How Container Networking Works: a Docker Bridge Network From Scratch
Working with containers can feel like magic at times. In a good way for those who understand the internals and in a terrifying - for those who don't. Luckily, we've been looking under the hood of the containerization technology for quite some time already and even managed to uncover that containers are just isolated and restricted Linux processes, that images aren't really needed to run containers, and that, on the contrary, to build an image we may need to run containers.
Now comes a time to tackle the container networking problem. Or, more precisely, a single-host container networking problem. In this article, we are going to answer the following questions:
- How to virtualize network resources to make containers think they have individual network environments?
- How to turn containers into friendly neighbors and teach to communicate with each other?
- How to reach the outside world (e.g. the Internet) from the inside of a container?
- How to reach containers running on a Linux host from the outside world?
- How to implement Docker-like port publishing?
While answering these questions, we'll set up a single-host container network from scratch using standard Linux tools. As a result, it'll become apparent that the magic of container networking emerges from a combination of much more basic Linux facilities:
- Network namespaces (netns)
- Virtual Ethernet devices (veth)
- Virtual network switches (bridge)
- IP routing and network address translation (NAT).
Let's get started! ๐
You shall not pass! ๐งโโ๏ธ
Jokes aside, this tutorial is only available at the premium tier. Please upgrade your account to unlock all learning materials, get unlimited daily playtime, and access to more powerful playgrounds. Help us keep this platform alive and growing!
Level up your Server Side game โ Join 9,300 engineers who receive insightful learning materials straight to their inbox