Skip to content

Network in App Level

By default, Docker containers are running in a private network. Docker is in charge of its administration. These containers can be related to one another or linked to non-Docker workloads.

The Docker's networking subsystem is using drivers. There are some existing drivers available by default which can be used in containers:

Network Drivers

In the official Docker documentation, you can find several options for network drivers. Using the user interface of Industrial Edge App Publisher, you can configure the following drivers.

bridge

It is the default network driver. This type will be automatically created if no driver is specified. Bridge networks are usually used when your apps run in standalone containers that need to communicate. The default IP address is in the range 172.17.0.0/16. This might be different depending on the onboarding of your Industrial Edge Device.

Host driver

This driver removes the network isolation between the container and the Docker host. The host's network is used directly. It is not possible to expose ports in IED. All ingoing connection will be blocked e.g. a internal web-server cannot be reached by the host interface.

To configure host driver in the Industrial Edge App Publisher, you need to configure network_mode: host on the docker compose service.

Macvlan driver

This network will provide you with layer 2 access to the network. It allows to assign a MAC address to a container and it is appearing as a physical device on the network.

The Industrial Edge Runtime comes with a dedicated network on each Industrial Edge Device. It is a special macvlan network which you can configure over Edge device UI. if you want to use this network you need to specify external network called zzz_layer2_net1 in your docker compose. See Industrial Edge App Publisher manual for more details - search for "Creating a Layer 2 network access".

Do not create your own Macvlan network.

Network Communication

The communication between containers, between container and the host system (IED) and the communication to the internet (outside the box) is realized by a docker networks, see figure bellow.

Picture_2_6_Industrial_Edge_Important_Networks

For further information about the network topic on Docker, please refer to Docker Networking documentation.

Exposing and Mapping Ports

Understanding how Docker handles port exposure and forwarding is essential for controlling container communication and ensuring external accessibility.

1. Exposing Ports Inside the Container

The EXPOSE instruction in a Dockerfile serves as documentation to indicate which ports the application will use for internal communication between containers. It does not make the port accessible from outside the Docker host. For example:

# Expose TCP port 8080 explicitly
EXPOSE 8080/tcp

# Expose port 80 using the default TCP protocol
EXPOSE 80

In this example, ports 80 and 8080 are made available for inter-container networking. Port 80 defaults to TCP if no protocol is provided.

2. Mapping Container Ports to the Host

To make container ports accessible from outside the Docker host, you must map them to host ports.

In a Docker Compose configuration, you use the ports directive to publish container ports to the host. For example:

version: '3'
services:
    my_service:
    build: .
    ports:
        - "8080:80"

In this Compose file:

  • The string "8080:80" maps port 80 inside the container to port 8080 on the host system.
  • This allows services outside the Docker host to access the container using the host's port 8080.

Here are some examples of using the ports directive:

String Value Description
80 Maps container's port 80 to a randomly assigned ephemeral port on the host. The ephemeral port is chosen by Docker and may change upon restart.
8080:80 Maps container's TCP port 80 to host's port 8080.
192.0.2.1:8080:80 Maps container's TCP port 80 to host's port 8080, binding only to the host IP address 192.0.2.1.
8080:80/udp Maps container's UDP port 80 to host's port 8080.
2346-2348:2346-2348/tcp Maps a range of container ports (from 2346 to 2348) to the corresponding host ports. The number of ports on both sides must be equal.

Summary

  • Use the EXPOSE instruction in your Dockerfile to document which ports your container uses internally.
  • To allow external access, explicitly map container ports to host ports in your Docker Compose file using the ports directive.
  • Always ensure that the chosen host port does not conflict with other services running on the Docker host.