Networking (15%)

Question 1

What is the default network that the docker creates automatically?

Answer 1

Bridge

Question 2

How to list the networks on the Docker machine?

Answer 2

docker netwrok ls

Question 3

How to connect to the default bridge network when you create a container?

Answer 3

// since no network is specified, it will be connected to default bridge network

docker run -dit –name alpine1 alpine ash

Question 4

How to inspect the default network bridge?

Answer 4

docker network inspect bridge

Question 5

The default bridge network is not recommended for production. Is this statement correct?

Answer 5

Yes

Question 6

How to create a user-defined network?

Answer 6

docker network create –driver bridge my-network

Question 7

How to inspect the user-defined network?

Answer 7

docker network inspect my-network

Question 8

How to connect to the user-defined network while creating a container?

Answer 8

docker run -dit –name alpine1 –network my-network alpine ash

Question 9

How to connect the existing container to the user-defined network?

Answer 9

docker netwrok connect my-network alpine2

Question 10

How to troubleshoot a user-defined network?

Answer 10

// using  nicolaka/netshootdocker 
run -it --rm --network container: nicolaka/netshoot

Question 11

How to publish a port so that it can be accessed externally?

Answer 11

docker run -p 127.0.0.1:$HOSTPORT:$CONTAINERPORT –name CONTAINER -t

Question 12

How to list port mappings or a specific mapping for the container?

Answer 12

// List the containers
docker ps

// use this command with container name
docker port 

// USE the specific port
docker port

Question 13

What are all the different built-in network drivers?

Answer 13

Bridge Network Driver
Overlay Network Driver
MACVLAN Driver
Host
None

Question 14

What are the Bridge network and its use case?

Answer 14

The bridge driver creates a private network internal to the host so containers on this network can communicate.The bridge driver does the service discovery for us automatically if two containers are on the same networkThe bridge driver is a local scope driver, which means it only provides service discovery, IPAM, and connectivity on a single host.

Question 15

What is the scope of the bridge network?

Answer 15

local

Question 16

What are the Overlay network and their use case?

Answer 16

The built-in Docker overlay network driver radically simplifies many of the complexities in multi-host networking.It is a swarm scope driver, which means that it operates across an entire Swarm or UCP cluster rather than individual hosts.

Question 17

What is the scope of the overlay network?

Answer 17

swarm

Question 18

What are the MACVLAN network and their use case?

Answer 18

The macvlan driver is the newest built-in network driver and offers several unique characteristics. It’s a very lightweight driver, because rather than using any Linux bridging or port mapping, it connects container interfaces directly to host interfaces.

Question 19

What is the scope of the macvlan network?

Answer 19

local

Question 20

What are the Host network and its use case?

Answer 20

With the host driver, a container uses the networking stack of the host. There is no namespace separation, and all interfaces on the host can be used directly by the container.

Question 21

What is the scope of the host network?

Answer 21

local

Question 22

What are the None network and its use case?

Answer 22

The none driver gives a container its own networking stack and network namespace but does not configure interfaces inside the container. Without additional configuration, the container is completely isolated from the host networking stack.

Question 23

What is the scope of the None network?

Answer 23

local

Question 24

The Docker networking architecture is built on a set of interfaces called the Container Networking Model (CNM). Is this statement correct?

Answer 24

yes

Question 25

What is a sandbox in the CNM model?

Answer 25

A Sandbox contains the configuration of a container’s network stack. This includes the management of the container’s interfaces, routing table, and DNS settings. An implementation of a Sandbox could be a Windows HNS or Linux Network Namespace, a FreeBSD Jail, or other similar concept. A Sandbox may contain many endpoints from multiple networks.

Question 26

What is an endpoint in the CNM model?

Answer 26

An Endpoint joins a Sandbox to a Network. The Endpoint construct exists so the actual connection to the network can be abstracted away from the application. This helps maintain portability so that a service can use different types of network drivers without being concerned with how it’s connected to that network.

Question 27

What is a network in the CNM model?

Answer 27

The CNM does not specify a Network in terms of the OSI model. An implementation of a Network could be a Linux bridge, a VLAN, etc. A Network is a collection of endpoints that have connectivity between them. Endpoints that are not connected to a network do not have connectivity on a network.

Question 28

What part of the Docker that provides the actual implementation that makes networks work?

Answer 28

Network Drivers

Question 29

What is IPAM drivers?

Answer 29

Docker has a native IP Address Management Driver that provides default subnets or IP addresses for the networks and endpoints if they are not specified.

Question 30

How to configure docker to use external DNS?

Answer 30

//edit the /etc/docker/daemon.json
{       
   "dns":  ["10.0.0.2", "8.8.8.8"]
}
//restart the docker
sudo systemctl docker restart

Question 31

Which network should handles control and data traffic related to swarm services?

Answer 31

ingress

Question 32

Which network which connects the individual Docker daemon to the other daemons participating in the swarm?

Answer 32

docker_gwbridge

Question 33

What is the default network created when you create a swarm cluster?

Answer 33

ingress

Question 34

How to create a user-defined overlay network for communication among services?

Answer 34

docker network create -d overlay my-overlay

Question 35

How to create an overlay network which can be used by swarm services or standalone containers to communicate with other standalone containers running on other Docker daemons?

Answer 35

create with –attachable flag

docker network create -d overlay –attachable my-attachable-overlay

Question 36

All the swarm management data is encrypted by default. Is this statement correct?

Answer 36

yes

Question 37

is application data on the swarm encrypted by default?

Answer 37

No

Question 38

How to encrypt application data as well on the swarm?

Answer 38

// use –opt=encrypted

docker network create –opt encrypted –driver overlay –attachable my-attachable-multi-host-network

Question 39

What is the host port publishing mode?

Answer 39

To publish a service’s port directly on the node where it is running, use the mode=host option to the –publish flag.