1 00:00:00,690 --> 00:00:08,620 ‫For this lecture, you need to understand some of the previous concepts around networking and also 2 00:00:08,620 --> 00:00:10,680 ‫around creating containers. 3 00:00:11,260 --> 00:00:16,660 ‫Now that we understand the concepts of Docker networking and how all the virtual networking and IP stuff 4 00:00:16,660 --> 00:00:21,580 ‫works, let's look at some of the command line options for managing it. 5 00:00:21,580 --> 00:00:27,580 ‫First, there's the obvious network ls. Since we can create multiple networks, we surely have an ls command 6 00:00:27,580 --> 00:00:29,040 ‫to list them. 7 00:00:29,230 --> 00:00:33,400 ‫We have the usual inspect command which you're probably used to by now from all the other inspecting 8 00:00:33,400 --> 00:00:34,060 ‫we're doing. 9 00:00:34,150 --> 00:00:37,120 ‫That'll show us the details about a specific network. 10 00:00:37,720 --> 00:00:44,040 ‫Then we have a create command that has an optional driver that we can specify for using built-in 11 00:00:44,050 --> 00:00:48,230 ‫and third-party drivers to create a new virtual network. 12 00:00:49,060 --> 00:00:56,200 ‫Then we have the connect and disconnect commands for changing a live running container so that a 13 00:00:56,200 --> 00:00:59,640 ‫new NIC is created on a virtual network for that container. 14 00:00:59,800 --> 00:01:02,670 ‫It's kind of like sticking a network card in a computer while it's running. 15 00:01:03,130 --> 00:01:06,270 ‫So here we go. 16 00:01:06,340 --> 00:01:12,420 ‫So back to my command line. Taking the concepts that we just learned, I can actually do a docker 17 00:01:13,320 --> 00:01:19,530 ‫network ls. This shows me all of the networks that have been created. In this case, 18 00:01:19,530 --> 00:01:23,880 ‫when you run the same command, you're probably going to see the same three. Depending on your operating 19 00:01:23,880 --> 00:01:30,330 ‫system and version of Docker, you might see the bridge network called docker0 or bridge, but they both 20 00:01:30,330 --> 00:01:37,080 ‫mean the same thing. Which is it's the default network that bridges through the NAT firewall to the physical 21 00:01:37,080 --> 00:01:41,580 ‫network that your host is connected to. Up until now, we haven't had to worry about it because all 22 00:01:41,580 --> 00:01:44,950 ‫of our containers have just attached to that network and worked. 23 00:01:45,020 --> 00:01:53,380 ‫Now that we have this Nginx container running, if I do a docker network inspect, the bridge network, 24 00:01:53,800 --> 00:01:59,420 ‫you'll actually see that it lists the containers attached to that network. You'll see that our Nginx 25 00:01:59,420 --> 00:02:02,350 ‫one, that we called webhost, is attached there. 26 00:02:02,350 --> 00:02:08,530 ‫You can actually see its IP address. And you'll see up here that these networks automatically assign 27 00:02:08,560 --> 00:02:16,120 ‫IP addresses, and it's showing you here with the IPAM config that the subnet defaults to 172.17, 28 00:02:16,390 --> 00:02:20,200 ‫which is typically the default network for any Docker host. 29 00:02:20,200 --> 00:02:25,180 ‫But it can be changed, and then the gateway for this network that will eventually route out to the physical 30 00:02:25,180 --> 00:02:26,110 ‫network. 31 00:02:26,260 --> 00:02:31,990 ‫If we went back to the docker network ls, we can see these other two networks. The host network is 32 00:02:31,990 --> 00:02:39,360 ‫what we talked about before that is a special network that skips the virtual networking of Docker and 33 00:02:39,360 --> 00:02:42,510 ‫attaches the container directly to the host interface. 34 00:02:42,600 --> 00:02:47,670 ‫As you can imagine, there's pros and cons to that because it prevents the security boundaries of 35 00:02:47,670 --> 00:02:51,770 ‫the containerization from protecting the interface of that container. 36 00:02:51,780 --> 00:02:57,390 ‫But it also, in certain situations, can improve the performance of high throughput networking and get 37 00:02:57,390 --> 00:03:01,110 ‫around a few other issues with specific special software out there. 38 00:03:02,870 --> 00:03:08,690 ‫Then we have the last one of none, which is kind of the equivalent of having an interface on your 39 00:03:08,930 --> 00:03:13,780 ‫computer that's not attached to anything, but we can create our own. 40 00:03:13,980 --> 00:03:23,490 ‫Let's create a Docker network...create my_app_net. 41 00:03:23,510 --> 00:03:25,060 ‫Now we're going to do a docker network 42 00:03:25,060 --> 00:03:34,930 ‫ls again. You'll notice that it created my new virtual network with a driver of bridge. 43 00:03:35,120 --> 00:03:37,430 ‫And that's because that's the default driver. 44 00:03:37,460 --> 00:03:43,940 ‫It's a simple driver that simply creates a virtual network locally with its own subnet somewhere around 45 00:03:43,950 --> 00:03:51,840 ‫the 172.17 and above, because it will increment as it goes. So, 17, then 18, 19, 20 and so on. 46 00:03:52,100 --> 00:03:55,910 ‫It doesn't have any of the advanced features that we might see later in this course, like overlaid 47 00:03:55,910 --> 00:04:02,950 ‫networks that allow private networking between hosts, and other third party drivers like Weave. 48 00:04:03,130 --> 00:04:10,870 ‫If you look at the docker network create command with help, you'll see that I can specify not just 49 00:04:10,870 --> 00:04:15,970 ‫the driver that I want to use, but a lot of the IP and network options that you might need in an advanced 50 00:04:15,970 --> 00:04:18,680 ‫scenario. 51 00:04:18,850 --> 00:04:24,010 ‫We can do several things with these networks and how we connect them to our containers. 52 00:04:24,010 --> 00:04:28,850 ‫We can use the --network option when we create a container. 53 00:04:29,080 --> 00:04:35,630 ‫So, docker container run name 54 00:04:38,270 --> 00:04:47,880 ‫new nginx, and then network, and then my app 55 00:04:47,910 --> 00:04:52,650 ‫net, and then the nginx image. 56 00:04:52,810 --> 00:05:03,940 ‫If we did a docker network inspect on the my app network, you would see that the new Nginx 57 00:05:04,030 --> 00:05:10,550 ‫I just created is now on that network. It has a new IP address of 172.18. 58 00:05:10,570 --> 00:05:13,630 ‫So it's the next subnet in the list. 59 00:05:15,210 --> 00:05:19,380 ‫But we don't actually have to start new containers, because just like in the real world where you can 60 00:05:19,500 --> 00:05:25,800 ‫unplug and replug in Ethernet devices and reconnect to wireless networks, you can also do the same with 61 00:05:25,800 --> 00:05:28,720 ‫existing networks and existing containers. 62 00:05:28,860 --> 00:05:35,160 ‫For this, we use the docker network connect and disconnect options and you can use --help 63 00:05:35,370 --> 00:05:38,340 ‫to see all the options there for Docker network. 64 00:05:38,370 --> 00:05:45,450 ‫In this case, what we want to do is docker network, and we want to take the existing container that 65 00:05:45,450 --> 00:05:49,290 ‫we created first and connect it to our new network. 66 00:05:49,560 --> 00:05:56,040 ‫I'm going to pick the new my app network, and then I'm going to pick the original webhost we created. 67 00:05:57,250 --> 00:06:07,010 ‫Now if I do a docker container inspect of my original webhost, you'll see that it's actually now on 68 00:06:07,010 --> 00:06:11,260 ‫two networks. The original bridge network, 69 00:06:11,830 --> 00:06:17,830 ‫and I basically did the equivalent of giving it a new Ethernet interface on a different network, with a different 70 00:06:17,860 --> 00:06:20,810 ‫IP that was received from the DHCP. 71 00:06:20,860 --> 00:06:23,220 ‫So we're now on the 17 network in the 18 network. 72 00:06:24,360 --> 00:06:31,170 ‫If I wanted to disconnect that, I could do the same with just disconnect. Then if I went back 73 00:06:31,230 --> 00:06:35,410 ‫and did an inspection again, you'll see that it's now back with only the one network. 74 00:06:37,800 --> 00:06:44,100 ‫As you can see, there's lots of interesting options for Docker networking and really the end goal here, 75 00:06:44,100 --> 00:06:49,380 ‫and one thing I love to brag about with containers, is that if you're running all of the applications 76 00:06:49,380 --> 00:06:54,510 ‫on a single server, in this case, you're able to really protect them. Because in the physical world where 77 00:06:54,510 --> 00:07:02,070 ‫we were creating virtual machines and hosts in a network, we would often overexpose the ports and networking 78 00:07:02,160 --> 00:07:04,030 ‫on our application servers. 79 00:07:04,230 --> 00:07:09,240 ‫In these cases, if you were to take your app containers and have them all in one network together 80 00:07:09,240 --> 00:07:15,200 ‫in a virtual network, you're only going to be exposing the ports on your host that you specifically use 81 00:07:15,210 --> 00:07:20,820 ‫the -p with. And everything else is a little bit safer with that protected firewall inside their 82 00:07:20,820 --> 00:07:21,880 ‫virtual network. 83 00:07:22,500 --> 00:07:26,730 ‫Later on, when we get into Docker Swarm, we're actually going to learn about multi-host networking 84 00:07:26,730 --> 00:07:32,490 ‫and how this gets even better when we start to scale up and scale out. 85 00:07:32,500 --> 00:07:37,610 ‫To recap, we just covered a bunch of commands for managing Docker networks. 86 00:07:37,870 --> 00:07:44,950 ‫We played around with the ls and the inspect commands, created a Docker network, and used the default driver 87 00:07:45,010 --> 00:07:46,040 ‫of bridge. 88 00:07:46,240 --> 00:07:49,280 ‫We didn't actually need to use a --driver. 89 00:07:50,140 --> 00:07:55,450 ‫And last, we tried out the network connect and the network disconnect commands for adding and then removing 90 00:07:55,480 --> 00:07:57,080 ‫a NIC from a running container.