Windows Containers Networking Explained

In this article, I’ll show you how to configure Windows Containers and Docker Networking and get your containers exposed and communicating with your network.

By default, new Windows Containers are not exposed to the rest of the network and cannot be accessible from anywhere Including the Container Host.

To make the containers available we need to configure the Docker \ Windows Containers Network and make them available to the container.

Windows Containers comes with 5 network types and in this article, I’ll cover only two of them which will cover 90% of deployments needs.

The 5 Networks are:

  • Port Mapping (NAT) – This is the most basic network configuration, where we open a port on the container and access it via the Container Host IP \ hostname (Problem with this Is that we can only have one Container using the port).
  • Transparent – Most used network, The Containers Network Is directly connected to the physical network and we can either use static IP or DHCP, This is the most popular Network Configuration.
  • Overlay – Used with Docker Swarm which will allow the container endpoints to connect to multiple container hosts
  • L2 Bridge – Each Container will use the same network as the Container Host
  • L2 Tunnel – Only available on Microsoft Azure
  • Port Mapping (NAT)

In this example, I’ll create a Container with Port 80 and 443 available on the container and they will automatically be available when using them with the Container Host IP

docker run -it --name nano01 -p 80:80 -p 443:443 microsoft/nanoserver cmd

When I access the Host IP I get the Container IIS Page

When I look at the Container I can see that the Port Is open

Transparent

This network configuration will make all Containers available on the physical network once we define the Transparent Network below:

docker network create -d transparent MyTransparentNetwork

Note: When using Transparent network on a Hyper-V container Host we need to enable MACAddressSpoofing

Next, I’ll create a new Container In the Transparent Network with the code below:

docker run -it --name nano04 --network=MyTransparentNetwork nanoserver/iis

To view all the Networks, use the code below:

docker network ls

Posted

in

by