Wording improvements
Docker-DCO-1.1-Signed-off-by: John Gardiner Myers <jgmyers@proofpoint.com> (github: johngmyers)
This commit is contained in:
John Gardiner Myers
John Myers
parent
f3cb808e9d
commit
1c06a91964
1 changed files with 9 additions and 9 deletions
|
|
@ -8,7 +8,7 @@ Configure Networking
|
|||
|
||||
Docker uses Linux bridge capabilities to provide network connectivity
|
||||
to containers. The ``docker0`` bridge interface is managed by Docker
|
||||
itself for this purpose. Thus, when the Docker daemon starts it :
|
||||
for this purpose. When the Docker daemon starts it :
|
||||
|
||||
- creates the ``docker0`` bridge if not present
|
||||
- searches for an IP address range which doesn't overlap with an existing route
|
||||
|
|
@ -34,7 +34,7 @@ At runtime, a :ref:`specific kind of virtual
|
|||
interface<vethxxxx-device>` is given to each container which is then
|
||||
bonded to the ``docker0`` bridge. Each container also receives a
|
||||
dedicated IP address from the same range as ``docker0``. The
|
||||
``docker0`` IP address is then used as the default gateway for the
|
||||
``docker0`` IP address is used as the default gateway for the
|
||||
container.
|
||||
|
||||
.. code-block:: bash
|
||||
|
|
@ -55,8 +55,8 @@ which is dedicated to the 52f811c5d3d6 container.
|
|||
How to use a specific IP address range
|
||||
---------------------------------------
|
||||
|
||||
Docker will try hard to find an IP range which is not used by the
|
||||
host. Even if it works for most cases, it's not bullet-proof and
|
||||
Docker will try hard to find an IP range that is not used by the
|
||||
host. Even though it works for most cases, it's not bullet-proof and
|
||||
sometimes you need to have more control over the IP addressing scheme.
|
||||
|
||||
For this purpose, Docker allows you to manage the ``docker0`` bridge
|
||||
|
|
@ -118,25 +118,25 @@ In this scenario:
|
|||
Container intercommunication
|
||||
-------------------------------
|
||||
|
||||
Containers can communicate with each other according to the ``icc``
|
||||
parameter value of the Docker daemon.
|
||||
The value of the Docker daemon's ``icc`` parameter determines whether
|
||||
containers can communicate with each other over the bridge network.
|
||||
|
||||
- The default, ``-icc=true`` allows containers to communicate with each other.
|
||||
- ``-icc=false`` means containers are isolated from each other.
|
||||
|
||||
Under the hood, ``iptables`` is used by Docker to either accept or
|
||||
Docker uses ``iptables`` under the hood to either accept or
|
||||
drop communication between containers.
|
||||
|
||||
|
||||
.. _vethxxxx-device:
|
||||
|
||||
What's about the vethXXXX device?
|
||||
What is the vethXXXX device?
|
||||
-----------------------------------
|
||||
Well. Things get complicated here.
|
||||
|
||||
The ``vethXXXX`` interface is the host side of a point-to-point link
|
||||
between the host and the corresponding container; the other side of
|
||||
the link being materialized by the container's ``eth0``
|
||||
the link is the container's ``eth0``
|
||||
interface. This pair (host ``vethXXX`` and container ``eth0``) are
|
||||
connected like a tube. Everything that comes in one side will come out
|
||||
the other side.
|
||||
|
|
|
|||
Loading…
Reference in a new issue