# Networking

#### Create a Docker bridge network for a developer to use for their containers

User-defined bridge networks are best when you need multiple containers to communicate on the same Docker host.

Host networks are best when the network stack should not be isolated from the Docker host, but you want other aspects of the container to be isolated.

Overlay networks are best when you need containers running on different Docker hosts to communicate, or when multiple applications work together using swarm services.

Macvlan networks are best when you are migrating from a VM setup or need your containers to look like physical hosts on your network, each with a unique MAC address.

Third-party network plugins allow you to integrate Docker with specialized network stacks.



In [None]:
%%bash 
docker network create adnan-network
docker network ls 

####  Troubleshoot container and engine logs to understand a connectivity issue between containers

In [1]:
%%bash 
stop docker 
dockerd 

bash: line 1: stop: command not found
chmod /var/lib/docker: operation not permitted


####  Publish a port so that an application is accessible externally

In [None]:
%%bash 
docker run -d -p 81:80 httpd 

#### Identify which IP and port a container is externally accessible on

In [None]:
%%bash 
docker inspect 09c --format="{{.NetworkSettings.Ports}}"

#### Describe the different types and use cases for the built-in network drivers


bridge - default network driver. 
    This is usually used when your apps run in standalone containers that need to communicate. 
    Best when you need multiple containers to speak on the same host 
  
 
host - for standalone container, remove network isolation between container and docker host
    best when you dont want the network stack isolated from the container 
    
overlay - connect multiple daemons together and enable swarm services to communicate with each other. 
    This means if you have multiple docker hosts, you run overlay network with your swarm, they can all communicate
    Use this for multiple applications communicating with each other

macvlan - ability to assign mac address to the container and make it appear like a physical device on the network 
    best when migrating from a VM setup or need them to look like physical machines?

none - networking disabled for that container. 




#### Understand the Container Network Model and how it interfaces with the Docker engine and network and IPAM drivers

![image.png](CNM.PNG)

##### CNM Constructs 

- Sandbox - containers configuration of a containers network stack. Management of the containers interfaces, routing table, and DNS settings
            
- Endpoint - joins a sandbox to a network and abstracts the connectoin from the applicatoin 

- Network - CNM is not same as OSI model. Network could be linux bridge, VLAN etc.. 

##### CNM Driver Interfaces 

- Network Drivers - This provides actual implementation that makes networks work. 
- Remote Network Drivers - created by communicate and other vendors. 
- IPAM Drivers - Managing addresses across multiple hosts on seperate physical networks while providing routing to underlying swarm networks externall is the 'IPAM problem' for Docker. Depending on the network driver chose, IPAM is handled at different layers in the stack. On single host, IPAM is not challenging and routing is genereally handled manually or through port exposure and each network is specific to the host system. Network drivers enable IPAM through DHCP drivers or plugin drivers so that complex implementations support what would normally be operlapping addresses. 
   

#### Configure Docker to use external DNS

#### Use Docker to load balance HTTP/HTTPs traffic to an application (Configure L7 load balancing with Docker EE)

#### Understand and describe the types of traffic that flow between the Docker engine, registry, and UCP controllers

   The traffic between DTR and UCP is always encrypted to ensure security. 
    Traffic between containers is not encrypted by default. 
    DTR / UCP management traffic used Mutual TLS 


#### Deploy a service on a Docker overlay network

#### Describe the difference between "host" and "ingress" port publishing mode

Host = if you do host mode and also set published port, you can only run one task for that service on a given swarm node. 
        You can work around by not being explicit with pushed port 
 
 Ingress = available to all swarm nodes, where you may publish 8080 to 80 for example 
 

