Skip to Content
Navigation:

A stick figure smiling

Here's a preview from my zine, How Containers Work!! If you want to see more comics like this, sign up for my saturday comics newsletter or browse more comics!

get the zine!
Image of a comic. To read the full HTML alt text, click "read the transcript". get the zine!
read the transcript!

network namespaces are kinda confusing

Illustration of an unhappy-looking stick figure with curly hair.

person: what does it MEAN for a process to have its own network??

namespaces usually have 2 interfaces

(+ sometimes more)

  • the loopback interface (127.0.0.1/8, for connections inside the namespace)
  • another interface (for connections from outside)

every server listens on a port and network interface(s)

0.0.0.0:8080 means “port 8080 on every network interface in my namespace”

127.0.0.1 stays inside your namespace

Illustration of a server, represented by a box with a smiley face, and a smiling stick figure with curly hair.

server, thinking: I’m listening on 127.0.0.1
person: that’s fine but nobody outside your network server namespace will be able to make requests to you!

your physical network card is in the host network namespace

Illustration of a rectangular box drawn with a dotted line. Inside it are:

  • the label “host network namespace”
  • 192.168.1.149, with an arrow pointing to it reading “requests from other computers”
  • network card

other namespaces are connected to the host namespace with a bridge

Illustration of a rectangular box drawn with a dotted line. Inside it are:

  • the label “host network namespace”
  • three boxes, each labelled “container”