This content originally appeared on HackerNoon and was authored by Atul Thosar
This is the third part of the series Container Networking. I will explain a little bit about the docker container networking in this blog post.
\ I followed the steps mentioned in this to install docker on Ubuntu.
\
Post docker install, you can see the docker0 device in the list
ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 02:fd:4d:34:55:76 brd ff:ff:ff:ff:ff:ff
11: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:cf:b4:c1:a8 brd ff:ff:ff:ff:ff:ff
\ Let’s create a busybox container.
docker run --name bb -dt busybox
\
docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
02429964e449 busybox "sh" About a minute ago Up About a minute bb
\
In the device list, you see the veth7b01920@if16 interface is created with the master as docker0.
ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 02:fd:4d:34:55:76 brd ff:ff:ff:ff:ff:ff
11: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 02:42:cf:b4:c1:a8 brd ff:ff:ff:ff:ff:ff
17: veth7b01920@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether e2:15:50:88:11:03 brd ff:ff:ff:ff:ff:ff link-netnsid 2
\ Let’s check the network namespace.
ip netns list
\ And you won’t see any network namespaces…How come??? This is because:
ip netns list command looks up network namespaces file in the
/var/run/netns directory.
However, the Docker daemon doesn’t create a reference of
the network namespace file in the /var/run/netns directory
after the creation. Therefore, ip netns ls cannot resolve the
network namespace file
Ref: https://www.baeldung.com/linux/docker-network-namespace-invisible
\
If you want ip netns list to show the namespace name docker has created, then follow the below steps
export container_name=bb
container_pid=$(sudo docker inspect -f '' $container_name)
echo $container_pid
sudo touch /var/run/netns/$container_name
sudo mount -o bind /proc/$container_pid/ns/net /var/run/netns/$container_name
\ Now, you can see the namespace name.
ip netns list
bb (id: 0)
\
sudo ip netns exec bb ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
16: eth0@if17: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
\ The following diagram will help you visualize it better.
With this, I’m signing off. I hope this blog series helps to de-clutter your container networking.
This content originally appeared on HackerNoon and was authored by Atul Thosar
Atul Thosar | Sciencx (2025-01-19T22:30:03+00:00) A Guide to Container Networking: Part III – Docker Container Networking. Retrieved from https://www.scien.cx/2025/01/19/a-guide-to-container-networking-part-iii-docker-container-networking/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.