Please explain something. docker0 bridge has gateway IP 172.17.0.1. So all containers send their network traffic to this IP. I can't understand how the bridge knows where to send this traffic after? Does the docker bridge have its own iptables within with a configured gateway?
1 Answer
It's not the bridge which routes IP traffic – it's your host OS itself. The docker0 interface simply behaves like any other Ethernet interface.
So just like on real Ethernet, when containers send packets to your host's MAC address, the host OS "receives" them from the bridge, processes using the system routing table and system iptables rules, and sends them out to some other interface.
The "bridge" part only deals with MAC-layer forwarding, like a switch would. You can imagine docker0 like a virtual Ethernet port with a cable going into a virtual Ethernet switch, and all your containers like virtual machines connected to the same switch – that's what a bridge is.
answered Jun 4, 2020 at 13:23
-
Ok! Thanx for explaining. You say that bridge deals only with MAC. So why bridge need IP address 172.17.0.1 ? Commented Jun 4, 2020 at 14:17
-
The IP address isn't for the bridge itself, it's for your host OS connection to that bridge. (The "docker0" interface does two jobs - it doesn't only control the bridge, but it also represents a connection to one of the bridge's virtual ports.) So again, it's the same as having an IP address on eth0 when you're connected to a switch. Commented Jun 4, 2020 at 14:21