Networking for IPC

Owned by Selvyn Wright
Last updated: Jul 30, 2018
3 min read

I'm planning on taking the steps towards microservice architectures.  Before I can do this I need to get a better understanding of how Docker works with networking.

VirtualBox

By default the VM is only visible on the host it is running on, so if you try to connect to one of the containers on that host you will get a HTTP 404 or something similar.  

One solution to dealing with this is to enable port forwarding on the network interface of the VirtualBox vm.  This can be done by

  1. Selecting the VM (it will have the same name as the docker machine "default") within VirtualBox
  2. Open up the settings dialog and select Network
  3. Select Adapter 1
  4. Select Advanced
  5. Select Port Forwarding
  6. Add a rule (do not specify the host or guest IPs)
    1. for the host port specify the port ID you want to use for localhost:####, e.g. if you want to use localhost:4848 specifiy host port as 4848
    2. for the guest port specify the port map you exposed, so if the container exposes 4848 you mapped it to 4949, specify the guest as 4949
  7. Save the settings
  8. Make sure any firewall settings on the host allow connections from any IP to the specified port

Docker network interfaces

If you execute docker network ls you can see the the network interfaces that docker sets up

Example script execution
C:\Users\Selvyn\demo\case-study-container-components>docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
081e5f112a84        bridge              bridge              local
9a9289a441ff        host                host                local
b081d753fc22        none                null                local

Use docker run --network=<network name> to select a network.  By default docker run will selects bridge.

Docker on Windows Pro or Server 2016 (Hypervisor-V running)

Using Docker on this platform changes everything.  You container no longer run on a VM like VirtualBox but are integrated into the host environment.  As such they can be access through the host via 127.0.0.1:<port>.  This does present a problem when you want to IPC between applications running in different containers as the 127.0.0.1 will never leave the container.

So where is the gateway?  If you perform a docker inspect <container>, you should see that there is an IP for gateway, but trying to access your service on the IP will still fail.  So docker on Windows Pro/Server 2016 still doesn't function like it does on Linux, where using the gateway would have worked.

Docker on Windows Pro/Server 2016 creates a special interface called DockerNAT.  Run ipconfig from the command line and you will see it is listed as one of the interfaces.  Note it's IP address.  Then try accessing the service via this IP.  It will work!  So what's going on?  You will find an excellent post by Korbin Brown, so I have linked to it here rather than trying to explain it all over again.

Enjoy