Share and learn in the Docker community.
Hi,
Being a newbie in docker I am learning about docker networking. I read somewhere that docker containers are accesible through docker bridge internally. They create a private network which is not accesible by external network/other machines from same LAN network.
How can I add external connectivity for containers. Do I need to create seperate bridge and add ethernet ip to it ?
Please help me .
you would need to map the container port onto a host port as part of the docker run command
-p host_port:port
then u could access the host and host port from out on the network… the bridge on the host will route the traffic to the containers port.
there is no direct easy way to expose the containers IP address onto the local network. i have struggled with this for years, with a particular product that uses networking the wrong way.
Hi,
Yes port access is one way. I want to access the containers by their IP.
Is it possible if I create another bridge with adding Ethernet ip to new bridge? And use the new bridge in docker daemon instead of docker0.
sadly no. networking would send a packet to the IP address/mac destination, but it doesn’t exist, the host will not respond to those packets…
I played with a set of scripts (pipework, https://opsbot.com/advanced-docker-networking-pipework/) a couple years ago, which put the containers on the local lan, using DHCP, and it works on my local machine, or on my VMWARE host, but ONLY if running in promiscuous mode… Amazon, nor any of the other hosting sites will not allow promiscuous mode because it is a security risk to see all network packets.
see here http://blog.oddbit.com/2014/08/11/four-ways-to-connect-a-docker/
there are some other private network overlay (https://www.youtube.com/watch?v=nGSNULpHHZc, Weave https://www.weave.works/docs/net/latest/install/plugin/plugin-how-it-works/) type approaches, but they come down to a separate layer on top of the local network, which is not accessible by the local (hosts) network.
Hi Divya,
While running a container from image, you can specify the network switch. The n/w adapter name which you provide that existing in docker host, will help connect containers to the same n/w adapter.
If you provide the n/w adapter name which is connected to you LAN, when a container is provisioned it should get an IP from DNS assigned automatically and you can ping it from other nodes in your LAN n/w.
Below command is for the same. Is this is what you are looking for?
Yes, it is possible. McVlan and pipework (deprecated) are the keys for you to search. Pipework needs promiscuicious mode, KVM provides that if you use a cloud provider. VMWARE does not.
Hi Divya: you can access your container by using the host IP address and obviously the port number. In case of scripting or linking to other containers you can download an ambassador container in which you can assign a specific port number for the container you want to reach and you can then query IP address of the host, port you have defined in ambassador to access your container.
By default I am using network bridge as default network. There are other options as well like Macvlan and overlay .
Can you please explain which adaptor name I need to give.