Network internals 1/3

Network internals 1/3

Daemon provides local network

CIDR (netmask - (1.048.576 addresses)

Containers are assigned a local IP address


Outgoing traffic is translated (source NAT)

Network internals 1/3


Containers are not reachable directly

Incoming traffic requires published port

Published ports are mapped from the host to the container

Only one container can use a published port

Port mapping

Network internals

Find IP address of container:

$ docker inspect web
$ docker inspect -f '' web

Testing container ingress:


Publishing a port:

$ docker run -d --name web2 --publish nginx
$ docker ps
CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS                  NAMES
748a9b0cfb0a   nginx     "/docker-entrypoint.…"   28 seconds ago   Up 26 seconds>80/tcp   web2
c8e069e45dd5   nginx     "/docker-entrypoint.…"   6 minutes ago    Up 6 minutes    80/tcp                 web

Testing the port publishing:

curl http://localhost