github.com/vieux/docker@v0.6.3-0.20161004191708-e097c2a938c7/docs/tutorials/networkingcontainers.md (about) 1 <!--[metadata]> 2 +++ 3 aliases = [ 4 "/engine/userguide/containers/networkigncontainers/", 5 "/engine/userguide/networkigncontainers/" 6 ] 7 title = "Network containers" 8 description = "How to network Docker containers." 9 keywords = ["Examples, Usage, volume, docker, documentation, user guide, data, volumes"] 10 [menu.main] 11 parent = "engine_learn_menu" 12 weight = -3 13 +++ 14 <![end-metadata]--> 15 16 17 # Network containers 18 19 If you are working your way through the user guide, you just built and ran a 20 simple application. You've also built in your own images. This section teaches 21 you how to network your containers. 22 23 ## Name a container 24 25 You've already seen that each container you create has an automatically 26 created name; indeed you've become familiar with our old friend 27 `nostalgic_morse` during this guide. You can also name containers 28 yourself. This naming provides two useful functions: 29 30 * You can name containers that do specific functions in a way 31 that makes it easier for you to remember them, for example naming a 32 container containing a web application `web`. 33 34 * Names provide Docker with a reference point that allows it to refer to other 35 containers. There are several commands that support this and you'll use one in an exercise later. 36 37 You name your container by using the `--name` flag, for example launch a new container called web: 38 39 $ docker run -d -P --name web training/webapp python app.py 40 41 Use the `docker ps` command to check the name: 42 43 $ docker ps -l 44 45 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 46 aed84ee21bde training/webapp:latest python app.py 12 hours ago Up 2 seconds 0.0.0.0:49154->5000/tcp web 47 48 You can also use `docker inspect` with the container's name. 49 50 $ docker inspect web 51 52 [ 53 { 54 "Id": "3ce51710b34f5d6da95e0a340d32aa2e6cf64857fb8cdb2a6c38f7c56f448143", 55 "Created": "2015-10-25T22:44:17.854367116Z", 56 "Path": "python", 57 "Args": [ 58 "app.py" 59 ], 60 "State": { 61 "Status": "running", 62 "Running": true, 63 "Paused": false, 64 "Restarting": false, 65 "OOMKilled": false, 66 ... 67 68 Container names must be unique. That means you can only call one container 69 `web`. If you want to re-use a container name you must delete the old container 70 (with `docker rm`) before you can reuse the name with a new container. Go ahead and stop and remove your old `web` container. 71 72 $ docker stop web 73 74 web 75 76 $ docker rm web 77 78 web 79 80 81 ## Launch a container on the default network 82 83 Docker includes support for networking containers through the use of **network 84 drivers**. By default, Docker provides two network drivers for you, the 85 `bridge` and the `overlay` drivers. You can also write a network driver plugin so 86 that you can create your own drivers but that is an advanced task. 87 88 Every installation of the Docker Engine automatically includes three default networks. You can list them: 89 90 $ docker network ls 91 92 NETWORK ID NAME DRIVER 93 18a2866682b8 none null 94 c288470c46f6 host host 95 7b369448dccb bridge bridge 96 97 The network named `bridge` is a special network. Unless you tell it otherwise, Docker always launches your containers in this network. Try this now: 98 99 $ docker run -itd --name=networktest ubuntu 100 101 74695c9cea6d9810718fddadc01a727a5dd3ce6a69d09752239736c030599741 102 103 Inspecting the network is an easy way to find out the container's IP address. 104 105 ```bash 106 $ docker network inspect bridge 107 108 [ 109 { 110 "Name": "bridge", 111 "Id": "f7ab26d71dbd6f557852c7156ae0574bbf62c42f539b50c8ebde0f728a253b6f", 112 "Scope": "local", 113 "Driver": "bridge", 114 "IPAM": { 115 "Driver": "default", 116 "Config": [ 117 { 118 "Subnet": "172.17.0.1/16", 119 "Gateway": "172.17.0.1" 120 } 121 ] 122 }, 123 "Containers": { 124 "3386a527aa08b37ea9232cbcace2d2458d49f44bb05a6b775fba7ddd40d8f92c": { 125 "EndpointID": "647c12443e91faf0fd508b6edfe59c30b642abb60dfab890b4bdccee38750bc1", 126 "MacAddress": "02:42:ac:11:00:02", 127 "IPv4Address": "172.17.0.2/16", 128 "IPv6Address": "" 129 }, 130 "94447ca479852d29aeddca75c28f7104df3c3196d7b6d83061879e339946805c": { 131 "EndpointID": "b047d090f446ac49747d3c37d63e4307be745876db7f0ceef7b311cbba615f48", 132 "MacAddress": "02:42:ac:11:00:03", 133 "IPv4Address": "172.17.0.3/16", 134 "IPv6Address": "" 135 } 136 }, 137 "Options": { 138 "com.docker.network.bridge.default_bridge": "true", 139 "com.docker.network.bridge.enable_icc": "true", 140 "com.docker.network.bridge.enable_ip_masquerade": "true", 141 "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", 142 "com.docker.network.bridge.name": "docker0", 143 "com.docker.network.driver.mtu": "9001" 144 }, 145 "Labels": {} 146 } 147 ] 148 ``` 149 150 You can remove a container from a network by disconnecting the container. To do this, you supply both the network name and the container name. You can also use the container id. In this example, though, the name is faster. 151 152 $ docker network disconnect bridge networktest 153 154 While you can disconnect a container from a network, you cannot remove the builtin `bridge` network named `bridge`. Networks are natural ways to isolate containers from other containers or other networks. So, as you get more experienced with Docker, you'll want to create your own networks. 155 156 ## Create your own bridge network 157 158 Docker Engine natively supports both bridge networks and overlay networks. A bridge network is limited to a single host running Docker Engine. An overlay network can include multiple hosts and is a more advanced topic. For this example, you'll create a bridge network: 159 160 $ docker network create -d bridge my-bridge-network 161 162 The `-d` flag tells Docker to use the `bridge` driver for the new network. You could have left this flag off as `bridge` is the default value for this flag. Go ahead and list the networks on your machine: 163 164 $ docker network ls 165 166 NETWORK ID NAME DRIVER 167 7b369448dccb bridge bridge 168 615d565d498c my-bridge-network bridge 169 18a2866682b8 none null 170 c288470c46f6 host host 171 172 If you inspect the network, you'll find that it has nothing in it. 173 174 $ docker network inspect my-bridge-network 175 176 [ 177 { 178 "Name": "my-bridge-network", 179 "Id": "5a8afc6364bccb199540e133e63adb76a557906dd9ff82b94183fc48c40857ac", 180 "Scope": "local", 181 "Driver": "bridge", 182 "IPAM": { 183 "Driver": "default", 184 "Config": [ 185 { 186 "Subnet": "172.18.0.0/16", 187 "Gateway": "172.18.0.1" 188 } 189 ] 190 }, 191 "Containers": {}, 192 "Options": {}, 193 "Labels": {} 194 } 195 ] 196 197 ## Add containers to a network 198 199 To build web applications that act in concert but do so securely, create a 200 network. Networks, by definition, provide complete isolation for containers. You 201 can add containers to a network when you first run a container. 202 203 Launch a container running a PostgreSQL database and pass it the `--network=my-bridge-network` flag to connect it to your new network: 204 205 $ docker run -d --network=my-bridge-network --name db training/postgres 206 207 If you inspect your `my-bridge-network` you'll see it has a container attached. 208 You can also inspect your container to see where it is connected: 209 210 $ docker inspect --format='{{json .NetworkSettings.Networks}}' db 211 212 {"my-bridge-network":{"NetworkID":"7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99", 213 "EndpointID":"508b170d56b2ac9e4ef86694b0a76a22dd3df1983404f7321da5649645bf7043","Gateway":"172.18.0.1","IPAddress":"172.18.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:02"}} 214 215 Now, go ahead and start your by now familiar web application. This time leave off the `-P` flag and also don't specify a network. 216 217 $ docker run -d --name web training/webapp python app.py 218 219 Which network is your `web` application running under? Inspect the application and you'll find it is running in the default `bridge` network. 220 221 $ docker inspect --format='{{json .NetworkSettings.Networks}}' web 222 223 {"bridge":{"NetworkID":"7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812", 224 "EndpointID":"508b170d56b2ac9e4ef86694b0a76a22dd3df1983404f7321da5649645bf7043","Gateway":"172.17.0.1","IPAddress":"172.17.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:02"}} 225 226 Then, get the IP address of your `web` 227 228 $ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' web 229 230 172.17.0.2 231 232 Now, open a shell to your running `db` container: 233 234 $ docker exec -it db bash 235 236 root@a205f0dd33b2:/# ping 172.17.0.2 237 ping 172.17.0.2 238 PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data. 239 ^C 240 --- 172.17.0.2 ping statistics --- 241 44 packets transmitted, 0 received, 100% packet loss, time 43185ms 242 243 After a bit, use `CTRL-C` to end the `ping` and you'll find the ping failed. That is because the two containers are running on different networks. You can fix that. Then, use the `exit` command to close the container. 244 245 Docker networking allows you to attach a container to as many networks as you like. You can also attach an already running container. Go ahead and attach your running `web` app to the `my-bridge-network`. 246 247 $ docker network connect my-bridge-network web 248 249 Open a shell into the `db` application again and try the ping command. This time just use the container name `web` rather than the IP Address. 250 251 $ docker exec -it db bash 252 253 root@a205f0dd33b2:/# ping web 254 PING web (172.18.0.3) 56(84) bytes of data. 255 64 bytes from web (172.18.0.3): icmp_seq=1 ttl=64 time=0.095 ms 256 64 bytes from web (172.18.0.3): icmp_seq=2 ttl=64 time=0.060 ms 257 64 bytes from web (172.18.0.3): icmp_seq=3 ttl=64 time=0.066 ms 258 ^C 259 --- web ping statistics --- 260 3 packets transmitted, 3 received, 0% packet loss, time 2000ms 261 rtt min/avg/max/mdev = 0.060/0.073/0.095/0.018 ms 262 263 The `ping` shows it is contacting a different IP address, the address on the `my-bridge-network` which is different from its address on the `bridge` network. 264 265 ## Next steps 266 267 Now that you know how to network containers, see [how to manage data in containers](dockervolumes.md).