The Virtual Ethernet Bridge: docker0

.

docker Docker [Installation: click here] creates the virtual interface “docker0” which is virtual Ethernet bridge. This virtual bridge forwards the packets between the containers each other and between the host and the container.

You see this when you execute: “ip addr list docker0 or “ifconfig docker0.

output of “ifconfig docker0“:

docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
inet 172.17.0.1  netmask 255.255.0.0  broadcast 0.0.0.0
ether 02:42:63:8f:85:df  txqueuelen 0  (Ethernet)
RX packets 0  bytes 0 (0.0 B)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 0  bytes 0 (0.0 B)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

The IP address of this interface is a randomly chosen private IP that is not used by the host.  Here it is 172.17.0.1 with the net mask of 16 bits (255.255.0.0) and the MAC address 02:42:63:8f:85:df.

To display the virtual networks created by Docker, execute:

# docker network ls

Output:

NETWORK ID          NAME                DRIVER
dfc34cd75029        bridge              bridge 
3453b5653383        none                null
e9a375f4a8a2        host                host

The figure below describes how the virtual interfaces are connected to the bridge docker0.  All veth* interfaces are attached/linked to this bridge. Each veth* interface has a peer (virtual interface) in a specific container.

docker0

Some Notes:

  • The eth0 in the container and the veth* in the host are pairs and connected like a pipe. So the packets enter from one of them will reach the other and vice versa.
  • The eth0 has a private IP address from the same range of the bridge docker0’s IP address which is considered as a gateway. The MAC address is generated from the IP address.
  • The MAC address of the veth* interface is set.
  • The bridge docker0 connects veth* interfaces while sharing a single IP address.

To inspect the bridge network, execute:

# docker network inspect bridge

Output:

[
{
“Name”: “bridge”,
“Id”: “dfc34cd75029786a53356e554b34a14c290ef4969e38ecb1e4ae9c34598e93d7”,
“Scope”: “local”,
“Driver”: “bridge”,
“IPAM”: {
“Driver”: “default”,
“Config”: [
{
“Subnet”: “172.17.0.0/16”
}
]
},
“Containers”: {},
“Options”: {
“com.docker.network.bridge.default_bridge”: “true”,
“com.docker.network.bridge.enable_icc”: “true”,
“com.docker.network.bridge.enable_ip_masquerade”: “true”,
“com.docker.network.bridge.host_binding_ipv4”: “0.0.0.0”,
“com.docker.network.bridge.name”: “docker0”,
“com.docker.network.driver.mtu”: “1500”
}
}
]

Because there is no container created yet, we have the array “Containers” empty (“Containers”: {}). The bridge network can be created manually.

To run a container in a specific network, executes:

# docker run –net=<NETWORK> …..The rest ………..

Note: Instead of using a bridge, we can use iptables NAT configuration.


More Information


 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s