Skip to main content
Version: Torizon OS 7.x.y

How to Setup Network Between Containers

Introduction

This article aims to guide you in configuring Docker container connectivity for various scenarios, covering port exposure, private networks, inter-container communication, and host network usage.

Prerequisites

Connectivity

By default, containers connect to Docker's "bridge" network. This configuration allows containers to communicate with the outside with no restrictions. However, it prevents them from being accessible from the outside. We cover three possible networking configuration, each recommended for specific situations:

  • Expose ports: used when your application needs to receive an inbound connection from outside the container on a specific port or a set of ports. Attackers cannot access ports that are not explicitly exposed, and you can use the same port number on several containers, even if the host uses that port number for another application.
  • Private Networks: used when you need to communicate between containers, but avoid that external world to access those communication endpoints. For example, if you have a container exposing a REST API (backend) to a container that implements a web UI (frontend).
  • Host Network: Used when you need to access the network with the same IP and configuration used by processes running natively on the host OS. This method is the least recommended since you expose the entire container networking to the outside, and you should only choose it if it is really required.

Private Networks - Inter-container Communication

There are scenarios where you may want your containers communicating only to each other on the same device. You can do it by creating a private docker network.
Containers on a private network are accessible with no restrictions, without needing to explicitly enable ports, but only if the containers are on the same network. This remark is important because you can create as many networks as you want and have one container on more than one private network.

For example, you may have a container exposing a REST API (backend) to a container that implements a web UI (frontend). The backend and frontend will be on the same private network. The frontend will also be on the bridge network, exposing the port used to serve webpages.

To use a private network, you have to create it on the device using the docker network create command or defining it in docker-compose. Then you can add your container to that network.

Inter-process Communication (IPC)

The IPC, or Inter-process communication, is a mechanism that allows processes to communicate with each other, by sharing memory or exchanging messages, and keep their tasks synchronized.

If you want to configure IPC mode through the docker run command, use --ipc=mode, replacing mode for private or host as you may need.

If your use case require a different mode, please consult the related Docker documentation.

Host Network: Using the Host Network Inside a Container

For some kinds of applications, typically those that need to use low-level UDP-based protocols, you may need to access the network using the same IP and configuration used by processes running natively on the host OS. In this case, you should enable host network mode.

All the ports exposed by applications running in your container will be exposed directly on the host network interfaces in host mode. This also means that you won't be able to expose services on ports already used by the host (for example, port 22 for SSH).



Send Feedback!