You might be wondering why we need Docker Networking for embedded devices that are already connected to the internet. The reason is – different industries use applications differently. For example, deploying multiple embedded systems at the same location may not be cost-effective for some industries. Instead, we can design hardware (HW) with more interfaces and run Docker containers to share the hardware among them. If we don’t use docker containers then there will be a single application running and handling multiple small applications and if any one of it face issue e.g. crashes then whole system will go down. We can avoid this by using dockers. By using containers, if an issue occurs in one container, it will not be affecting the others. Beside this it is easier to maintain a single hardware than multiple ones.
According to me, Docker Networking for embedded systems is a really important topic. In most of the applications where we will be using docker for embedded systems, we often need to connect these systems to other systems or to the cloud. That’s where Docker Networking comes in. So, we can say that the docker networking for embedded systems is a way to connect different containers running on the same or different systems. It’s like a virtual way to link different devices together, so that they can communicate with each other.
In the docker network, each container can have its own virtual network interface, IP Address, routing table etc in the similar fashion how a real physical embedded system may have. Just like how different embedded devices communicate to each other, these docker container will also be communicating to each other’s using their IP addresses. These containers will be exposing their service to the outer world through the ports available on the embedded devices.
Docker networking provides several benefits, such as isolation, scalability, and portability etc. By isolating containers in their own networks, Docker ensures that they don’t interfere with each other or with the host system. By scaling containers across multiple hosts or clusters, Docker enables the way to load balancing and high availability. And it is also helpful by abstracting the network from the application. By doing so, Docker makes it easy to move containers between different environments, such as development, testing, and production.
Docker networking concepts
Before understanding the Docker networking, we should learn the concepts. The Docker have very good feature to plug/un-plug the networking subsystem using the drivers. Many of these drivers exist by default so that the user will be able to use the core network functionality. Lets us understand some of them.
Bridge
In networking, a bridge is a Link Layer device that forward traffic between various network segments. In other words, a bridge is a type of network that allows multiple devices to connect to each other. It acts as a virtual switch, connecting different devices within the same network. A bridge network is useful when you want to connect multiple containers together so they can communicate with each other. In Docker, the bridge is the default network driver. So, in Docker, bridge network driver can used when your application running in container need to communicate with other container or any other network device. Doker does so, by automatically installing some rules in the host machine.
In Docker, a default network called “bridge” is created automatically. This is the network that containers use to talk to each other, unless you specify some other. You can also create your own custom networks for your containers to use. Custom networks are better than the default bridge network because they give you more control over how your containers communicate with each other and with the outside world.
Host
A host network allows a container to use the host’s network stack directly, instead of having its own isolated network stack. This means that the container shares the same network interface as the host, allowing it to access the host’s network resources directly. This type of network is useful when you want to expose a container to the host network.
Host mode of networking driver can be very useful when a container needs to handle a large range of ports. As with host driver it does not require network address translation (NAT), and no “userland-proxy” is created for each port for the overall performance is also increased.
NOTE: The host networking driver works only on Linux hosts. Docker Desktop for Mac, Docker Desktop for Windows, or Docker EE for Windows Server does not support this driver. You can read about Host Network driver on Docker documents also.
Overlay
An overlay network is a virtual network that spans across multiple hosts, allowing containers on different hosts to communicate with each other. This type of network is useful when you want to deploy a multi-container application across multiple hosts, without having to worry about the underlying network topology. It is mainly used in Docker swarm.
IPvlan
It allows a container to have its own unique IP address as well as its own unique MAC address. This type of network is useful when you want to assign a container its own unique IP address on the same network as the host, without having to share the host’s MAC address. IPvlan gives full control to the user for IPv4 & IPv6.
Macvlan
A macvlan network allows a container to have its own unique MAC address, which can be useful in situations where you need to assign a container a unique IP address on the same network. This type of network is useful when you want to assign a container an IP address on the same network as the host, without having to share the host’s MAC address.
NOTE: Your networking equipment needs to be able to handle “promiscuous mode”, where one physical interface can be assigned multiple MAC addresses
None
This driver is used when we want to disable all the networking. It is usually done when our container doesn’t need to communicate outside, or we have made some custom network driver.
Third-party plugins
Thery are many third-part network drivers available on Docker Hub. If something suits to your needs, then you can use those plugins also.
If these concepts are clear to you then we can move ahead and try to configure/manage them.
Configure & manage Docker network settings
When our embedded system will be running multiple containers then we will need to configure & manage the networks. So, let us understand the networks in detail. Which type of network should be used for any particular case.
You can use “docker network ls” to check the network currently running on the host at any time.
Here we can see that
- A bridge network driver which is the deafult one.
- We have the host network driver
- And None network driver which is used to isolate the container from all the networks.
Let us try to configure some of the networks in docker.
Bridge
As explained above, a bridge is a virtual interface that connects all the internal docker containers to the docker host networks. So, whenever we create a container then it is attached to the default network which is none other than bridge network. Even through you have not defined any network of your container, a default bridge network is created by the docker. You can view this using inspect command.
docker inspect <container name>
You will be able to see a lot of information about the container. The network information might be shown something like below
We can clearly see that a bridge type network is created by the docker. You can also notice that the container have received an IP address (172.17.0.10 in this above case).
When you had installed the docker then it have created a interface on the host named “docker0”. You can check this with “ip a” command. All the container will be automatically attached to this interface by the docker. All the containers will be getting the IP address from the DHCP running in the docker on the subnet of “docker0” interface.
If multiple containers are running, then you can reach to those containers from each other using their IP address within the network. Every time you deploy the container, It will get different IP address form the docker DHCP server.
Docker give us possibly to create a custom bridge network also. We can create a custom network using “docker network create“. If different groups of applications have different network requirements, you can configure each user-defined bridge separately. Now, let us create a custom bridge network named “customebridge”. We can create it using command “docker network create custombridge“. Let us see how it is created using command “docker network ls”
We can see that a new network named “custombridge” of type “bridge” is created. Using the bridge network driver, we can not reach to the container from the host.
To connect a running container to this bridge network, we can use “docker network connect” command. e.g. docker network connect custombridge my_container.
you can read the bridge network driver on docker page in more detail.
You might be interested reading about Docker Storage for embedded systems.