How to configure Windows container networking

Windows containers use virtual and/or physical host networks to implement networking for applications. You can execute Windows container networking functions almost the same way you do for VMs, but container networking architecture is different.

Each Windows container implements a virtual network adapter that runs on top of the container system network driver. The virtual network adapter is connected to a Hyper-V virtual switch on the host machine. There are five different networking drivers supported by the container — Network Address Translation (NAT), overlay, transparent, l2bridge and l2tunnel — and you must choose the driver that is best suited for your infrastructure. For example, you might want to choose l2bridge if you implement networking bridging. Similarly, you might want to go for the NAT network driver if you implement NAT in your infrastructure.

Default NAT for Windows container networking

When you create a Windows container, it creates a default NAT. The system connects NAT to an internal vSwitch on the container and maps it to the WinNAT driver. The WinNAT driver is responsible for passing the communication from the container NAT driver to the Windows host machine or outside the container. Any networks you create on the host machine are also available to the Windows container. To see the list of available networks on a container, execute the docker network ls command as shown in Figure 1 below.

Available container networks
Figure 1. Show available networks in a container.

As you can see in Figure 1 above, the command lists all the network connections available on a container. The scope defines the scope of the network, which is either local or swarm.

When Docker Engine starts, it implements NAT. Then, the system applies the Docker networking process to the NAT networking driver and automatically assigns an IP address. The IP range for NAT is 172.16.0.0/16.

Implement transparent Windows container networking

If you want container applications to connect to remote endpoints — say, an application running on another host machine — you must create a transparent network connection, sometimes referred to as a user-defined network. To start the creation process, execute the docker network createcommand on a Windows host machine. You must use the d flag to indicate what networking driver and network type to use and create. The steps below explain how to create a transparent network for both Dynamic Host Configuration Protocol (DHCP) and non-DHCP networks.

Step 1: Issue the Docker command below to create a DHCP-enabled network.

docker network create –d transparent dhcplan

Once you execute the command above, you should see a dhcplan network in the container when you run the docker network ls command.

Step 2: The next step is to place a container image on the newly created network so it can access data outside the container and/or connect to a remote endpoint if necessary.

[“source=searchservervirtualization”]