Understand the core IP network concepts useful for container networking
Link to video: https://www.youtube.com/watch?v=BnAozPAMXnc
What is an IP address or a network port? How do they relate to a network interface? 🤔
If you've ever struggled with networking concepts, this blog is for you.
The purpose of this blog is to go over some basic networking topics, which will be specially useful to master networking for Docker containers.
If you're confident with your networking know-how, you can skip this blog and go directly to the next one.
But if you have no or very limited networking knowledge, or want to revise the core concepts, read on!
Here's what we will discuss:
- Network Interfaces,
- Internet Protocol (IP),
- Public vs Private networks,
- IP addressing,
- Subnet mask and CIDR,
- Network Ports,
NOTE: We will refer to computers/devices in a network as hosts.
To recap from part 1...
A network is formed when a group of devices is connected over a medium to share data.
But how do hosts connect to a network?
A network interface is the point of interconnection between a host and a network.
It can either be physical (like the one below) or virtual (emulated using software).
A local network (e.g. LAN) can be formed merely by connecting multiple hosts together (generally by using hardware devices like switches or hubs).
This eventually results in many local networks where communication between hosts is possible but only within that local network.
But how would one transmit data across networks?
IP (or Internet protocol) is a standard protocol for transmitting packets of data between hosts across networks, connected to form an IP network.
A host can send data to another one by specifying the destination host's IP address on the data packet. The packet of data can then be routed to the correct host via one or more routers.
A router is a special-purpose device with two or more network interfaces, connecting two or more networks, which allows it to forward data packets from one network to another.
Thus, IP allows us to form a network of networks i.e. internetwork.
A network is said to be public if anyone can access it from outside. The Internet is the best and probably the only pure example of such a network.
A private network is one to which access is restricted. Local networks like those in a company or school are examples of private networks.
Private networks offer security by not exposing hosts directly to the Internet.
Each host in an IP network can have one or more IP addresses, depending on how many network interfaces it has.
An IP Address is a numeric expression for identifying a particular host on a particular network.
10.2.0.10 is an example of an IP address.
32 bits are used to represent the address, so both addresses below are equivalent - the top one being decimal while the bottom one is binary.
10 . 2 . 0 . 10 00001010.00000010.00000000.00001010
Since 8 bits are used to create each of the four-dot (
.) separated segments, the value of each segment can range from 0 to 255.
Since an IP network can span multiple smaller networks (subnets), there needs to be a way to specify the network a host belongs to in order to route data packets to it.
The IP address of a host is often specified as
/24 specifies the part of the address that belongs to the subnet i.e. the subnet mask. This is also called the CIDR notation.
For example, the IP
10.2.0.10/24 uses the first 24 bits to identify the network, whereas the rest of the 8 bits are used to identify hosts within that network. This allows 2^8 or 256 different IP addresses (practically fewer as some IPs are reserved).
The following shows the minimum and maximum IP address values for this subnet.
min: 00001010.00000010.00000000.00000000 max: 00001010.00000010.00000000.11111111
Therefore, the larger the subnet mask (i.e. the bigger the number after
/), the fewer the hosts that subnet can accommodate.
Okay, we now know how data is transmitted to the correct network and host using IP.
But a host could be running many different applications. How can one host reach a particular application on a destination host?
A network port is a logical endpoint for specifying the correct host application/process being communicated with.
A port is identified for each Transport Layer protocol and IP address combination by a 16-bit unsigned number. The two most prominent Transport Layer protocols are User Datagram Protocol (UDP) and Transmission Control Protocol (TCP).
This means, for a host with a given IP address, there can be up to 65535 ports available for TCP and UDP each. Each application (or networked service) running on the host could then use zero or more of the ports that are available.
Port numbers from 0 to 1023 are called well-known or system ports and are reserved for standard networked services, like TCP port 80 for HTTP, TCP port 443 HTTPS, etc.
Just one more networking concept to remember...
The Domain name system (DNS) was invented to translate domain names to IP addresses (and vice versa), as it is difficult for us humans to remember IP addresses.
At the simplest level, DNS records are domain name to IP address mappings, like:
Records like these (and more complex ones) are distributed across multiple levels of name servers, which serve to provide this domain name to IP address translation.
Your host machine keeps a local cache of recently queried DNS records and asks name servers when it doesn't find the requested domain record locally.
You can check the IP addresses for
google.com by typing this in your terminal:
In this blog, we briefly discussed - network interfaces, the Internet Protocol, public vs private networks, IP addresses, subnets, network ports, and DNS.
If we keep these concepts in mind, Docker container networking will be much easier to understand and apply.
Thanks for making it so far! 🎉
See you on the next one.
Be bold and keep learning.
But most importantly,