The aim of this book is to provide you with in-depth knowledge of how Docker implements container networking. Whether you use Docker every day or are just getting started, this book will introduce you to how Docker uses Linux networking primitives to network containers. Through numerous examples, we’ll cover everything from the fundamentals of Linux networking to the latest Docker networking drivers. Along the way, we’ll also look at integrating existing networking constructs and third-party plugins into Docker. The end goal is for you to be comfortable with the process Docker uses to provide networking capabilities to containers.
Like many open source projects, Docker is a fast-moving piece of software. At the time of publication, the most recent version of Docker was 1.12. I’ve done my best to ensure that the content in this book reflects the most up-to-date features and configurations based on this version. Regardless of the version, many of these features have existed in one form or another since the very early versions of Docker. So while there have been significant changes in Docker networking over the last couple of years, much of the network functionality is still implemented in the same manner. It is for this reason that I believe the majority of the content in this book will remain relevant for a long time to come.
Chapter 1, Linux Networking Constructs, will focus on introducing you to Linux networking primitives. Topics such as interface creation, addressing, and general connectivity will be discussed in detail. You will also be introduced to common Linux command-line syntax and tooling as it relates to Linux host network configuration. Understanding these basic constructs will greatly increase your ability to understand how Docker handles container networking.
Chapter 2, Configuring and Monitoring Docker Networks, explains the default means in which Docker handles container networking. These include bridge, host, and mapped container modes of Docker network operation. We’ll also begin our exploration of how Docker handles mapping container-based services to the outside or external network. There will also be discussion around Linux host requirements for Docker networking and some of the possible Docker service-level parameters that can be modified.
Chapter 3, User-Defined Networks, begins our discussion on Docker user-defined networks. The advent of user-defined networks has greatly increased the flexibility of Docker networking providing the end user far more possibilities in regard to container connectivity. We’ll discuss the syntax required to create user-defined networks as well as show examples of how to create user-defined bridge and overlay-based networks. Finally, we’ll cover some options to isolate network segments within Docker.
Chapter 4, Building Docker Networks, begins with a deep dive into how Docker provides container connectivity. Starting with a container that was provisioned without a network interface, we’ll cover all the steps required in order to get the container communicating on the network. We’ll then move on to discuss other options to use custom bridges with Docker and cover multiple use cases related to using OVS in conjunction with Docker.
Chapter 5, Container Linking and Docker DNS, discusses the available options for container name resolution. This includes both the default name resolution behavior as well as the new embedded DNS server functionality that exists with user-defined networks. You will become comfortable with the process used to determine name server assignment in each of these scenarios.
Chapter 6, Securing Container Networks, shows a variety of features and strategies that are related to container security. You will be exposed to several options to limit the scope of container exposure and connectivity. We’ll also discuss options to implement a container-based load balancer that utilizes a user-defined overlay network.
Chapter 7, Working with Weave Net, will be our first look at a third-party networking solution that integrates with Docker. Weave provides multiple methods to integrate with Docker including its own CLI tool as well as a full-blown Docker driver. An example of using Weave to provide network isolation will also be demonstrated.
Chapter 8, Working with Flannel, examines the third-party network plugin built by the team at CoreOS. Flannel is an interesting example of how a networking plugin can be integrated into Docker just by changing Docker service-level parameters. In addition to providing overlay type networking, Flannel also offers a host gateway backend that allows the hosts to route directly to each other so long as they meet certain requirements.
Chapter 9, Exploring Network Features, focuses on how newer networking features are integrated into Docker. We’ll examine how you can gain access to and test these new features by evaluating different versions of Docker engine. Through the course of the chapter, we’ll also examine the now integrated MacVLAN network driver as well as the IPVLAN network driver, which is still in testing.
Chapter 10, Leveraging IPv6, covers IPv6 and Docker’s support of it. IPv6 is a big topic and one that deserves a great amount of attention considering the current state of IPv4. In this chapter, we’ll review some of the basics of working with IPv6 on a Linux system. We’ll then spend some time reviewing how Docker supports IPv6 and discuss some of the options you have around deployment.
Chapter 11, Troubleshooting Docker Networks, examines some of the common steps you might take when troubleshooting Docker networking. The focus will be on validating the configuration, but you’ll also learn some steps you can take to prove that the configuration is working as intended.