Bird
Raised Fist0
Microservicessystem_design~5 mins

Container networking in Microservices - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepArchPracticeChallengeDesignRecallScale

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is container networking?
Container networking is the way containers communicate with each other and with the outside world. It connects containers so they can share data and services.
Click to reveal answer
intermediate
Name a common network model used in container orchestration platforms like Kubernetes.
The common network model is the "flat network" where every container gets its own IP address and can communicate directly with others without NAT (Network Address Translation).
Click to reveal answer
intermediate
What is a network namespace in container networking?
A network namespace isolates the network stack for a container. It means each container can have its own IP addresses, routing tables, and ports, separate from the host or other containers.
Click to reveal answer
advanced
Explain the role of a Container Network Interface (CNI).
CNI is a set of standards and plugins that help connect containers to networks. It manages IP address allocation and network setup for containers in a consistent way.
Click to reveal answer
advanced
What is the difference between bridge and overlay networks in container networking?
Bridge networks connect containers on the same host, like a local switch. Overlay networks connect containers across multiple hosts, creating a virtual network over the physical one.
Click to reveal answer
Which of the following best describes a network namespace?
AA physical network switch
BAn isolated network environment for a container
CA type of container image
DA storage volume for containers
What does CNI stand for in container networking?
AContainer Network Isolation
BContainer Node Integration
CContainer Network Interface
DCloud Network Infrastructure
Which network type connects containers across multiple hosts?
AOverlay network
BHost network
CBridge network
DLoopback network
In Kubernetes, how do containers typically communicate within a pod?
AUsing separate IP addresses
BThrough external load balancer
CVia host network only
DUsing shared network namespace
What is the main purpose of a bridge network in container environments?
AConnect containers on the same host
BConnect containers across different hosts
CProvide internet access to containers
DIsolate containers from the host
Describe how container networking allows containers to communicate within the same host and across multiple hosts.
Think about local vs virtual networks and how IP addresses are assigned.
You got /4 concepts.
    Explain the concept of network namespaces and why they are important in container networking.
    Imagine each container having its own private network space.
    You got /4 concepts.

      Practice

      (1/5)
      1. What is the main purpose of container networking in microservices?
      easy
      A. To allow containers to communicate with each other
      B. To store container data persistently
      C. To build user interfaces for containers
      D. To monitor container CPU usage

      Solution

      1. Step 1: Understand container networking role

        Container networking connects containers so they can send data and messages to each other.

      2. Step 2: Compare with other options

        Storing data, building interfaces, and monitoring CPU are not related to networking.

      3. Final Answer:

        To allow containers to communicate with each other -> Option A

      4. Quick Check:

        Container networking = communication [OK]
      Hint: Networking means communication between containers [OK]
      Common Mistakes:
      • Confusing networking with storage
      • Thinking networking builds UI
      • Mixing monitoring with networking
      2. Which Docker command creates a user-defined network named mynet?
      easy
      A. docker create network mynet
      B. docker network create mynet
      C. docker network new mynet
      D. docker net create mynet

      Solution

      1. Step 1: Recall Docker network creation syntax

        The correct command is docker network create <name>.

      2. Step 2: Match options with syntax

        Only docker network create mynet matches the correct syntax exactly.

      3. Final Answer:

        docker network create mynet -> Option B

      4. Quick Check:

        docker network create = correct syntax [OK]
      Hint: Remember: 'docker network create' is the right command [OK]
      Common Mistakes:
      • Swapping 'create' and 'network' order
      • Using 'new' instead of 'create'
      • Shortening 'network' to 'net' incorrectly
      3. Given two containers web and db connected on a user-defined network mynet, what happens when web tries to ping db by container name?
      medium
      A. Ping succeeds because containers can resolve names on the same user-defined network
      B. Ping fails because container names are not resolvable
      C. Ping succeeds only if IP addresses are used, not names
      D. Ping fails because containers cannot communicate on user-defined networks

      Solution

      1. Step 1: Understand user-defined network DNS resolution

        User-defined Docker networks provide automatic DNS resolution of container names.

      2. Step 2: Apply to ping scenario

        Since both containers are on mynet, web can ping db by name successfully.

      3. Final Answer:

        Ping succeeds because containers can resolve names on the same user-defined network -> Option A

      4. Quick Check:

        User-defined network = name resolution works [OK]
      Hint: User-defined networks enable container name resolution [OK]
      Common Mistakes:
      • Assuming container names are never resolvable
      • Thinking IP addresses are always required
      • Believing user-defined networks block communication
      4. You created two containers on the default bridge network but they cannot communicate by container name. What is the likely cause?
      medium
      A. Container names must be IP addresses on default bridge
      B. Containers must be on different networks to communicate
      C. Default bridge network does not support automatic container name resolution
      D. Docker daemon is not running

      Solution

      1. Step 1: Recall default bridge network limitations

        The default bridge network does not provide automatic DNS for container names.

      2. Step 2: Analyze communication failure

        Without name resolution, containers cannot reach each other by name on default bridge.

      3. Final Answer:

        Default bridge network does not support automatic container name resolution -> Option C

      4. Quick Check:

        Default bridge = no name resolution [OK]
      Hint: Default bridge lacks container name DNS [OK]
      Common Mistakes:
      • Thinking containers must be on different networks to communicate
      • Confusing container names with IP addresses
      • Assuming Docker daemon is stopped without checking
      5. You want to isolate microservices into separate networks for security but allow only the api service to communicate with db. Which design best achieves this?
      hard
      A. Create separate networks but connect all containers to all networks.
      B. Connect all services to a single network and use firewall rules inside containers.
      C. Use the default bridge network for all containers and rely on container names.
      D. Create two networks: api-net and db-net. Connect api to both networks, db only to db-net.

      Solution

      1. Step 1: Understand network isolation and selective communication

        Separating services into different networks isolates traffic. Connecting api to both networks allows it to talk to db while others cannot.

      2. Step 2: Evaluate options for security and communication

        Create two networks: api-net and db-net. Connect api to both networks, db only to db-net. isolates db and allows only api access. Other options either lack isolation or allow unwanted access.

      3. Final Answer:

        Create two networks: api-net and db-net. Connect api to both networks, db only to db-net. -> Option D

      4. Quick Check:

        Separate networks + selective connection = secure communication [OK]
      Hint: Use multiple networks and connect only needed containers [OK]
      Common Mistakes:
      • Putting all containers on one network without isolation
      • Connecting all containers to all networks
      • Relying on default bridge network for security