By default, Docker works like a router

Write now, we have 3 containers running :

[root@docker ~]# docker ps -a
CONTAINER ID IMAGE  COMMAND     CREATED           STATUS        PORTS NAMES
9343acf270ed ubuntu "/bin/bash" About an hour ago Up 28 seconds       Ubuntu
ebae479717ac centos "/bin/bash" 2 hours ago       Up 18 seconds       CentOS
3182473dc136 fedora "/bin/bash" 2 hours ago       Up 8 seconds        fedora

Here is the current network we have :

[root@docker ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eno16777984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:19:c7:ff brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.203/24 brd 192.168.1.255 scope global eno16777984
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe19:c7ff/64 scope link
       valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether 02:42:41:d9:32:fe brd ff:ff:ff:ff:ff:ff
    inet 172.17.42.1/16 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:41ff:fed9:32fe/64 scope link
       valid_lft forever preferred_lft forever
7: veth5ec4bf7@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
    link/ether c2:8e:38:b7:93:24 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::c08e:38ff:feb7:9324/64 scope link
       valid_lft forever preferred_lft forever
9: vethc3efbf5@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
    link/ether 1a:8c:8d:1b:6a:4f brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::188c:8dff:fe1b:6a4f/64 scope link
       valid_lft forever preferred_lft forever
11: veth5506834@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP
    link/ether 6e:55:6c:29:6e:37 brd ff:ff:ff:ff:ff:ff link-netnsid 2
    inet6 fe80::6c55:6cff:fe29:6e37/64 scope link
       valid_lft forever preferred_lft forever

For Docker containers, we have a static route (to 172.17.0.0/16) :

[root@docker ~]# netstat -rn
Kernel IP routing table
Destination  Gateway     Genmask       Flags MSS Window irtt Iface
0.0.0.0      192.168.1.1 0.0.0.0       UG    0 0        0    eno16777984
169.254.0.0  0.0.0.0     255.255.0.0   U     0 0        0    eno16777984
172.17.0.0   0.0.0.0     255.255.0.0   U     0 0        0    docker0
192.168.1.0  0.0.0.0     255.255.255.0 U     0 0        0    eno16777984

Each docker container has by default an I.P. in this 172.17.0.0/16 B class, for example :

root@9343acf270ed:/# ip addr show dev eth0
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe11:2/64 scope link
       valid_lft forever preferred_lft forever

And a default gateway :

root@9343acf270ed:/# netstat -rn
Kernel IP routing table
Destination Gateway     Genmask     Flags MSS Window irtt Iface
0.0.0.0     172.17.42.1 0.0.0.0     UG    0 0        0    eth0
172.17.0.0  0.0.0.0     255.255.0.0 U     0 0        0    eth0

Those information could be retrieve from the Docker host :

  • To retrieve all netwok information in JSON format :
[root@docker ~]# docker inspect --format '{{json .NetworkSettings}}' Ubuntu | python -mjson.tool
{
 "Bridge": "",
 "EndpointID": "382ba34c56701fe8dd0c71715effd365c3892b76941c2700272bfa2ae9e25b55",
 "Gateway": "172.17.42.1",
 "GlobalIPv6Address": "",
 "GlobalIPv6PrefixLen": 0,
 "HairpinMode": false,
 "IPAddress": "172.17.0.2",
 "IPPrefixLen": 16,
 "IPv6Gateway": "",
 "LinkLocalIPv6Address": "",
 "LinkLocalIPv6PrefixLen": 0,
 "MacAddress": "02:42:ac:11:00:02",
 "NetworkID": "223a17f4b558c077c9e0890b017bb3b85f1ba3b04779a244a37a3efb2ae766eb",
 "PortMapping": null,
 "Ports": {},
 "SandboxKey": "/var/run/docker/netns/9343acf270ed",
 "SecondaryIPAddresses": null,
 "SecondaryIPv6Addresses": null
}
  • The I.P. @ :
[root@docker ~]# docker inspect --format '{{.NetworkSettings.IPAddress}}' Ubuntu
 172.17.0.2
  • The MAC adress :
[root@docker ~]# docker inspect --format '{{.NetworkSettings.MacAddress}}' Ubuntu
02:42:ac:11:00:02
  • The delault gateway :
[root@docker ~]# docker inspect --format '{{.NetworkSettings.Gateway}}' Ubuntu
172.17.42.1

We can ping from an other machine (outside the containers), here for an example from an other CentOS machine :

Add the gateway (router is Docker host) :

[root@admin ~]# ip route add 172.17.0.0/16 via 192.168.1.203

Try the ping :

[root@admin ~]# ping -c1 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=63 time=0.236 ms

Install traceroute :

[root@admin ~]# yum -y install traceroute

Launch it :

[root@admin ~]# traceroute 172.17.0.2
traceroute to 172.17.0.2 (172.17.0.2), 30 hops max, 60 byte packets
 1  docker.argonay.wou (192.168.1.203) 0.741 ms 0.701 ms 0.654 ms
 2  docker.argonay.wou (192.168.1.203) 0.613 ms !X 0.578 ms !X 0.545 ms !X

Missing “ip” command on CentOS and fedora ?

Install “ifconfig” instead :

  • On CentOS :
[root@ebae479717ac /]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[root@ebae479717ac /]# yum -y install net-tools
[root@ebae479717ac /]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
        inet 172.17.0.3 netmask 255.255.0.0 broadcast 0.0.0.0
        inet6 fe80::42:acff:fe11:3 prefixlen 64 scopeid 0x20<link>
        ether 02:42:ac:11:00:03 txqueuelen 0 (Ethernet)
        RX packets 5094 bytes 7458233 (7.1 MiB)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 3059 bytes 214675 (209.6 KiB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
  • On fedora :
[root@3182473dc136 /]# cat /etc/redhat-release
 Fedora release 23 (Twenty Three)
[root@3182473dc136 /]# dnf -y install net-tools
[root@3182473dc136 /]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
        inet 172.17.0.4 netmask 255.255.0.0 broadcast 0.0.0.0
        inet6 fe80::42:acff:fe11:4 prefixlen 64 scopeid 0x20<link>
        ether 02:42:ac:11:00:04 txqueuelen 0 (Ethernet)
        RX packets 43015 bytes 64661664 (61.6 MiB)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 25474 bytes 1767730 (1.6 MiB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Container default hostname

From the Docker host :

  • The container hostname is automatically generated (random value) :
[root@docker ~]# docker inspect --format '{{.Config.Hostname}}' Ubuntu
9343acf270ed
[root@docker ~]# docker inspect --format '{{.HostnamePath}}' Ubuntu
/var/lib/docker/containers/9343acf270ed4fee981647f03e73012c1570d69b7b16257e55c776df976f42f4/hostname
  • Those values are stored in the JSON configuration file :
[root@docker ~]# cat /var/lib/docker/containers/9343acf270ed4fee981647f03e73012c1570d69b7b16257e55c776df976f42f4/config.json | python -mjson.tool | grep Hostname
 "Hostname": "9343acf270ed",
 "HostnamePath": "/var/lib/docker/containers/9343acf270ed4fee981647f03e73012c1570d69b7b16257e55c776df976f42f4/hostname",
  • And the hostname is stored in “/var/lib/docker/containers/container_id/hostname” file as well :
[root@docker ~]# cat /var/lib/docker/containers/9343acf270ed4fee981647f03e73012c1570d69b7b16257e55c776df976f42f4/hostname
9343acf270ed
  • Within the container :
[root@docker ~]# docker exec -t -i Ubuntu bash
root@9343acf270ed:/# hostname
 9343acf270ed
 root@9343acf270ed:/# cat /etc/hostname
 9343acf270ed
 root@9343acf270ed:/# exit
 exit

 

 

PDF Converter    Send article as PDF   

Leave a Reply

Your email address will not be published. Required fields are marked *


*