DOCKER - 14 Network Concepts

Hello everyone and welcome to this introductory course to Docker.
Prerequisites for this section are an understanding of how to start a container, but also the networking concept of TCP/IP, such as subnets, IP addresses, ports, and firewalls. You don't really need to know everything, but it will certainly make it easier to understand this section, which is centered on these concepts, I just want to remind you of the -p option in your container run commands, which exposes your computer's port.
Docker has this concept of an included but removable battery, which basically means that the defaults are pretty simple and common, but you can change a lot of the options. We will quickly see in this lesson the container port command, which gives you a quick overview of the open ports for this container on your network.
Next, we'll go into some Docker networking and virtual networking concepts, and how packets flow through the network.
When you start a container, actually, in the background, you're connecting to a particular Docker network. By default, this is the bridged network, as we will see in a minute. Then each of those networks you want to connect to is routed through a NAT firewall, which is actually Docker configuring the host's IP address to its default interface so that your containers can connect to the internet or the rest of your system
But we don't need to use the -p when specific containers want to communicate with each other within our host. For example, if you have an application with a server and an Apache PHP container, these two containers should be on the same network and they should be able to talk to each other without having to really open their ports to the rest of your physical network.
If you had another application that was unrelated, say it was using Mongo and Node. js you can create a network for it so they can talk to each other without using the -p to expose them to the network. But they will not be able to communicate with the other network where an unrelated application is running. The fact is that almost all the parameters I have described are quite modifiable. You will see that throughout this course there are often defaults that work in a simple way. You don't even have to specify them. You will just notice that things are set up in a standard way. Many of these options are configurable at runtime or even changeable after the fact. Some of those things you can actually change are creating multiple virtual networks, maybe one per app, or different networks with different security requirements. Like in the physical world where you can have two physical network cards on a real computer. You can have two virtual networks connected to a container, or you can have the container unable to communicate with any network. You can ignore all default virtual network configurations and just use --net=host. You'll lose some of the benefits of containerization. But in some cases it may be necessary. Later we will talk about Docker network drivers. The whole plugin ecosystem around Docker extends Docker's capabilities to many tools. But in our case, we're going to look at a few different Docker network drivers and see how they might change our network and give us new capabilities. And all of this is just the beginning. Throughout the course we will talk about networking concepts where we will cover more advanced multi-host private networking topics and concepts like sub-interfaces etc. But for now, let's look at some command-line stuff.
As a recap, let's look at the -p of our container run ... docker container run commands. If you remember the first time we ran a container, we used the -p to expose port 80 of our Nginx. (-p 80:80 --name webhost –d nginx ) This took the host port, and forwards traffic from that port into port 80 of the container. If we do docker container port Webhost, it actually shows, in a simple format, which ports are forwarding traffic to this container from the host to the container itself. We haven't talked about the container's IP address. So you can assume that the container is using the same IP address as the host. But by default, this is not the case. We can easily get the Docker IP of this container by inspecting it and we'll use the format option, which you'll notice actually has a pretty specific format to filter incoming items. Docker container inspect --format ‘{{ .NetworkSettings.IPAddress }}’ webhost And here is his address It is not in the same network as my physical machine which has an IP address starting with 192.
Just a brief recap on this section. In fact, we spent a lot of time on Docker networking concepts, including exposing your host's ports to the physical network using the -p option. The fact that Docker focuses on default configurations that are nicknamed as included but removable stacks. For local development and testing, you can probably get by with the defaults, but everything is editable. Next we discovered the container port command which is a quick way to examine the exposed ports of your particular containers. They are all good concepts to understand when we discuss CLI in the Next Course.
That's all for this video, but see you soon for the next one.