Let's have a look at
what is happening between the host and the container.
docker network ls -
from the physical host shows the networks attached to docker
There is a bridge
(softswitch), a host network on the bridge and a (none) null network (don't
know what this is yet)
nelson@lab1:~$ docker network ls
NETWORK ID NAME DRIVER
1c9307d1163e bridge bridge
72a37254aedb host host
ae03349bbf0e none null
ifconfig -a to show
the host connected network interfaces
docker0 is the
bridge for the containers, eth0,eth1 currently unused, lo the host loopback and
wlan0,
the currently connected host network (also where host default route resides)
There are also two
networks with 'veth' prefixes. These are
the virtual interfaces to docker0 for each container.
nelson@lab1:~$ ifconfig -a
docker0
Link encap:Ethernet HWaddr
02:42:5e:2d:df:17
inet addr:172.17.0.1 Bcast:0.0.0.0
Mask:255.255.0.0
inet6 addr:
fe80::42:5eff:fe2d:df17/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500
Metric:1
RX packets:235 errors:0 dropped:0
overruns:0 frame:0
TX packets:251 errors:0 dropped:0
overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:16644 (16.6 KB) TX bytes:27519 (27.5 KB)
eth0 Link encap:Ethernet HWaddr fc:aa:14:98:ca:29
UP BROADCAST MULTICAST MTU:1500
Metric:1
RX packets:0 errors:0 dropped:0
overruns:0 frame:0
TX packets:0 errors:0 dropped:0
overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth1 Link encap:Ethernet HWaddr fc:aa:14:98:ca:2b
UP BROADCAST MULTICAST MTU:1500
Metric:1
RX packets:0 errors:0 dropped:0
overruns:0 frame:0
TX packets:0 errors:0 dropped:0
overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:20 Memory:f7e00000-f7e20000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536
Metric:1
RX packets:1747 errors:0 dropped:0
overruns:0 frame:0
TX packets:1747 errors:0 dropped:0
overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:180141 (180.1 KB) TX bytes:180141 (180.1 KB)
vethc07b410 Link encap:Ethernet HWaddr b6:c1:69:71:74:31
inet6 addr:
fe80::b4c1:69ff:fe71:7431/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500
Metric:1
RX packets:94 errors:0 dropped:0
overruns:0 frame:0
TX packets:172 errors:0 dropped:0
overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7805 (7.8 KB) TX bytes:19445 (19.4 KB)
vethd678055 Link encap:Ethernet HWaddr 9a:e2:9a:71:7f:3a
inet6 addr:
fe80::98e2:9aff:fe71:7f3a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500
Metric:1
RX packets:48 errors:0 dropped:0
overruns:0 frame:0
TX packets:81 errors:0 dropped:0
overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4176 (4.1 KB) TX bytes:10628 (10.6 KB)
wlan0
Link encap:Ethernet HWaddr
d8:fc:93:47:01:fd
inet addr:192.168.1.24 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr:
fe80::dafc:93ff:fe47:1fd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500
Metric:1
RX packets:683977 errors:0 dropped:7
overruns:0 frame:0
TX packets:2165426 errors:0 dropped:0
overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:110733511 (110.7 MB) TX bytes:2883791106 (2.8 GB)
Just for my
edification, wanted to see if the host can reach the container
First Container
nelson@lab1:~$ ping
172.17.0.2
PING 172.17.0.2
(172.17.0.2) 56(84) bytes of data.
64 bytes from
172.17.0.2: icmp_seq=1 ttl=64 time=0.106 ms
64 bytes from
172.17.0.2: icmp_seq=2 ttl=64 time=0.066 ms
64 bytes from
172.17.0.2: icmp_seq=3 ttl=64 time=0.073 ms
64 bytes from
172.17.0.2: icmp_seq=4 ttl=64 time=0.079 ms
^C
--- 172.17.0.2 ping
statistics ---
4 packets
transmitted, 4 received, 0% packet loss, time 2997ms
rtt min/avg/max/mdev
= 0.066/0.081/0.106/0.015 ms
Second Container
nelson@lab1:~$ ping 172.17.0.3
PING 172.17.0.3
(172.17.0.3) 56(84) bytes of data.
64 bytes from
172.17.0.3: icmp_seq=1 ttl=64 time=0.048 ms
64 bytes from
172.17.0.3: icmp_seq=2 ttl=64 time=0.047 ms
^C
--- 172.17.0.3 ping
statistics ---
2 packets
transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev
= 0.047/0.047/0.048/0.006 ms
docker network
inspect bridge - show what the bridge (by name from docker network ls) is and
how it is configured in a JSON object http://www.json.org/
Notice the
containers identified in the container section
nelson@lab1:~$ docker network inspect bridge
[
{
"Name": "bridge",
"Id":
"1c9307d1163e9d46a0a34a6430e4031ba7c41e1c33cd55304965e389905667bf",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver":
"default",
"Options": null,
"Config": [
{
"Subnet":
"172.17.0.0/16",
"Gateway":
"172.17.0.1"
}
]
},
"Internal": false,
"Containers": {
"4a567ec8d878c73614a72db1d465e811cbb345384a2a02507596f3d161f8e77b":
{
"Name":
"serene_jennings",
"EndpointID":
"58d1e794d6abe6ac142008080c78f2a072f76ad3514485238b2ee36aff69442d",
"MacAddress":
"02:42:ac:11:00:03",
"IPv4Address":
"172.17.0.3/16",
"IPv6Address":
""
},
"60f1373691651b1b9694cc20e8ee4940611e7744a7526c7d513581f3a0c71e30":
{
"Name":
"nauseous_meninsky",
"EndpointID":
"8c8ff1ccb10110f4befec2c83fb9af32247af5f8584be21ca7dc681c2a4b679e",
"MacAddress":
"02:42:ac:11:00:02",
"IPv4Address":
"172.17.0.2/16",
"IPv6Address":
""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade":
"true",
"com.docker.network.bridge.host_binding_ipv4":
"0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
Feel free to repeat
this command for host and none.
Wondering where the
traffic is going…
ip route - from the
host for specific traffic directions
nelson@lab1:~$ ip route
default via
192.168.1.254 dev wlan0 proto static
172.17.0.0/16 dev
docker0 proto kernel scope link
src 172.17.0.1
192.168.1.0/24 dev
wlan0 proto kernel scope link
src 192.168.1.24 metric 9
Also from one of the
containers
/ # ip route
default via
172.17.0.1 dev eth0
172.17.0.0/16 dev
eth0 src 172.17.0.2
No comments:
Post a Comment