Docker Networking (Host Network)
In this article, we will learn about host networks.
Host Network
If you use the host network mode for a container, that container's network interface is in the same namespace as that of the host machine. All the namespaces inside the container are well isolated , only the network namespace is common between the container and the host machine and hence the container does not get its own IP address allocated.
List all the networks -
gaurav@learning-ocean:~$ docker network ls
NETWORK ID NAME DRIVER SCOPE
6c51373f78ac bridge bridge local
3a33f83c3663 host host local
e4ebd601732c none null local
gaurav@learning-ocean:~$
Create a new ubuntu container with network type as 'host'
gaurav@learning-ocean:~$ docker container run -it --network host ubuntu:14.04 bash
root@learning-ocean:/#
Now run the ifconfig command on both container and on host and compare the output -
Ifconfig on container-
root@learning-ocean:/# ifconfig
docker0 Link encap:Ethernet HWaddr 02:42:d6:f2:05:07
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:d6ff:fef2:507/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:506 (506.0 B) TX bytes:1513 (1.5 KB)
enp0s3 Link encap:Ethernet HWaddr 08:00:27:e8:05:e4
inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fee8:5e4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:40190 errors:0 dropped:0 overruns:0 frame:0
TX packets:17790 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:51431164 (51.4 MB) TX bytes:1564093 (1.5 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:306 errors:0 dropped:0 overruns:0 frame:0
TX packets:306 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:25039 (25.0 KB) TX bytes:25039 (25.0 KB)
root@learning-ocean:/#
Ifconfig on host-
gaurav@learning-ocean:~$ ifconfig
docker0 Link encap:Ethernet HWaddr 02:42:d6:f2:05:07
inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:d6ff:fef2:507/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:506 (506.0 B) TX bytes:1513 (1.5 KB)
enp0s3 Link encap:Ethernet HWaddr 08:00:27:e8:05:e4
inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fee8:5e4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:40190 errors:0 dropped:0 overruns:0 frame:0
TX packets:17790 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:51431164 (51.4 MB) TX bytes:1564093 (1.5 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:306 errors:0 dropped:0 overruns:0 frame:0
TX packets:306 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:25039 (25.0 KB) TX bytes:25039 (25.0 KB)
gaurav@learning-ocean:~$
It's exactly the same. This implies that both of them share the same network configurations.
And as they share the same network configurations, containers can be accessed from the port on the host's IP address. For example, if you run a container that binds to port 80 and you use host networking, the container's application is available on port 80 on the host's IP address.
Let's demonstrate this with an example-
Create an NGINX container with network type 'host' -
gaurav@learning-ocean:~$ docker container run -itd --network=host nginx
6923aa43d532a38df73d9ebcac9c79b613aae5470a96cc3bb54d0c761bd35f8c
gaurav@learning-ocean:~$ docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6923aa43d532 nginx "/docker-entrypoint.…" 6 seconds ago Up 5 seconds eager_nash
gaurav@learning-ocean:~$
Inspect the container using inspect command-
"Networks": {
"host": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "3a33f83c366348ed543af33e16be2ff7224bbe067e99e1e732a60e899f7f66e0",
"EndpointID": "b860ca4fdda3e0732367949cb94fd2eded08a4f2e46715a6c125b1bf336c102f",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"DriverOpts": null
}
}
- Here NetworkID is the same as that of the host id and the IP address is null.
- So you can use the host machine IP to access the application without any port mapping.
- Host mode networking can be useful to optimize performance, and when you don't want to do port mappings.
- Cannot be duplicated Host networks are unique and one cannot create 2 host networks. If one is present, docker won't allow you to create a new one.
gaurav@learning-ocean:~$ docker network create -d host test
Error response from daemon: only one instance of "host" network is allowed
gaurav@learning-ocean:~$
So, if you want to create another host network, just delete the existing one first and then create a new one with the name as 'host'.