Skip to content

Part 1 Default Docker Network

Jump to bottom Edit New page
Chris Swan edited this page May 13, 2015 · 11 revisions

Launch an Instance

  1. Go to console.aws.amazon.com
  2. Sign in with your AWS account
  3. Select EC2
  4. Click on Launch Instance
  5. Choose Ubuntu Server 14.04 LTS (HVM)
  6. t2.micro is fine, click Review and Launch
  7. Launch the instance choosing the key created earlier then view instances to see the public and private IPs

Connect on SSH

Connect

ssh -i my_key.pem ubuntu@public.ip

Show host IPs

ip addr

At this stage the VM will only have loopback and eth0 interfaces

Look at NAT rules

sudo iptables -t nat -L -n

No NAT rules yet

Install Docker and inspect network

Install Docker

wget -qO- https://get.docker.com/ | sh

Beware of piping untrusted scripts from the Internet into your shell. It's fine for a disposable VM, but not appropriate for a production environment.

Show host IPs

ip addr

The docker0 bridge should now be visible with its default IP of 172.17.42.1/16

Look at NAT rules

sudo iptables -t nat -L -n

A number of rules have been added during the Docker install, most notably MASQUERADE for 172.17.0.0/16

Start a container and inspect network

###Start container

CON1=$(sudo docker run -d cpswan/hello_onug)

Assigning a shell variable to the output of a sub shell command saves having to copy and paste container IDs into subsequent commands.

The cpswan/hello_onug image is a super minimal implementation of a web server using Go.

###Get IP

CON1IP=$(sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' $CON1)

The --format='{{.NetworkSettings.IPAddress}} parameter extracts just the IP address, which will likely be 172.17.0.1 for the first container launched.

###Show IP and use it

echo $CON1IP && curl $CON1IP:8080

##Start 2nd container and inspect network

###Start container

CON2=$(sudo docker run -d -p 8080:8080 cpswan/hello_onug)

This time we're binding the container port 8080 to the host port 8080 so there's no need to figure out the container address to connect to.

###Connect to the container

curl localhost:8080

##Take another look at the host network

###Show IPs

ip addr

There will now be two veth interfaces, which are the host side of interface pairs that show up as eth0 in the containers.

Look at NAT rules

sudo iptables -t nat -L -n

The port mapping will now show up as MASQUERADE and DNAT rules.

Add a custom footer
Add a custom sidebar
Clone this wiki locally