Docker follows the Container Network Model which breaks up networking into components:
Sandboxes - containers running on the same Docker node won’t be able to talk to each other
Endpoints - virtual NICs created for each container
Networks - creates a ‘fake’ network and attach the containers using the nedpoints
libnetwork - made up of the ‘control’ and ‘management’ planes
Drivers enable networking in containers. These are the available drivers in Linux:
bridge - default driver, functions as a NAT
host - allows container to access network stacj of the underlying node without NAT
overlay - creates networks that span multiple nodes, allowing secure, encrypted communication between containers
macvlan - allows attaching a container to internal LAN, container will have own IP, MAC, like any other device
To create a separate network:
docker network create -d driver <name>
Single-host Bridge Network
Single-host Host Network
Multi-host Overlay Network
Existing Network
In an overlay network, we have containers running on multiple nodes.
To create an overlay network:
$ docker network create -d overlay <name>
To create services for swarms:
$ docker service create --name <name> \
--network <name> \
--replicas 2 \
<image>
Overlay networks uses VXLAN. The idea is to create a layer 2 network on top of layer 3.