|
|
@@ -8,7 +8,7 @@ Configure Networking
|
|
|
|
|
|
Docker uses Linux bridge capabilities to provide network connectivity
|
|
|
to containers. The ``docker0`` bridge interface is managed by Docker
|
|
|
-itself for this purpose. Thus, when the Docker daemon starts it :
|
|
|
+for this purpose. When the Docker daemon starts it :
|
|
|
|
|
|
- creates the ``docker0`` bridge if not present
|
|
|
- searches for an IP address range which doesn't overlap with an existing route
|
|
|
@@ -34,7 +34,7 @@ At runtime, a :ref:`specific kind of virtual
|
|
|
interface<vethxxxx-device>` is given to each container which is then
|
|
|
bonded to the ``docker0`` bridge. Each container also receives a
|
|
|
dedicated IP address from the same range as ``docker0``. The
|
|
|
-``docker0`` IP address is then used as the default gateway for the
|
|
|
+``docker0`` IP address is used as the default gateway for the
|
|
|
container.
|
|
|
|
|
|
.. code-block:: bash
|
|
|
@@ -55,8 +55,8 @@ which is dedicated to the 52f811c5d3d6 container.
|
|
|
How to use a specific IP address range
|
|
|
---------------------------------------
|
|
|
|
|
|
-Docker will try hard to find an IP range which is not used by the
|
|
|
-host. Even if it works for most cases, it's not bullet-proof and
|
|
|
+Docker will try hard to find an IP range that is not used by the
|
|
|
+host. Even though it works for most cases, it's not bullet-proof and
|
|
|
sometimes you need to have more control over the IP addressing scheme.
|
|
|
|
|
|
For this purpose, Docker allows you to manage the ``docker0`` bridge
|
|
|
@@ -118,25 +118,25 @@ In this scenario:
|
|
|
Container intercommunication
|
|
|
-------------------------------
|
|
|
|
|
|
-Containers can communicate with each other according to the ``icc``
|
|
|
-parameter value of the Docker daemon.
|
|
|
+The value of the Docker daemon's ``icc`` parameter determines whether
|
|
|
+containers can communicate with each other over the bridge network.
|
|
|
|
|
|
- The default, ``-icc=true`` allows containers to communicate with each other.
|
|
|
- ``-icc=false`` means containers are isolated from each other.
|
|
|
|
|
|
-Under the hood, ``iptables`` is used by Docker to either accept or
|
|
|
+Docker uses ``iptables`` under the hood to either accept or
|
|
|
drop communication between containers.
|
|
|
|
|
|
|
|
|
.. _vethxxxx-device:
|
|
|
|
|
|
-What's about the vethXXXX device?
|
|
|
+What is the vethXXXX device?
|
|
|
-----------------------------------
|
|
|
Well. Things get complicated here.
|
|
|
|
|
|
The ``vethXXXX`` interface is the host side of a point-to-point link
|
|
|
between the host and the corresponding container; the other side of
|
|
|
-the link being materialized by the container's ``eth0``
|
|
|
+the link is the container's ``eth0``
|
|
|
interface. This pair (host ``vethXXX`` and container ``eth0``) are
|
|
|
connected like a tube. Everything that comes in one side will come out
|
|
|
the other side.
|
John Gardiner Myers