Networking in docker

-

This is a study note from a tutorial video in YouTube: https://www.youtube.com/watch?v=fqMOX6JJhGo&t=4723s

There are three options of networks in docker. Bridge(default), host and none.

Bridge

 docker run ubuntu 

Bridge is the default network in docker. 

%3CmxGraphModel%3E%3Croot%3E%3CmxCell%20id%3D%220%22%2F%3E%3CmxCell%20id%3D%221%22%20parent%3D%220%22%2F%3E%3CmxCell%20id%3D%222%22%20value%3D%22172.17.0.3%22%20style%3D%22text%3Bhtml%3D1%3BstrokeColor%3Dnone%3BfillColor%3Dnone%3Balign%3Dcenter%3BverticalAlign%3Dmiddle%3BwhiteSpace%3Dwrap%3Brounded%3D0%3B%22%20vertex%3D%221%22%20parent%3D%221%22%3E%3CmxGeometry%20x%3D%22380%22%20y%3D%22330%22%20width%3D%2240%22%20height%3D%2220%22%20as%3D%22geometry%22%2F%3E%3C%2FmxCell%3E%3C%2Froot%3E%3C%2FmxGraphModel%3E




Internally docker will give container IP addresses ranging with 172.17.0.X. Docker0(172.17.0.1) is a bridge which is used by all containers to communicate with each other.

If you want the container to communicate externally, ports of the containers need to mapped to the ports of the host. For example, docker run -p 8282:8080 ubuntu.

In this mode, containers are isolated with the host. You can only use "run -p" to map to the host port to make it accessible.

You can create isolation in the docker network as well. In some cases, you may want certain containers connected through different bridge so that they can be isolated from other containers. By default, the docker will only create one bridge for all containers. But you can create a new bridge using below command.

 docker network create --driver bridge --subnet 102.18.0.1/16 --gateway 102.18.0.1 custom-isolated-network 


You can use docker network ls to list all the networks.

You can use docker run --network custom-isolated-network mysql:5.6 to run container in a specific network.

Host

%3CmxGraphModel%3E%3Croot%3E%3CmxCell%20id%3D%220%22%2F%3E%3CmxCell%20id%3D%221%22%20parent%3D%220%22%2F%3E%3CmxCell%20id%3D%222%22%20value%3D%22172.17.0.3%22%20style%3D%22text%3Bhtml%3D1%3BstrokeColor%3Dnone%3BfillColor%3Dnone%3Balign%3Dcenter%3BverticalAlign%3Dmiddle%3BwhiteSpace%3Dwrap%3Brounded%3D0%3B%22%20vertex%3D%221%22%20parent%3D%221%22%3E%3CmxGeometry%20x%3D%22380%22%20y%3D%22330%22%20width%3D%2240%22%20height%3D%2220%22%20as%3D%22geometry%22%2F%3E%3C%2FmxCell%3E%3C%2Froot%3E%3C%2FmxGraphModel%3E Web container can be associated with the host using below command:

 docker run --network=host ubuntu 


In this mode, some ports of host shared the same port numbers with containers, which means if the client access the port number 5000 on the host, it will automatically directed to the relevant containers. 

None

 docker run --network=none ubuntu 

In none network mode, the containers are totally isolated from each other and the outside world. They can only run programs locally in their own containers.



Reference: https://www.youtube.com/watch?v=fqMOX6JJhGo&t=4723s

Comments

Post a Comment

Popular posts from this blog

Basic understanding of TLS-PSK protocol

-
Image
This post will talk about the basic understanding of TLS-PSK protocol. It will not cover TLS's history and how its mathematical algorithms work. Instead, what is TLS-PSK protocol and how it works will be discussed here. I prefer using diagrams to help explain things. Hopefully, it can give readers a very basic insights of TLS-PSK. What is TLS-PSK Before talking about what is TLS-PSK, I would like to introduce what is TLS first. TLS, Transport Layer Security, is a cryptographic protocol, aims to provide protection to end-to-end communication over the internet. It helps to protect network users from eavesdropping, tempering and so on. Clear data transmission is dangerous, given that technical hacker can listen to the communication between two computers and steal sensitive data like user name, password and so on. This is situation where TLS can step in and protect you. TLS has two steps: TLS handshake and data transmission. During TLS handshake, the communicating parties mus...
Read more

Differences between ASIC, ASSP and ASIP

-
ASIC (Application Specified Integrated Circuit) is a customized integrated circuit. It is usually used by a person or company for a very limited usage. So when it is developed, only the person or company who orders it can use it. It is not useful for other usages, for example, an IC designed for a specific line of cellular phones of a company, whereby no other products can use it except the cell phones belonging to that product line. - ASIC is just built for one and only one customer. - ASIC is used only in one product line - Only volume production of ASICs for one product can make sense which means low unit cost for high volume products, otherwise the cost is not efficient. - Can exploit parallelism to achieve high performance - Low power consumption ASSP (Application Specified Standard Processor) is an integrated circuit that implements a specific function that appeals to a wide market, which means its function is specified for example a motor drive chip. But it is used widel...
Read more

Orthogonal instruction set

-
Definition: "In computer engineering, an orthogonal instruction set is an instruction set architecture where  all instruction types  can use  all addressing modes . It is 'orthogonal' in the sense that the instruction type and the addressing mode vary independently." The story of orthogonal instruction set: In the past, because the  memory is very precious , so the processor designer tends to  make instructions as powerful as possible . So they hope one instruction can perform  full function  like get data from memory and then perform the calculation. They make  all instructions can have all the addressing modes . By this way,  one instruction can fetch data and do the calculation at the same time .  But this will  inscrease the complexity  of the processor design. Also, accessing memory directly is very time-consuming, so some companies choose to use RISC processor (like ARM) which has a  LOAD-STORE a...
Read more