A Guide to Container Networking: Part 3 – Docker Container Networking

This is the third part of the Container Networking series. I will explain a little about docker container networking in this blog post.

I followed the steps mentioned in this to install docker on Ubuntu.

After installing docker, you can see docker0 The device is in the list

ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 02:fd:4d:34:55:76 brd ff:ff:ff:ff:ff:ff
11: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:cf:b4:c1:a8 brd ff:ff:ff:ff:ff:ff

Let’s create a busy container.

docker run --name bb -dt busybox

 docker ps -a
CONTAINER ID   IMAGE     COMMAND   CREATED              STATUS              PORTS    NAMES
02429964e449   busybox   "sh"      About a minute ago   Up About a minute             bb

In the list of devices, you see veth7b01920@if16 The interface is created using master docker0.

ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 02:fd:4d:34:55:76 brd ff:ff:ff:ff:ff:ff
11: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:cf:b4:c1:a8 brd ff:ff:ff:ff:ff:ff
17: veth7b01920@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default 
    link/ether e2:15:50:88:11:03 brd ff:ff:ff:ff:ff:ff link-netnsid 2

Let’s check the network namespace.

ip netns list

And you won’t see any network namespaces…how so??? This is because:

ip netns list command looks up network namespaces file in the 
/var/run/netns directory.

However, the Docker daemon doesn’t create a reference of
the network namespace file in the /var/run/netns directory
after the creation. Therefore, ip netns ls cannot resolve the
network namespace file

Ref: 

If you like ip netns list To show the namespace name created by docker, then follow these steps

export container_name=bb
container_pid=$(sudo docker inspect -f '' $container_name)
echo $container_pid

sudo touch /var/run/netns/$container_name
sudo mount -o bind /proc/$container_pid/ns/net /var/run/netns/$container_name

Now, you can see the namespace name.

ip netns list
bb (id: 0)

sudo ip netns exec bb ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
16: eth0@if17: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0

The following chart will help you visualize it better.

And with that I sign. I hope this blog series helps de-clutter your container networks.