In this example we are going to create a custom network and create two containers to use it so that they can communicate with each other. For more information please visit Docker container networking.


General information


By default, a Docker container is isolated from other containers and the external network. When docker service is installed, it creates docker0 interface for containers to use in order to communicate with each other.


ubuntu@xenial64:~$ ifconfig

docker0 Link encap:Ethernet HWaddr 02:42:a4:77:85:19
inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

When you install Docker, it creates three networks automatically.


ubuntu@xenial64:~$ docker network ls

NETWORK ID NAME DRIVER SCOPE
7ea4abd4f97c bridge bridge local
a6de0ab66715 host host local
c714fd7cee1b none null local

The bridge network represents the docker0 interface. Docker daemon connects containers to this network by default unless you define different one with docker run --network={NETWORK-NAME}.


Create a new bridge network


New network will be based on existing bridge network.


ubuntu@xenial64:~$ docker network create --driver bridge inanzzz_network

dd883f1c5f72c9f13a22823d97520db2d29a2595da91ab7b9e48787db23b378b

ubuntu@xenial64:~$ docker network ls

NETWORK ID NAME DRIVER SCOPE
7ea4abd4f97c bridge bridge local
a6de0ab66715 host host local
dd883f1c5f72 inanzzz_network bridge local
c714fd7cee1b none null local

ubuntu@xenial64:~$ docker network inspect inanzzz_network

[
{
"Name": "inanzzz_network",
"Id": "dd883f1c5f72c9f13a22823d97520db2d29a2595da91ab7b9e48787db23b378b",
"Created": "2018-01-23T13:25:13.469938051Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]

Create containers on custom network


When you create or run your new containers in inanzzz_network network, each container can immediately communicate with other. The network itself will isolate the containers from external networks.



If you want one of your container to be able to serve traffic coming from outside, you can expose and publish container ports.



Create containers


ubuntu@xenial64:~$ docker run -i -t -d --network=inanzzz_network --name=client_container ubuntu:16.04
ubuntu@xenial64:~$ docker run -i -t -d --network=inanzzz_network --name=server_container httpd:2.4

We have an apache server running on server_container so the port 80 is exposed by default. We haven't published any ports with -p flag yet. If we wanted, we would do something like docker run ...-p 5000:80 ... on server_container then the result below would look like 0.0.0.0:5000->80/tcp instead of 80/tcp. We normally would do that if we wanted host OS to talk to container.


ubuntu@xenial64:~$ docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6cbf1da80c74 httpd:2.4 "httpd-foreground" 4 seconds ago Up 3 seconds 80/tcp server_container
8d0bdb552444 ubuntu:16.04 "/bin/bash" 2 minutes ago Up 2 minutes client_container

Inspect containers


As you can see, the IP address are inherit from the custom network.


ubuntu@xenial64:~$ docker inspect client_container
[
{
.....
"HostConfig": {
.....
"NetworkMode": "inanzzz_network",
.....
},
.....
"NetworkSettings": {
.....
"Ports": {},
.....
"Networks": {
"inanzzz_network": {
.....
"Gateway": "172.18.0.1",
"IPAddress": "172.18.0.2",
.....
}
}
}
}
]

ubuntu@xenial64:~$ docker inspect server_container

[
{
.....
"HostConfig": {
.....
"NetworkMode": "inanzzz_network",
.....
},
.....
"NetworkSettings": {
.....
"Ports": {
"80/tcp": null
},
.....
"Networks": {
"inanzzz_network": {
.....
"Gateway": "172.18.0.1",
"IPAddress": "172.18.0.3",
.....
}
}
}
}
]

Communication test


Client container talking to server container through port 80.


ubuntu@xenial64:~$ docker exec -it client_container curl -I 172.18.0.3

HTTP/1.1 200 OK
Date: Tue, 23 Jan 2018 13:56:11 GMT
Server: Apache/2.4.29 (Unix)
Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT
ETag: "2d-432a5e4a73a80"
Accept-Ranges: bytes
Content-Length: 45
Content-Type: text/html

Server container cannot talk to client container because no port is open.


ubuntu@xenial64:~$ docker exec -it server_container curl -I 172.18.0.2

curl: (7) Failed to connect to 172.18.0.2 port 80: Connection refused