what is the use of HOST and NONE network in docker?
Docker by default supports 3 networks:
1) None:
This mode will not configure any IP for the container and doesn’t have any access to the external network as well as for other containers. It does have the loopback address and can be used for running batch jobs.
# docker run -it --network=none ubuntu:14.04 /bin/bashroot@66308c6686be:/# ifconfiglo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)# # docker inspect 66308c6686be | grep -i ipaddr "SecondaryIPAddresses": null, "IPAddress": "", "IPAddress": "",2) Host
In this mode container will share the host’s network stack and all interfaces from the host will be available to the container. The container’s host name will match the host name on the host system
# docker run -it --net=host ubuntu:14.04 /bin/bashroot@labadmin-VirtualBox:/# hostnamelabadmin-VirtualBoxEven the IP configuration is same as the host system's IP configuration
root@labadmin-VirtualBox:/# ip addr | grep -A 2 eth02: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:b5:82:2f brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0 valid_lft forever preferred_lft forever3: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default root@labadmin-VirtualBox:/# exitexitHOST SYSTEM IP CONFIGURATION# ip addr | grep -A 2 eth02: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:b5:82:2f brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0 valid_lft forever preferred_lft forever3: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default In host and none mode are not configured directly but default bridge network can be configured as well as create your own user-defined bridge networks.
3) Bridge Mode
It is the Docker default networking mode which will enable the connectivity to the other interfaces of the host machine as well as among containers.
# docker run -it --network=bridge ubuntu:14.04 /bin/bashroot@58b0b1f18b2e:/# ifconfigeth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:0c inet addr:172.17.0.12 Bcast:0.0.0.0 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:16 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2668 (2.6 KB) TX bytes:0 (0.0 B)lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)Accessibility to other containers is possible in bridge mode.
root@58b0b1f18b2e:/# ping 172.17.0.11PING 172.17.0.11 (172.17.0.11) 56(84) bytes of data.64 bytes from 172.17.0.11: icmp_seq=1 ttl=64 time=0.143 ms64 bytes from 172.17.0.11: icmp_seq=2 ttl=64 time=0.050 msConnectivity to external network.
root@58b0b1f18b2e:/# ping google.com PING google.com (216.58.197.46) 56(84) bytes of data.64 bytes from maa03s20-in-f46.1e100.net (216.58.197.46): icmp_seq=1 ttl=51 time=16.9 msConnectivity to host machine
root@labadmin-VirtualBox:~# ip a | grep eth02: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0root@58b0b1f18b2e:/# ping 10.0.2.15PING 10.0.2.15 (10.0.2.15) 56(84) bytes of data.64 bytes from 10.0.2.15: icmp_seq=1 ttl=64 time=0.113 msAlong with these docker provides MACVLAN network which allows to configure multiple Layer 2(MAC) addresses on a single physical interface.
Bridge network: Bridge is the default network in docker which is also called as docker0. It is the default network that bridges through the NAT firewall to the physical that your host is connected to. But, we don't care about it as all the containers will attach to this network and worked.
If you have any containers running, you could inspect the bridge network as,
$ docker network inspect bridge...."Containers": { "145a2716d018c6fe8e9f93a81d88afd5a7437f0084ddb170c40761818e6d2f67": { "Name": "nginx", "EndpointID": "ea6cfa433f41e21e572f17473c8e5f5e5d82e9f19646e66fe23abda20a3836b8", "MacAddress": "02:42:ac:11:00:02", "IPv4Address": "172.17.0.2/16", "IPv6Address": "" } },...
Note: You can see that automatic IP address assigned to the container which is from the IPAM config subnet.
Host Network: is a special network which skips the virtual networking of docker and attach the container directly to host interface. It's really not recommended but, in certain situations, can improve the performance of high throughput networking and in other, you will loose out of few benefits of containerization.
$ docker container run -it --net=host nginx:alpine /bin/bashNone Network: is kind of equivalent to having an interface on your machine that's not attched to anything, but we can create our own. The none network adds a container to a container-specific network stack. That container lacks a network interface.
$ docker container run -it --network=none nginx:alpine /bin/bashroot@8cb783cd4509:/# ip -4 addr1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever
Suppose your docker image support ifconfig, image name is "ubuntu/net"
Then, run docker for host & none:
sudo docker run -it --network=host ubuntu/netroot@localhost:/# ifconfig docker0 Link encap:Ethernet HWaddr xxxxxxxxxxxxx inet addr:x.x.x.x Bcast:0.0.0.0 Mask:255.255.0.0 eth0 Link encap:Ethernet HWaddr xxxxxxxxxxxx inet addr:y.y.y.y Bcast: Mask:255.255.254.0sudo docker run -it --network=none ubuntu/netroot@localhost:/# ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0