Assign ip to Docker container using network namespace.

Without lxc driver, I have never dreamed about assigning specific ip to docker container. 

However, these days I found another way to do that even using libcontainer. 

There is a Network Namespace term,which similar to XML namespace, in network.  With this blog, I will show you how to assign ip to docker container but you need to know more basic knowledge about network such as bridge, namespace. As for those basic technology, I will give you beautiful articles that make you understand fully. How am I confidence? I also got help from those articles.

Basic understanding of terms

1. What is Network Namespace?

   Linux namespaces are a cool feature that permit process groups to have a limited view of system resource. .... (http://www.evolware.org/?p=293)

2. What does bridge mean in software side?

    It is supported by linux kernel and similar to physical bridge.(http://www.innervoice.in/blogs/2013/12/08/tap-interfaces-linux-bridge/)

Pre-requisite

Bare metal :Fedora

Host OS : centos 7

Docker image : docker.io/centos (officially provided by docker hub)

Installed packages on bare metal:  libvirt, virt-manger

Installed packages on host : docker , devicemapper* , brctl-utills, net-tools

Basic network architecture on bare metal(fedora) : http://jhouse0317.tistory.com/91

We will construct this Architecture 

OS Structure 

Network Architecture 

Network IP Information

1.Create network namespace (on KVM - Guest)

   - # ip netns add centos-docker

   - # ip link add tap1 type veth peer name br0tap1

   - # brctl addif br1 br1tap1

   - # ip link set tap1 netns centos-docker

   - # ifconfig br1tap1 up
   - # ip netns exec centos-docker ifconfig tap1 192.168.10.4 netmask 255.255.255.0 up

         (if the tap1 is down, please do "ip netns exec centos-docker ifconfig tap1 up)

1.1. TEST

On KVM-GUEST

  #brctl show

bridge name bridge id                STP enabled interfaces br1         8000.5254002454bb no         br1tap1                                  ens3  docker0 8000.56847afe9799 no

  #ip netns 

  centos-docker

  # ip a

.... 15: br1tap1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br1 state UP qlen 1000      link/ether d2:8f:ce:e8:4c:35 brd ff:ff:ff:ff:ff:ff     inet6 fe80::d08f:ceff:fee8:4c35/64 scope link        valid_lft forever preferred_lft forever

2. Run Docker container & attach the network namespace to the container.

  - # docker run -it --net=ns:/var/run/netns/centos-docker docker.io/centos /bin/bash

2.1. TEST

On DOCKER

# ip a

16: tap1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000         link/ether 0e:f9:fe:8c:85:bf brd ff:ff:ff:ff:ff:ff     inet 192.168.10.4/24 brd 192.168.10.255 scope global tap1        valid_lft forever preferred_lft forever     inet6 fe80::cf9:feff:fe8c:85bf/64 scope link        valid_lft forever preferred_lft forever

3. Test network

   on Docker(192.168.10.4)

   - docker to kvm-guest (192.168.10.2)

[root@b8aff89bb5cc /]# ping 192.168.10.2 PING 192.168.10.2 (192.168.10.2) 56(84) bytes of data. 64 bytes from 192.168.10.2: icmp_seq=1 ttl=64 time=0.118 ms 64 bytes from 192.168.10.2: icmp_seq=2 ttl=64 time=0.086 ms

  - docker to kvm-host (192.168.10.1)

[root@b8aff89bb5cc /]# ping 192.168.10.1 PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data. 64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=0.494 ms 64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=0.714 ms