What are the four network modes of docker?
Docker’s four network modes are: 1. Host mode, specified with “–net=host”; 2. Container mode, specified with “–net=container:NAME_or_ID”; 3. none mode, specified with "-net=none" specified; 4. Bridge mode.
The operating environment of this tutorial: linux5.9.8 system, docker-1.13.1 version, Dell G3 computer.
Implementation Principle
Docker uses Linux bridging (refer to "Linux Virtual Network Technology") to virtualize a Docker container bridge (docker0) on the host. When Docker starts a container, it will be based on the Docker network The network segment of the bridge is assigned to the container an IP address, called Container-IP, and the Docker bridge is the default gateway for each container. Because containers in the same host are all connected to the same network bridge, containers can communicate directly through the container's Container-IP.
The Docker bridge is virtualized by the host and is not a real network device. It cannot be addressed by the external network, which also means that the external network cannot access the container through direct Container-IP. If the container wants to be accessible from the outside, you can map the container port to the host (port mapping), that is, enable it through the -p or -P parameter when docker run creates the container, and use [host IP] when accessing the container: [Container Port] Access the container.
Four types of network modes
| Docker network mode | Configuration | Instructions |
|---|---|---|
| host mode | –net=host | The container and the host share the Network namespace. |
| container mode | –net=container:NAME_or_ID | The container shares the Network namespace with another container. A pod in kubernetes is a Network namespace shared by multiple containers. |
| none mode | –net=none | The container has an independent Network namespace, but no network settings are made for it, such as assigning veth pair and bridge connection, configure IP, etc. |
| bridge mode | –net=bridge | (default is this mode) |
host mode
If you use host mode when starting a container, the container will not get an independent Network Namespace, but will share a Network Namespace with the host. The container will not virtualize its own network card, configure its own IP, etc., but use the host's IP and port. However, other aspects of the container, such as the file system, process list, etc., are still isolated from the host.
Containers using host mode can directly use the host's IP address to communicate with the outside world. The service port inside the container can also use the host's port. NAT is not required. The biggest advantage of host is that the network performance is relatively good. , but the ports already used on the docker host can no longer be used, and the network isolation is not good.
Host mode is as shown below:
container mode
This mode specifies the newly created container and An existing container shares a Network Namespace, not the host. The newly created container will not create its own network card and configure its own IP, but will share the IP, port range, etc. with a specified container. Similarly, apart from the network, the two containers are also isolated in other aspects such as file systems, process lists, etc. The processes of the two containers can communicate through the lo network card device.
Container mode diagram:
none mode
Using none mode, the Docker container has its own Network Namespace , however, does not perform any network configuration for the Docker container. In other words, this Docker container does not have network card, IP, routing and other information. We need to add network cards, configure IP, etc. to the Docker container ourselves.
In this network mode, the container only has the lo loopback network and no other network cards. none mode can be specified via --network=none when creating the container. This type of network cannot be connected to the Internet. A closed network can ensure the security of the container.
None mode diagram:
bridge mode
When the Docker process starts, it will be created on the host A virtual bridge named docker0. Docker containers started on this host will be connected to this virtual bridge. A virtual bridge works similarly to a physical switch, so that all containers on the host are connected to a Layer 2 network through the switch.
Assign an IP from the docker0 subnet to the container, and set the docker0 IP address as the default gateway of the container. Create a pair of virtual network card veth pair devices on the host. Docker places one end of the veth pair device in the newly created container and names it eth0 (the container's network card), and the other end in the host with a similar name like vethxxx. Name and add this network device to the docker0 bridge. You can view it through the brctl show command.
Bridge mode is docker’s default network mode. If you don’t write the --net parameter, it is bridge mode. When using docker run -p, docker actually makes DNAT rules in iptables to implement the port forwarding function. You can use iptables -t nat -vnL to view.
The bridge mode is shown in the figure below:
Recommended learning: "docker video tutorial"
The above is the detailed content of What are the four network modes of docker?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to package project with pycharm
Apr 25, 2024 am 03:54 AM
There are four ways to package a project in PyCharm: Package as a separate executable file: Export to EXE single file format. Packaged as an installer: Generate Setuptools Makefile and build. Package as a Docker image: specify an image name, adjust build options, and build. Package as a container: Specify the image to build, adjust runtime options, and start the container.
Pi Node Teaching: What is a Pi Node? How to install and set up Pi Node?
Mar 05, 2025 pm 05:57 PM
Detailed explanation and installation guide for PiNetwork nodes This article will introduce the PiNetwork ecosystem in detail - Pi nodes, a key role in the PiNetwork ecosystem, and provide complete steps for installation and configuration. After the launch of the PiNetwork blockchain test network, Pi nodes have become an important part of many pioneers actively participating in the testing, preparing for the upcoming main network release. If you don’t know PiNetwork yet, please refer to what is Picoin? What is the price for listing? Pi usage, mining and security analysis. What is PiNetwork? The PiNetwork project started in 2019 and owns its exclusive cryptocurrency Pi Coin. The project aims to create a one that everyone can participate
Agile development and operation of PHP microservice containerization
May 08, 2024 pm 02:21 PM
Answer: PHP microservices are deployed with HelmCharts for agile development and containerized with DockerContainer for isolation and scalability. Detailed description: Use HelmCharts to automatically deploy PHP microservices to achieve agile development. Docker images allow for rapid iteration and version control of microservices. The DockerContainer standard isolates microservices, and Kubernetes manages the availability and scalability of the containers. Use Prometheus and Grafana to monitor microservice performance and health, and create alarms and automatic repair mechanisms.
How to start golang program
Apr 21, 2024 am 12:47 AM
There are four ways to start a Go program: Using the command line: go run main.go Starting through the IDE's "Run" or "Debug" menu Starting a container using a container orchestration tool (such as Docker or Kubernetes) Using systemd or supervisor on Unix systems Run as a system service
Docker completes local deployment of LLama3 open source large model in three minutes
Apr 26, 2024 am 10:19 AM
Overview LLaMA-3 (LargeLanguageModelMetaAI3) is a large-scale open source generative artificial intelligence model developed by Meta Company. It has no major changes in model structure compared with the previous generation LLaMA-2. The LLaMA-3 model is divided into different scale versions, including small, medium and large, to suit different application needs and computing resources. The parameter size of small models is 8B, the parameter size of medium models is 70B, and the parameter size of large models reaches 400B. However, during training, the goal is to achieve multi-modal and multi-language functionality, and the results are expected to be comparable to GPT4/GPT4V. Install OllamaOllama is an open source large language model (LL
How to install deepseek
Feb 19, 2025 pm 05:48 PM
There are many ways to install DeepSeek, including: compile from source (for experienced developers) using precompiled packages (for Windows users) using Docker containers (for most convenient, no need to worry about compatibility) No matter which method you choose, Please read the official documents carefully and prepare them fully to avoid unnecessary trouble.
PHP distributed system architecture and practice
May 04, 2024 am 10:33 AM
PHP distributed system architecture achieves scalability, performance, and fault tolerance by distributing different components across network-connected machines. The architecture includes application servers, message queues, databases, caches, and load balancers. The steps for migrating PHP applications to a distributed architecture include: Identifying service boundaries Selecting a message queue system Adopting a microservices framework Deployment to container management Service discovery
How to optimize the performance of Java functions through containerization?
Apr 29, 2024 pm 03:09 PM
Containerization improves Java function performance in the following ways: Resource isolation - ensuring an isolated computing environment and avoiding resource contention. Lightweight - takes up less system resources and improves runtime performance. Fast startup - reduces function execution delays. Consistency - Decouple applications and infrastructure to ensure consistent behavior across environments.
