Docker networking
From Teknologisk videncenter
Contents
docker networks
Overview
On a docker swarm
heth@docker1:~$ docker network ls
NETWORK ID NAME DRIVER SCOPE
76a4537b0654 bridge bridge local
d6ae77b0b494 docker_gwbridge bridge local
cc493462394a host host local
p3lm08ns2mrq ingress overlay swarm
ba8252e136b1 none null local
on each node in swarm run:
heth@docker1:~$ docker network inspect ingress | grep Address
"MacAddress": "02:42:0a:00:00:02",
"IPv4Address": "10.0.0.2/24",
"IPv6Address": ""
heth@docker3:~$docker network inspect ingress | grep Address
"MacAddress": "02:42:0a:00:00:03",
"IPv4Address": "10.0.0.3/24",
"IPv6Address": ""
heth@docker3:~$ docker network inspect ingress | grep Address
"MacAddress": "02:42:0a:00:00:04",
"IPv4Address": "10.0.0.4/24",
"IPv6Address": ""
Creating an overlay network
heth@docker1:~$docker network create --driver overlay hethnet
Run containers on swarm
heth@docker1:~$docker service create --replicas 3 --network hethnet --name helloworld alpine ping docker.com
heth@docker1:~$ docker service ps helloworld
ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS
3lgo2gz3a4yb helloworld.1 alpine:latest docker2 Running Running 24 minutes ago
u6e8agzh22az helloworld.2 alpine:latest docker3 Running Running 24 minutes ago
9ix7pu6m9hpf helloworld.3 alpine:latest docker1 Running Running 24 minutes ago
Create traffic between nodes
heth@docker1:~$ docker exec -it 1f sh
/ # ip a
31: eth0@if32: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue state UP
link/ether 02:42:0a:00:01:03 brd ff:ff:ff:ff:ff:ff
inet 10.0.1.3/24 brd 10.0.1.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ping 10.0.1.5
PING 10.0.1.5 (10.0.1.5): 56 data bytes
64 bytes from 10.0.1.5: seq=0 ttl=64 time=0.338 ms
64 bytes from 10.0.1.5: seq=1 ttl=64 time=0.270 ms
...
On another terminal start tcpdump while ping still running
root@docker1:/home/heth# sudo tcpdump -i ens160 -w /tmp/swarm.pcap
Transfer swarm.pcap to host with wireshark and notice VxLAN tunneling
Bridged interfaces
Example
brctl command
Install with (debian like): sudo apt install bridge-utils
heth@ub1:~$ brctl show
bridge name bridge id STP enabled interfaces
br-501d0044fabe 8000.0242a9d6ae8d no veth413579c
veth6d6fce4
vethd3cbce2
br-ded1f2526def 8000.0242a675d928 no
crc 8000.525400fdbed0 yes
docker0 8000.02420af91289 no veth180ce2d
virbr0 8000.5254009d12fa yes
heth@ub1:~$ brctl showmacs br-501d0044fabe
port no mac addr is local? ageing timer
1 02:42:ac:13:00:02 no 3.96
2 02:42:ac:13:00:03 no 3.96
1 46:b0:4b:02:26:99 yes 0.00
1 46:b0:4b:02:26:99 yes 0.00
2 96:fb:5a:ff:2c:9d yes 0.00
2 96:fb:5a:ff:2c:9d yes 0.00
3 aa:2c:8a:2b:06:81 yes 0.00
3 aa:2c:8a:2b:06:81 yes 0.00
bridge command
heth@ub1:~$ bridge -d vlan
port vlan-id
virbr0 1 PVID Egress Untagged
state forwarding
crc 1 PVID Egress Untagged
state forwarding
docker0 1 PVID Egress Untagged
state forwarding
br-ded1f2526def 1 PVID Egress Untagged
state forwarding
veth180ce2d 1 PVID Egress Untagged
state forwarding
br-501d0044fabe 1 PVID Egress Untagged
state forwarding
veth413579c 1 PVID Egress Untagged
state forwarding
vethd3cbce2 1 PVID Egress Untagged
state forwarding
veth6d6fce4 1 PVID Egress Untagged
state forwarding