Docker bridge schematic diagram
The Docker service will create a docker0 bridge by default (with a docker0 internal interface on it), which connects to other physical or virtual network cards at the kernel layer, which puts all containers and local hosts on the same physical network.
Docker specifies the IP address and subnet mask of the docker0 interface by default, so that the host and the container can communicate with each other through the bridge. It also gives the MTU (the maximum transmission unit allowed by the interface), usually 1500 Bytes, or the host The default value supported on the host network route. These values can be configured when the service starts.
- --Bip=CIDR — IP address plus mask format, for example 192.168.1.5/24
- --Mtu=BYTES — Override the default Docker mtu configuration
You can also configure DOCKER_OPTS in the configuration file, and then restart the service. Since the current Docker bridge is a Linux bridge, users can use brctl show to view the bridge and port connection information.
$ sudo brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.3a1d7362b4ee no veth65f9
vethdda6
*Note: The brctl command can be installed using sudo apt-get install bridge-utils in Debian and Ubuntu.
Every time a new container is created, Docker selects a free IP address from the available address range and assigns it to the container's eth0 port.
Use the IP of the docker0 interface on the local host as the default gateway for all containers.
$ sudo docker run -i -t --rm base /bin/bash $ ip addr show eth0 24: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 32:6f:e0:35:57:91 brd ff:ff:ff:ff:ff:ff inet 172.17.0.3/16 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::306f:e0ff:fe35:5791/64 scope link valid_lft forever preferred_lft forever $ ip route default via 172.17.42.1 dev eth0 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.3 $ exit