you will end up messing up you Docker setup and you would likely need to install Docker again.

Get detailed information on a network
To get detailed information about a network type docker inspect followed by the network name.

[sahil@linuxnix ~]$ docker inspect bridge
[
{
"Name": "bridge",
"Id": "682dd9e66c94c66871a4eedff614506051d56fba2cfaa17a9218b0b1650ab1fc",
"Created": "2019-08-23T05:15:21.436035072Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
[sahil@linuxnix ~]$

In the above output, we can find the subnet and gateway information in the config section. The IP 172.17.0.1 bound to the bridge adapter docker0 is coming from the network 172.17.0.0/16. Under the options section, a noteworthy option is host_binding_ipv4. This option is set to 0.0.0.0 implies that the bridged network is bound to all interfaces on the docker host. This is also where the bridge name is defined.

Linuxnix-free-e-book

Create a new network
There are a lot of flags we can use to create the network but for now, we’ll use the default options.

[sahil@linuxnix ~]$ docker network create br01
14353b0777820f58826922ad6ba641ef947376bb9e644897482c63228be2450d
[sahil@linuxnix ~]$

Now let’s inspect the network br01.

[sahil@linuxnix ~]$ docker inspect br01
[
{
"Name": "br01",
"Id": "14353b0777820f58826922ad6ba641ef947376bb9e644897482c63228be2450d",
"Created": "2019-08-23T06:10:31.523096805Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]

If we don’t define a driver to use then the bridge driver will be used by default. The next available CIDR block will be assigned to the network and in this case, it happens to be 172.18.0.0/16. Based that CIDR block the default gateway for the network is set to 172.18.0.1. An adapter also gets created to this bridged network.

[sahil@linuxnix ~]$ ifconfig br-14353b077782
br-14353b077782: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
ether 02:42:8f:1d:37:81 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Connecting a container to a network
For connecting a container to a network we use the docker network connect command followed by the network to connect to and then the container name. To demonstrate let’s create a container from an nginx image and connect the bridge network br01 we created to this container.

[sahil@linuxnix ~]$ docker container run -d --name network-test -p 8080:80 nginx
c74a02b01ad36c7c93049c5e48f275f13d57262090bba57ba5ed6eee9a2789b6
[sahil@linuxnix ~]$
[sahil@linuxnix ~]$ docker network connect br01 network-test
[sahil@linuxnix ~]$

To validate that the above command worked let’s run docker inspect on the container and check the network section.

[sahil@linuxnix ~]$ docker inspect network-test --------------------------------
"Networks": {
"br01": {
"IPAMConfig": {},
"Links": null,
"Aliases": [
"c74a02b01ad3"
],
"NetworkID": "14353b0777820f58826922ad6ba641ef947376bb9e644897482c63228be2450d",
"EndpointID": "0c3e6da19f0548ce5eaae1f63d9be65e64ee3a969094f23a6fa0a447a74edbf6",
"Gateway": "172.18.0.1",
"IPAddress": "172.18.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:12:00:02",
"DriverOpts": {}
},
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "682dd9e66c94c66871a4eedff614506051d56fba2cfaa17a9218b0b1650ab1fc",
"EndpointID": "e7f550b752669711a3126dea183e16ce626c033cb246a0e09a6f806e394134e3",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
--------------------------------

From the above output, we can observe that the container is connected to bridge br00 as well as the default bridge.

Disconnecting a container to a network

[sahil@linuxnix ~]$ docker network disconnect br01 network-test

Deleting a network
To delete a network we use the docker network rm command followed by the name of the network we would like to delete. Let’s try deleting the br01 network we created.

[sahil@linuxnix ~]$ docker network ls
NETWORK ID NAME DRIVER SCOPE
14353b077782 br01 bridge local
682dd9e66c94 bridge bridge local
deda9b99818c host host local
e548460a0fe1 none null local
[sahil@linuxnix ~]$ docker network rm br01
br01
[sahil@linuxnix ~]$ docker network ls
NETWORK ID NAME DRIVER SCOPE
682dd9e66c94 bridge bridge local
deda9b99818c host host local
e548460a0fe1 none null local
[sahil@linuxnix ~]$

Besides rm we could also use docker network prune to remove a network. But this is a risky command since it will delete all unused networks so we don’t have granular control over what is being deleted.

Conclusion

This concludes our exploration of Docker networking commands. In our next post, we’ll explore a real-world scenario wherein we will connect two containers over an internal network.

The following two tabs change content below.

Sahil Suri

He started his career in IT in 2011 as a system administrator. He has since worked with HP-UX, Solaris and Linux operating systems along with exposure to high availability and virtualization solutions. He has a keen interest in shell, Python and Perl scripting and is learning the ropes on AWS cloud, DevOps tools, and methodologies. He enjoys sharing the knowledge he’s gained over the years with the rest of the community.

Latest posts by Sahil Suri (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *