The network that is overlay produces a distributed community among multiple Docker daemon hosts.
This community sits in addition to (overlays) the host-specific companies, permitting containers attached to it (including swarm service containers) to communicate firmly. Docker transparently handles routing of every packet to and through the correct Docker daemon host and also the destination container that is correct.
Whenever you initialize a swarm or join a Docker host to a current swarm, two new companies are made on that Docker host:
- an overlay system called ingress , which handles control and information traffic related to swarm solutions. It to a user-defined overlay network, it connects to the ingress network by default when you create a swarm service and do not connect.
- a docker_gwbridge , which links the specific Docker daemon to one other daemons taking part in the swarm.
It is possible to produce user-defined overlay companies docker that is using make , just as that one may produce user-defined connection systems. Services or containers may be linked to multiple system at the same time. Services or containers can only just communicate across sites they’re each linked to.
Even though you can link both swarm services and standalone containers to an overlay community, the standard habits and setup issues will vary. The rest of this topic is divided into operations that apply to all overlay networks, those that apply to swarm service networks, and those that apply to overlay networks used by standalone containers for that reason.
Operations for several networks that are overlay
Create a network that is overlay
Firewall rules for Docker daemons utilizing overlay companies
You may need listed here ports available to visitors to and from each Docker host participating for a network that is overlay
- TCP slot 2377 for group administration communications
- TCP and UDP slot 7946 for interaction among nodes
- UDP slot 4789 for overlay community traffic