docker networking is CRAZY!!
https://www.youtube.com/watch?v=bKFMS5C4CG0
code: zsh
ec2-user@ip-172-31-27-208 ~$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ec2-user@ip-172-31-27-208 ~$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000
link/ether 06:7a:e3:8b:77:11 brd ff:ff:ff:ff:ff:ff
inet 172.31.27.208/20 brd 172.31.31.255 scope global dynamic eth0
valid_lft 3498sec preferred_lft 3498sec
inet6 fe80::47a:e3ff:fe8b:7711/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:18:16:38:70 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
https://scrapbox.io/files/67c7607a880ff3d9662c3bc8.png
code: zsh
ec2-user@ip-172-31-27-208 ~$ sudo docker network ls
NETWORK ID NAME DRIVER SCOPE
feb40d9c5e0a bridge bridge local
423f9759b7c7 host host local
7b5506fac912 none null local
code: zsh
ec2-user@ip-172-31-27-208 ~$ sudo docker run -itd --rm --name thor busybox
ec2-user@ip-172-31-27-208 ~$ sudo docker run -itd --rm --name mjolnir busybox
ec2-user@ip-172-31-27-208 ~$ sudo docker run -itd --rm --name stormbreaker nginx
ec2-user@ip-172-31-27-208 ~$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
77be55acbf2b nginx "/docker-entrypoint.…" 11 seconds ago Up 10 seconds 80/tcp stormbreaker
1c4d2cde36a0 busybox "sh" 50 seconds ago Up 50 seconds mjolnir
7a236519b33c busybox "sh" About a minute ago Up About a minute thor
https://scrapbox.io/files/67c7615e7861418ade29fee7.png
code: zsh
ec2-user@ip-172-31-27-208 ~$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000
link/ether 06:7a:e3:8b:77:11 brd ff:ff:ff:ff:ff:ff
inet 172.31.27.208/20 brd 172.31.31.255 scope global dynamic eth0
valid_lft 3172sec preferred_lft 3172sec
inet6 fe80::47a:e3ff:fe8b:7711/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:18:16:38:70 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:18ff:fe16:3870/64 scope link
valid_lft forever preferred_lft forever
5: vethb7ff178@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 1e:6a:f4:48:5d:b5 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::1c6a:f4ff:fe48:5db5/64 scope link
valid_lft forever preferred_lft forever
7: veth926ed32@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 9e:bc:46:82:c8:4e brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::9cbc:46ff:fe82:c84e/64 scope link
valid_lft forever preferred_lft forever
9: veth651afc1@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether c2:21:01:c6:85:c6 brd ff:ff:ff:ff:ff:ff link-netnsid 2
inet6 fe80::c021:1ff:fec6:85c6/64 scope link
valid_lft forever preferred_lft forever
code: zsh
ec2-user@ip-172-31-27-208 ~$ bridge link
5: vethb7ff178@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master docker0 state forwarding priority 32 cost 2
7: veth926ed32@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master docker0 state forwarding priority 32 cost 2
9: veth651afc1@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master docker0 state forwarding priority 32 cost 2
veth が 3 つ追加されている
veth は docker0 につながっている
code: zsh
ec2-user@ip-172-31-27-208 ~$ sudo docker inspect bridge
[
{
"Name": "bridge",
"Id": "feb40d9c5e0a207ffbcfc262579c3c88efcc1f5c1c5c23a7eb9583b869a9277a",
"Created": "2025-03-04T20:18:10.944645257Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"1c4d2cde36a04e8331197be2f56abfe4a781cec1e3ab835171b65f8ece52a897": {
"Name": "mjolnir",
"EndpointID": "6b7d38225995627c6b968fab8207319032b000f225da7c24fdcf0f13e578d113",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
},
"77be55acbf2b30e1fa5858922b16f63624264752ab55fb4198aea1f1262a7f19": {
"Name": "stormbreaker",
"EndpointID": "665b57ec55b3ed66df66600b94dbd72fd1e4a0c9ecb82f0fd808083ade52785b",
"MacAddress": "02:42:ac:11:00:04",
"IPv4Address": "172.17.0.4/16",
"IPv6Address": ""
},
"7a236519b33cefbef2ac5f9f93bf4da04d5c9c6d561b8604da0be53bbf44cd75": {
"Name": "thor",
"EndpointID": "8557346f715e22c68f5c1b80461919a294d808d1ce20da79ac6312ad56d6be30",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
それぞれのコンテナが IP アドレスを保持している
https://scrapbox.io/files/67c7625de7131edd46c67029.png
code: zsh
ec2-user@ip-172-31-27-208 ~$ sudo docker exec -it thor sh
/ # ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
code: zsh
/ # ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: seq=0 ttl=127 time=0.081 ms
64 bytes from 172.17.0.3: seq=1 ttl=127 time=0.066 ms
64 bytes from 172.17.0.3: seq=2 ttl=127 time=0.067 ms
^C
--- 172.17.0.3 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
eth0 が生えてる
bridge 経由で他のコンテナと通信できる
code: zsh
/ # ping google.com
PING google.com (74.125.193.139): 56 data bytes
64 bytes from 74.125.193.139: seq=0 ttl=106 time=1.416 ms
64 bytes from 74.125.193.139: seq=1 ttl=106 time=1.684 ms
64 bytes from 74.125.193.139: seq=2 ttl=106 time=1.461 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
code: zsh
/ # ip route show
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 scope link src 172.17.0.2
デフォルトゲートウェイが docker0
NAT によりインターネットに疎通できる
https://scrapbox.io/files/67c7644cd93e05b5da59b0a6.png
https://scrapbox.io/files/67c76524b28f863a137930df.png
code: zsh
ec2-user@ip-172-31-27-208 ~$ sudo docker run -itd --rm -p 80:80 --name stormbreaker nginx
fc04cc70b4d0522b22254b1c0de5cb5030a0324645c75824a052a0f7ca8f2c70
ec2-user@ip-172-31-27-208 ~$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fc04cc70b4d0 nginx "/docker-entrypoint.…" 4 minutes ago Up 4 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp stormbreaker
code: zsh
ec2-user@ip-172-31-27-208 ~$ curl http://34.244.164.224
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>