2015-10-18 23:47:32 +00:00
|
|
|
% DOCKER(1) Docker User Manuals
|
|
|
|
% Docker Community
|
|
|
|
% OCT 2015
|
|
|
|
# NAME
|
|
|
|
docker-network-create - create a new network
|
|
|
|
|
|
|
|
# SYNOPSIS
|
|
|
|
**docker network create**
|
2015-11-10 01:33:55 +00:00
|
|
|
[**--aux-address**=*map[]*]
|
|
|
|
[**-d**|**--driver**=*DRIVER*]
|
|
|
|
[**--gateway**=*[]*]
|
|
|
|
[**--help**]
|
2015-12-28 02:15:50 +00:00
|
|
|
[**--internal**]
|
2015-11-10 01:33:55 +00:00
|
|
|
[**--ip-range**=*[]*]
|
|
|
|
[**--ipam-driver**=*default*]
|
2015-10-23 19:28:39 +00:00
|
|
|
[**--ipam-opt**=*map[]*]
|
2016-02-12 01:42:15 +00:00
|
|
|
[**--ipv6**]
|
2016-03-25 18:16:19 +00:00
|
|
|
[**--label**[=*[]*]]
|
2015-11-10 01:33:55 +00:00
|
|
|
[**-o**|**--opt**=*map[]*]
|
|
|
|
[**--subnet**=*[]*]
|
|
|
|
NETWORK-NAME
|
2015-10-18 23:47:32 +00:00
|
|
|
|
|
|
|
# DESCRIPTION
|
|
|
|
|
|
|
|
Creates a new network. The `DRIVER` accepts `bridge` or `overlay` which are the
|
|
|
|
built-in network drivers. If you have installed a third party or your own custom
|
|
|
|
network driver you can specify that `DRIVER` here also. If you don't specify the
|
|
|
|
`--driver` option, the command automatically creates a `bridge` network for you.
|
|
|
|
When you install Docker Engine it creates a `bridge` network automatically. This
|
|
|
|
network corresponds to the `docker0` bridge that Engine has traditionally relied
|
|
|
|
on. When launch a new container with `docker run` it automatically connects to
|
|
|
|
this bridge network. You cannot remove this default bridge network but you can
|
|
|
|
create new ones using the `network create` command.
|
|
|
|
|
|
|
|
```bash
|
|
|
|
$ docker network create -d bridge my-bridge-network
|
|
|
|
```
|
|
|
|
|
|
|
|
Bridge networks are isolated networks on a single Engine installation. If you
|
|
|
|
want to create a network that spans multiple Docker hosts each running an
|
|
|
|
Engine, you must create an `overlay` network. Unlike `bridge` networks overlay
|
|
|
|
networks require some pre-existing conditions before you can create one. These
|
|
|
|
conditions are:
|
|
|
|
|
|
|
|
* Access to a key-value store. Engine supports Consul, Etcd, and Zookeeper (Distributed store) key-value stores.
|
|
|
|
* A cluster of hosts with connectivity to the key-value store.
|
|
|
|
* A properly configured Engine `daemon` on each host in the cluster.
|
|
|
|
|
2016-04-28 06:55:22 +00:00
|
|
|
The `dockerd` options that support the `overlay` network are:
|
2015-10-18 23:47:32 +00:00
|
|
|
|
|
|
|
* `--cluster-store`
|
|
|
|
* `--cluster-store-opt`
|
|
|
|
* `--cluster-advertise`
|
|
|
|
|
|
|
|
To read more about these options and how to configure them, see ["*Get started
|
|
|
|
with multi-host
|
2016-03-12 13:24:55 +00:00
|
|
|
network*"](https://docs.docker.com/engine/userguide/networking/get-started-overlay/).
|
2015-10-18 23:47:32 +00:00
|
|
|
|
|
|
|
It is also a good idea, though not required, that you install Docker Swarm on to
|
|
|
|
manage the cluster that makes up your network. Swarm provides sophisticated
|
|
|
|
discovery and server management that can assist your implementation.
|
|
|
|
|
|
|
|
Once you have prepared the `overlay` network prerequisites you simply choose a
|
|
|
|
Docker host in the cluster and issue the following to create the network:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
$ docker network create -d overlay my-multihost-network
|
|
|
|
```
|
|
|
|
|
|
|
|
Network names must be unique. The Docker daemon attempts to identify naming
|
|
|
|
conflicts but this is not guaranteed. It is the user's responsibility to avoid
|
|
|
|
name conflicts.
|
|
|
|
|
|
|
|
## Connect containers
|
|
|
|
|
|
|
|
When you start a container use the `--net` flag to connect it to a network.
|
|
|
|
This adds the `busybox` container to the `mynet` network.
|
|
|
|
|
|
|
|
```bash
|
|
|
|
$ docker run -itd --net=mynet busybox
|
|
|
|
```
|
|
|
|
|
|
|
|
If you want to add a container to a network after the container is already
|
|
|
|
running use the `docker network connect` subcommand.
|
|
|
|
|
|
|
|
You can connect multiple containers to the same network. Once connected, the
|
|
|
|
containers can communicate using only another container's IP address or name.
|
|
|
|
For `overlay` networks or custom plugins that support multi-host connectivity,
|
|
|
|
containers connected to the same multi-host network but launched from different
|
|
|
|
Engines can also communicate in this way.
|
|
|
|
|
|
|
|
You can disconnect a container from a network using the `docker network
|
|
|
|
disconnect` command.
|
|
|
|
|
|
|
|
## Specifying advanced options
|
|
|
|
|
|
|
|
When you create a network, Engine creates a non-overlapping subnetwork for the
|
|
|
|
network by default. This subnetwork is not a subdivision of an existing network.
|
|
|
|
It is purely for ip-addressing purposes. You can override this default and
|
2016-03-17 08:13:51 +00:00
|
|
|
specify subnetwork values directly using the `--subnet` option. On a
|
2015-10-18 23:47:32 +00:00
|
|
|
`bridge` network you can only create a single subnet:
|
|
|
|
|
|
|
|
```bash
|
2016-06-06 12:20:41 +00:00
|
|
|
$ docker network create -d bridge --subnet=192.168.0.0/16 br0
|
2015-10-18 23:47:32 +00:00
|
|
|
```
|
2016-06-06 12:20:41 +00:00
|
|
|
|
|
|
|
Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address`
|
|
|
|
options.
|
2015-10-18 23:47:32 +00:00
|
|
|
|
|
|
|
```bash
|
2016-06-06 12:20:41 +00:00
|
|
|
$ docker network create \
|
|
|
|
--driver=bridge \
|
|
|
|
--subnet=172.28.0.0/16 \
|
|
|
|
--ip-range=172.28.5.0/24 \
|
|
|
|
--gateway=172.28.5.254 \
|
|
|
|
br0
|
2015-10-18 23:47:32 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
If you omit the `--gateway` flag the Engine selects one for you from inside a
|
|
|
|
preferred pool. For `overlay` networks and for network driver plugins that
|
|
|
|
support it you can create multiple subnetworks.
|
|
|
|
|
|
|
|
```bash
|
2016-06-06 12:20:41 +00:00
|
|
|
$ docker network create -d overlay \
|
|
|
|
--subnet=192.168.0.0/16 \
|
|
|
|
--subnet=192.170.0.0/16 \
|
|
|
|
--gateway=192.168.0.100 \
|
|
|
|
--gateway=192.170.0.100 \
|
|
|
|
--ip-range=192.168.1.0/24 \
|
Fix incorrect aux-address examples and test
The (host)name for aux-addresses should
be unique, otherwise later values overwrite
earlier values.
Before this change, the example command
would send this API request;
{
"Attachable": false,
"CheckDuplicate": true,
"Driver": "overlay",
"EnableIPv6": false,
"IPAM": {
"Config": [
{
"Gateway": "192.168.0.100",
"IPRange": "192.168.1.0/24",
"Subnet": "192.168.0.0/16"
},
{
"AuxiliaryAddresses": {
"a": "192.170.1.5",
"b": "192.170.1.6"
},
"Gateway": "192.170.0.100",
"Subnet": "192.170.0.0/16"
}
],
"Driver": "default",
"Options": {
}
},
"Internal": false,
"Labels": {
},
"Name": "my-multihost-network",
"Options": {
}
}
After this change, the request looks
like this (all aux-addresses preserved);
{
"Attachable": false,
"CheckDuplicate": true,
"Driver": "overlay",
"EnableIPv6": false,
"IPAM": {
"Config": [
{
"AuxiliaryAddresses": {
"my-router": "192.168.1.5",
"my-switch": "192.168.1.6"
},
"Gateway": "192.168.0.100",
"IPRange": "192.168.1.0/24",
"Subnet": "192.168.0.0/16"
},
{
"AuxiliaryAddresses": {
"my-printer": "192.170.1.5",
"my-nas": "192.170.1.6"
},
"Gateway": "192.170.0.100",
"Subnet": "192.170.0.0/16"
}
],
"Driver": "default",
"Options": {
}
},
"Internal": false,
"Labels": {
},
"Name": "my-multihost-network",
"Options": {
}
}
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit fd7161bb3061e2e2f56faed1a4ba1f7a887627bf)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-09-26 23:02:57 +00:00
|
|
|
--aux-address="my-router=192.168.1.5" --aux-address="my-switch=192.168.1.6" \
|
|
|
|
--aux-address="my-printer=192.170.1.5" --aux-address="my-nas=192.170.1.6" \
|
2015-12-01 05:33:55 +00:00
|
|
|
my-multihost-network
|
2015-10-18 23:47:32 +00:00
|
|
|
```
|
2016-06-06 12:20:41 +00:00
|
|
|
|
|
|
|
Be sure that your subnetworks do not overlap. If they do, the network create
|
|
|
|
fails and Engine returns an error.
|
2015-10-18 23:47:32 +00:00
|
|
|
|
2015-12-28 02:15:50 +00:00
|
|
|
### Network internal mode
|
|
|
|
|
2016-06-06 12:20:41 +00:00
|
|
|
By default, when you connect a container to an `overlay` network, Docker also
|
|
|
|
connects a bridge network to it to provide external connectivity. If you want
|
|
|
|
to create an externally isolated `overlay` network, you can specify the
|
|
|
|
`--internal` option.
|
2015-12-28 02:15:50 +00:00
|
|
|
|
2015-10-18 23:47:32 +00:00
|
|
|
# OPTIONS
|
2015-11-10 01:33:55 +00:00
|
|
|
**--aux-address**=map[]
|
2016-07-16 07:32:17 +00:00
|
|
|
Auxiliary IPv4 or IPv6 addresses used by network driver
|
2015-10-18 23:47:32 +00:00
|
|
|
|
2015-11-10 01:33:55 +00:00
|
|
|
**-d**, **--driver**=*DRIVER*
|
2015-10-18 23:47:32 +00:00
|
|
|
Driver to manage the Network bridge or overlay. The default is bridge.
|
|
|
|
|
2015-11-10 01:33:55 +00:00
|
|
|
**--gateway**=[]
|
2016-07-16 07:32:17 +00:00
|
|
|
IPv4 or IPv6 Gateway for the master subnet
|
2015-10-18 23:47:32 +00:00
|
|
|
|
2015-11-10 01:33:55 +00:00
|
|
|
**--help**
|
2015-10-18 23:47:32 +00:00
|
|
|
Print usage
|
|
|
|
|
2015-12-28 02:15:50 +00:00
|
|
|
**--internal**
|
2016-07-16 07:32:17 +00:00
|
|
|
Restrict external access to the network
|
2015-12-28 02:15:50 +00:00
|
|
|
|
2015-11-10 01:33:55 +00:00
|
|
|
**--ip-range**=[]
|
2015-10-18 23:47:32 +00:00
|
|
|
Allocate container ip from a sub-range
|
|
|
|
|
2015-11-10 01:33:55 +00:00
|
|
|
**--ipam-driver**=*default*
|
2015-10-18 23:47:32 +00:00
|
|
|
IP Address Management Driver
|
|
|
|
|
2015-10-23 19:28:39 +00:00
|
|
|
**--ipam-opt**=map[]
|
2016-01-18 05:02:10 +00:00
|
|
|
Set custom IPAM driver options
|
2015-10-23 19:28:39 +00:00
|
|
|
|
2016-02-12 01:42:15 +00:00
|
|
|
**--ipv6**
|
|
|
|
Enable IPv6 networking
|
|
|
|
|
2016-03-25 18:16:19 +00:00
|
|
|
**--label**=*label*
|
|
|
|
Set metadata for a network
|
|
|
|
|
2015-11-10 01:33:55 +00:00
|
|
|
**-o**, **--opt**=map[]
|
2016-01-18 05:02:10 +00:00
|
|
|
Set custom driver options
|
2015-10-18 23:47:32 +00:00
|
|
|
|
2015-11-10 01:33:55 +00:00
|
|
|
**--subnet**=[]
|
2015-10-18 23:47:32 +00:00
|
|
|
Subnet in CIDR format that represents a network segment
|
|
|
|
|
|
|
|
# HISTORY
|
|
|
|
OCT 2015, created by Mary Anthony <mary@docker.com>
|