Docker for Beginners: Networking Fundamentals for Containers

Introduction

Welcome back, everyone 😊 We’re excited to continue our journey through the world of Docker. In our previous articles, we’ve covered the basics of Docker, explored its architecture, and learned how to create our first custom Docker image. If you haven’t read those yet, I encourage you to check them out before diving into this one.

Today, we’re tackling a crucial aspect of working with Docker: networking. Have you ever wondered how containers talk to each other? It’s a bit like different departments in a company communicating - they need a system to exchange information efficiently. That’s where Docker networking comes in!

As we move beyond single-container applications, understanding how containers communicate with each other and the outside world becomes increasingly important. Imagine you’re building a web application with a web server and a database. Each of these components might run in its own container, but they need to talk to each other to function as a cohesive application. That’s the puzzle we’re solving today!

In this article, we’ll explore the essentials of Docker networking, including:

Why Docker networking is important
The different types of Docker networks
How to create a custom bridge network
How containers communicate on a network
How to access containers from your host machine using port mapping
Basic troubleshooting tips for Docker networks

By the end of this article, you’ll have a solid grasp of Docker networking concepts and be ready to build more complex, multi-container applications. You’ll understand how to set up communication between containers and how to make your containerized services accessible from outside Docker.

So, let’s dive in and explore the fundamentals of Docker networking with the bridge network!

Understanding Docker Networking

Docker networking is like the invisible wiring that connects your containers. Just as a building’s plumbing system allows water to flow between different rooms, Docker’s networking system enables data to flow between containers and the outside world.

Why Docker Networking Matters

Docker has a built-in networking system that makes it easy for containers to connect. This system acts like a virtual network within your computer, allowing containers to communicate just like computers on a regular network. Without this, our containers would be isolated islands of functionality, unable to work together to create complex applications.

Default Network Types (Bridge, Host, None)

Docker comes with three built-in network types, each offering a different way to connect your containers:

Bridge Network (default): Think of this like a private network within your computer, just for your Docker containers. Containers on this network can talk to each other directly, and you can control access to the outside world. This is the most common type and is ideal for most applications running on a single Docker host.
Host Network: This lets your container share your computer’s network directly. It’s faster but offers less isolation. This can be useful for performance-critical applications that need to avoid the overhead of network address translation.
None Network: This completely isolates your container, giving it no network connection at all. Use this for tasks that don’t require any network access. Use this for tasks that don’t require any network access, like batch jobs processing local data.

These network types are implemented using different network drivers, which are Docker’s way of providing networking capabilities to containers.

In the next section, we’ll dive deeper into the bridge network and learn how to create our own custom network for our containers.

Managing the Default Bridge Network

While Docker automatically creates and manages the default bridge network for you, it’s helpful to understand how to interact with it. This knowledge forms the foundation for working with more complex networking scenarios later on.

Why Manage the Default Bridge Network?

The default bridge network is created automatically when you install Docker. It’s the network your containers will use if you don’t specify a different one. Understanding how to inspect and manage this network can help you troubleshoot issues and gain insights into how your containers are connected.

Inspecting the Default Bridge Network

You can use the following Docker commands to manage the default bridge network:

docker network ls: This command lists all the networks available on your Docker host, including the default bridge network.

1
2
3


$ docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
abcd1234ef     bridge    bridge    local

docker network inspect bridge: This command provides detailed information about the bridge network, such as its subnet, gateway, and connected containers.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21


$ docker network inspect bridge
[
    {
        "Name": "bridge",
        "Id": "abcd1234ef...",
        "IPAM": {
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Containers": {
            "abc123def456...": {
                "Name": "my_container",
                "IPv4Address": "172.17.0.2/16"
            }
        }
    }
]

This output shows you the subnet used by the bridge network (172.17.0.0/16), the gateway IP (172.17.0.1), and any containers connected to this network along with their IP addresses.

Limitations of the Default Bridge Network

While the default bridge network is suitable for many basic scenarios, it has some limitations:

Lack of automatic service discovery: Containers on the default bridge network can only access each other by IP addresses, not by name.
Network isolation: All containers on the default bridge network can communicate with each other, which might not be desirable for all applications.
Limited configuration options: You can’t easily configure the default bridge network settings without restarting the Docker daemon.

These limitations often lead developers to create custom networks, which we’ll explore in the next section.

Setting Up Containers and a Network

Now that we understand the limitations of the default bridge network, let’s create our own custom network and set up containers to use it. This approach gives us more control over container communication and isolation.

Why Create a Custom Network?

Custom networks provide several advantages over the default bridge network:

Automatic DNS resolution between containers
Better isolation: containers on different custom networks can’t communicate by default
More control over IP address assignment
Ability to connect and disconnect containers from networks on the fly

Creating a Custom Network

Let’s start by creating our custom bridge network:

1

docker network create my-app-network

This command creates a new bridge network named my-app-network. Docker handles all the complexities of network creation for us, including subnet allocation and bridge interface setup.

Pulling Container Images

For our example, we’ll use Nginx as a web server and MySQL as a database. These represent common components in a web application. Let’s pull these images:

1
2


docker pull nginx:latest
docker pull mysql:latest

These commands download the latest versions of Nginx and MySQL images from Docker Hub.

Running Containers on the Custom Network

Now, let’s run our containers and connect them to our custom network:

Run the MySQL container:
1

docker run -d --name db --network my-app-network -e MYSQL_ROOT_PASSWORD=my-secret-pw mysql:latest
This command:
- Runs the container in detached mode (-d)
- Names it db
- Connects it to my-app-network
- Sets the root password using an environment variable
Run the Nginx container:
1

docker run -d --name webserver --network my-app-network nginx:latest
This command is similar, but doesn’t need any environment variables set.

Note: The -d flag runs the container in detached mode, which means it runs in the background. This is different from interactive mode (-it), which connects your terminal directly to the container’s shell. Detached mode is useful for long-running processes like databases or web servers, as it allows you to use your terminal for other tasks while the container continues running. Interactive mode, on the other hand, is helpful for debugging or running command-line applications that require user input.

Verifying the Setup

To check that our containers are running and connected to our custom network:

List running containers:
1

docker ps
Inspect our custom network:
1

docker network inspect my-app-network
This will show details about the network, including the connected containers.

Understanding the Network Diagram

Let’s break down the diagram:

Docker Networking

The outer box represents the Docker host (your computer).
The my-app-network is our custom bridge network.
Nginx and MySQL containers are inside this network, able to communicate with each other.
The Docker Engine manages these containers and networks.
Port mapping (which we’ll discuss next) allows external access to services inside containers.

Introduction to Port Mapping

While our containers can now communicate with each other, they’re not accessible from outside Docker. To change this, we use port mapping. For example:

1

docker run -d --name webserver -p 8080:80 --network my-app-network nginx:latest

The -p 8080:80 option maps port 80 in the container to port 8080 on the host. This means you can access the Nginx web server by navigating to http://localhost:8080 in your web browser.

Now that we have our containers running on a custom network, let’s explore how they can communicate with each other and how we can access them from our host machine.

Container Communication and Access

Now that we have our custom network set up with Nginx and MySQL containers running, let’s explore how these containers communicate with each other and how we can access them from our host machine.

Testing Communication Between Containers

Containers on the same Docker network can communicate with each other using their container names as hostnames. This is thanks to Docker’s built-in DNS resolution. Let’s test this by pinging our MySQL container from our Nginx container.

First, let’s access the shell of our Nginx container:
1

docker exec -it webserver /bin/bash
The docker exec command allows us to run commands inside a running container. The -it flags give us an interactive terminal.
Once inside the container, let’s install the ping utility:
1

apt-get update && apt-get install -y iputils-ping
Now, let’s ping our MySQL container:
1

ping db
You should see successful ping responses, demonstrating that our containers can communicate.
Exit the container shell:
1

exit

This simple test shows that our containers can communicate using their container names, thanks to Docker’s network DNS resolution.

Accessing Containers from the Host

While containers on the same network can communicate directly, accessing container services from the host machine requires port mapping. We briefly touched on this earlier, but let’s explore it in more detail.

Port mapping allows us to map a port on our host machine to a port inside a container. This is crucial for accessing services running inside containers.

Let’s modify our Nginx container to map port 80 inside the container to port 8080 on our host:

1
2
3


docker stop webserver
docker rm webserver
docker run -d --name webserver -p 8080:80 --network my-app-network nginx:latest

The -p 8080:80 flag maps port 80 in the container to port 8080 on the host. The first number (8080) is the host port, and the second number (80) is the container port. Now, you can access the Nginx web server by opening a web browser and navigating to http://localhost:8080. You should see the default Nginx welcome page.

Notice that we stopped the container, removed it, and then ran it again with new settings. This is because containers are immutable, meaning once they’re created, their core configuration can’t be changed. Immutability ensures consistency and reproducibility in containerized environments. If we need to make changes, we must stop the existing container, remove it, and create a new one with the desired configuration.

We’ve explored how containers communicate within a Docker network and how to access container services from the host machine. In the next section, we’ll discuss some basic troubleshooting tips for Docker networks.

Troubleshooting Docker Networks (Basic Tips)

While Docker networking usually works seamlessly, you might occasionally encounter issues. Here are some basic troubleshooting tips:

Check Network Existence: Use docker network ls to verify that your network exists.
Inspect Network Details: Use docker network inspect <network_name> to get detailed information about your network, including connected containers and IP addresses.
Verify Container Logs: Use docker logs <container_name> to check for any network-related errors.
Restart Containers: Sometimes, restarting your containers can resolve network issues.

For more advanced troubleshooting, refer to the official Docker documentation.

Key Takeaways

Docker networking enables communication between containers and with the outside world.
The default bridge network is suitable for single-host container communication.
Custom networks provide better isolation and control over container communication.
docker exec allows you to run commands inside running containers.
Port mapping enables access to container services from the host machine.

Conclusion

In this article, we’ve explored the fundamentals of Docker networking. You’ve learned how to create networks, connect containers, test inter-container communication, and access container services from your host machine.

Understanding Docker networking is crucial for building and deploying containerized applications. With this knowledge, you’re well-equipped to create and manage Docker networks for more complex, multi-container applications.

In our next article, we’ll explore how to push your Docker containers to Azure Container Registry, so stay tuned for that and see you soon 😊