Chapter 1, Docker Networking Primer, explains the essential components of Docker networking, which have evolved from coupling simple Docker abstractions and powerful network components, such as Linux bridges, Open vSwitch, and so on. This chapter also explains how Docker containers can be created with various modes. In the default mode, port mapping helps us through the use of iptables NAT rules, allowing traffic arriving at the host to reach containers. Later in this chapter, basic linking of the container is covered and the next generation of Docker networking, which is libnetwork, is also discussed.

Chapter 2, Docker Networking Internals, discusses Docker's internal networking architecture. We will learn about IPv4, IPv6, and DNS configurations in Docker. Later in this chapter, Docker bridge and communication between containers in single host and multihost is covered. This chapter also explains overlay tunneling and different methods that are implemented on Docker networking, such as OVS, Flannel, and Weave.

Chapter 3, Building Your First Docker Network, shows how Docker containers communicate from multiple hosts using different networking options, such as Weave, OVS, and Flannel. Pipework uses legacy Linux bridge, Weave creates a virtual network, OVS uses GRE tunneling technology, and Flannel provides a separate subnet to each host to connect containers on multiple hosts. Some of the implementations, such as Pipework, are legacy and will become obsolete over a period of time, while others are designed to be used in the context of specific OSes, such as Flannel with CoreOS. Basic comparisons of Docker networking options are also covered in this chapter.

Chapter 4, Networking in a Docker Cluster, explains Docker networking in depth using various frameworks, such as native Docker Swarm, where using the libnetwork or the out-of the-box overlay network, Swarm, provides the multihost networking features. Kubernetes, on the other hand, has a different perspective from Docker, where each pod will get a unique IP address and communication between pods can occur with the help of services. Using Open vSwitch or IP-forwarding advanced routing rules, the Kubernetes networking can be enhanced to provide connectivity between pods on different subnets across hosts and expose the pods to the external world. In the case of Mesosphere, we can see that Marathon is used as a backend for the networking of the deployed containers. In the case of DCOS of the Mesosphere, the entire deployed stack of machines is treated as one machine to provide a rich-networking experience between deployed container services.

Chapter 5, Security and QoS for Docker Containers, takes a dive into Docker security by referring to kernel and cgroups namespaces. We will also visit some of the aspects of filesystems and various Linux capabilities, which containers leverage in order to provide more features, such as the privileged container but at the cost of exposing itself more on the threat side. We will also see how containers can be deployed in a secured environment in AWS ECS using proxy containers to restrict the vulnerable traffic. We will also talk about how AppArmor is also provided with a rich set of Mandatory Access Control (MAC) system, which provides kernel-enhancement features in order to confine applications to a limited set of resources. Leveraging their benefits to Docker containers helps us deploy them in a secured environment. In the last section, we take a quick dive into Docker security benchmarks and some of the important recommendations that can be followed during auditing and Docker deployment in a production environment.

Chapter 6, Next Generation Networking Stack for Docker: libnetwork, will look into some of the deeper and conceptual aspects of Docker networking. One of these is libnetworking—the future of the Docker network model, which is already getting into shape with the release of Docker 1.9. While explaining the libnetworking concept, we will also study the CNM model, its various objects and components, along with its implementation code snippets. Next, we will look into drivers of CNM, the prime one being the overlay driver, in detail with deployment as part of Vagrant setup. We will look at standalone integrations of containers with overlay network with Docker Swarm and Docker Machine as well. In the next section, we explain the CNI interface, its executable plugins, and give a tutorial to configure Docker networking with the CNI plugin. In the last section, Project Calico is explained in detail, which provides scalable networking solutions that are based out of libnetwork and provides integration with Docker, Kubernetes, Mesos, bare-metal, and VMs, primarily.