The default network adapter of a container can operate in the host-routed mode only. You can, however, create additional virtual adapters in containers and make them operate in the bridged network mode. The following figure shows an example network configuration where containers #1 and #2 are set to work in the bridged mode.
In this configuration:
-
Container #1 and container #2 have separate virtual adapters consisting of two network interfaces:
-
An
enp<X>s<Y>interface in the container (enp0s5 in the figure). This interface represents a counterpart of a physical network adapter installed on a standalone server. Like any other physical adapter, it has a MAC address, can be assigned one or more IP addresses, included in different networks, and so on. -
A
vethinterface on the hardware node (veth26bc47f6.1 and vethcdb87d9e.1 in the figure). This interface is mostly used to maintain the communication between the hardware node and Ethernet interfaces in containers.
Note
Note: To simplify things, virtual adapters operating in the bridged mode are called
vethadapters, though it is not quite correct from the technical point of view.Both interfaces are closely linked to each other, so a data packet entering one interface always comes out from the other one.
-
An
- Containers #1 and #2 keep their own ARP and routing tables that they consult when sending or receiving data.
-
The
vethadapters of both containers are bridged through the bridgebr0to the physical network adapterenp0s5. -
All container outgoing traffic comes via the
vethadapters to the bridge and are then transmitted through theenp0s5physical adapter to the destination, according to the routing tables stored in the containers. -
All incoming data packets for container #1 and #2 reach the
enp0s5physical adapter first and are then sent through the bridge to thevethadapter of the destination container.
