Docker_networking
Chapter 06: Docker Networking
Section titled “Chapter 06: Docker Networking”Docker networking allows containers to communicate with each other and the outside world. This chapter covers Docker’s networking concepts.
Docker Network Drivers
Section titled “Docker Network Drivers”┌─────────────────────────────────────────────────────────────────────────────┐│ Docker Network Drivers │├─────────────────────────────────────────────────────────────────────────────┤│ ││ ┌────────────┐ ┌────────────┐ ┌────────────┐ ┌────────────┐ ││ │ bridge │ │ host │ │ overlay │ │ none │ ││ └────────────┘ └────────────┘ └────────────┘ └────────────┘ ││ ││ ┌────────────┐ ┌────────────┐ ││ │ macvlan │ │ ipvlan │ ││ └────────────┘ └────────────┘ ││ ││ Bridge - Default for standalone containers ││ Host - Removes network isolation ││ Overlay - Multi-host networking (Swarm) ││ None - No networking ││ Macvlan - Direct network access ││ Ipvlan - Similar to macvlan ││ │└─────────────────────────────────────────────────────────────────────────────┘The Default Bridge Network
Section titled “The Default Bridge Network”When you install Docker, a default bridge network is created:
# List networksdocker network ls
# Output:# NETWORK ID NAME DRIVER SCOPE# abc123... bridge bridge local# def456... host host local# ghi789... none null localHow Bridge Networking Works
Section titled “How Bridge Networking Works”┌─────────────────────────────────────────────────────────────────────────────┐│ Bridge Network Architecture │├─────────────────────────────────────────────────────────────────────────────┤│ ││ ┌───────────────────────────────────────────────────────────────────┐ ││ │ Docker Host │ ││ │ │ ││ │ ┌────────────────────────────────────────────────────────────┐ │ ││ │ │ docker0 Bridge │ │ ││ │ │ 172.17.0.1/16 │ │ ││ │ │ │ │ ││ │ │ ┌──────────────┐ ┌──────────────┐ │ │ ││ │ │ │ Container A │ │ Container B │ │ │ ││ │ │ │ 172.17.0.2 │◀────▶│ 172.17.0.3 │ │ │ ││ │ │ └──────────────┘ └──────────────┘ │ │ ││ │ └────────────────────────────────────────────────────────────┘ │ ││ │ │ ││ │ ┌──────────────────────────────────────────────────┐ │ ││ │ │ External Network │ │ ││ │ │ (Internet) │ │ ││ │ └──────────────────────────────────────────────────┘ │ ││ │ │ ││ └───────────────────────────────────────────────────────────────────┘ ││ │└─────────────────────────────────────────────────────────────────────────────┘Using the Default Bridge
Section titled “Using the Default Bridge”# Run containers on default bridgedocker run -d --name container1 nginxdocker run -d --name container2 redis
# Containers can communicate using container names (DNS)docker exec container1 ping -c 3 container2
# Or using IP addressesdocker exec container1 ping -c 3 172.17.0.3User-Defined Bridge Networks
Section titled “User-Defined Bridge Networks”Create custom bridge networks for better isolation:
# Create a bridge networkdocker network create my-network
# Run containers in custom networkdocker run -d --name web --network my-network nginxdocker run -d --name api --network my-network myapi:latestdocker run -d --name db --network my-network postgres:15
# Containers can communicate by namedocker exec web ping -c 3 apiBenefits of User-Defined Bridges
Section titled “Benefits of User-Defined Bridges”┌─────────────────────────────────────────────────────────────────────────────┐│ User-Defined Bridge Benefits │├─────────────────────────────────────────────────────────────────────────────┤│ ││ ✓ Automatic DNS resolution between containers ││ ✓ Better isolation from other containers ││ ✓ Containers can be added/removed at runtime ││ ✓ Network settings customizable ││ ✓ Easier container-to-container communication ││ │└─────────────────────────────────────────────────────────────────────────────┘Port Mapping
Section titled “Port Mapping”Expose container ports to the host:
# Basic port mappingdocker run -d -p 8080:80 nginx # Host 8080 → Container 80
# Map to specific IPdocker run -d -p 127.0.0.1:8080:80 nginx
# Map to random available portdocker run -d -P nginx
# Multiple portsdocker run -d -p 8080:80 -p 8443:443 myappHost Network
Section titled “Host Network”Remove network isolation between container and host:
# Run on host networkdocker run -d --network host nginx
# Container uses host's network stack directly# No port mapping needed# Container port = Host portOverlay Network (Docker Swarm)
Section titled “Overlay Network (Docker Swarm)”For multi-host communication:
# Initialize swarmdocker swarm init
# Create overlay networkdocker network create --driver overlay my-overlay
# Run services on overlay networkdocker service create --network my-overlay --replicas 3 nginxOverlay Network Architecture
Section titled “Overlay Network Architecture”┌─────────────────────────────────────────────────────────────────────────────┐│ Overlay Network Architecture │├─────────────────────────────────────────────────────────────────────────────┤│ ││ Host A Host B ││ ┌──────────────┐ ┌──────────────┐ ││ │ Container 1 │◀─── VXLAN ─────▶│ Container 2 │ ││ │ 10.0.0.2 │ │ 10.0.0.3 │ ││ └──────────────┘ └──────────────┘ ││ │ │ ││ └──────────┬─────────────────────┘ ││ │ ││ ┌───────▼────────┐ ││ │ Docker Swarm │ ││ │ Manager │ ││ └───────────────┘ ││ ││ Overlay Network: 10.0.0.0/24 ││ Encrypted VXLAN tunnels between hosts ││ │└─────────────────────────────────────────────────────────────────────────────┘Macvlan Network
Section titled “Macvlan Network”Give containers direct access to the physical network:
# Get host network interfaceip link show
# Create macvlan networkdocker network create -d macvlan \ --subnet=192.168.1.0/24 \ --gateway=192.168.1.1 \ -o parent=eth0 my-macvlan
# Run container on macvlandocker run -d --network my-macvlan --ip 192.168.1.100 nginxNetwork Commands
Section titled “Network Commands”# List networksdocker network ls
# Inspect networkdocker network inspect bridge
# Create networkdocker network create my-network
# Connect container to networkdocker network connect my-network container1
# Disconnect container from networkdocker network disconnect my-network container1
# Remove networkdocker network rm my-network
# Prune unused networksdocker network pruneDNS and Service Discovery
Section titled “DNS and Service Discovery”Automatic DNS
Section titled “Automatic DNS”In user-defined networks, Docker provides built-in DNS:
# Create networkdocker network create app-network
# Run containersdocker run -d --name api --network app-network myapidocker run -d --name web --network app-network myweb
# DNS resolution works automatically# web can reach api at http://api:portDNS Options
Section titled “DNS Options”# Use --dns to set custom DNSdocker run -d --dns 8.8.8.8 nginx
# Use --network-alias to set aliasdocker run -d --network-alias api --network app-network myapi
# Now accessible as both 'myapi' and 'api'Container Communication
Section titled “Container Communication”Container-to-Container
Section titled “Container-to-Container”# Both on same network - works by namedocker exec container1 curl http://container2:8080
# Using aliasdocker exec container1 curl http://api:8080Container-to-Host
Section titled “Container-to-Host”# Use host.docker.internal (Docker 20.10+)docker run -d myappdocker exec myapp curl http://host.docker.internal:8080
# On Linux, may need to add --add-hostdocker run --add-host host.docker.internal:host-gateway myappHost-to-Container
Section titled “Host-to-Container”# Port mapping requireddocker run -d -p 8080:80 nginx
# Access via localhost:8080curl http://localhost:8080Network Troubleshooting
Section titled “Network Troubleshooting”# Check container's network settingsdocker inspect container1 --format '{{json .NetworkSettings}}'
# View network connectionsdocker exec container1 netstat -tulpn
# Test connectivitydocker exec container1 ping -c 3 other-container
# Check DNS resolutiondocker exec container1 nslookup other-container
# View all network endpointsdocker network inspect my-networkNetwork Performance
Section titled “Network Performance”┌─────────────────────────────────────────────────────────────────────────────┐│ Network Performance Comparison │├─────────────────────────────────────────────────────────────────────────────┤│ ││ Driver Performance Use Case ││ ────────────────────────────────────────────────────────────────────── ││ host ★★★★★ High performance, no isolation ││ bridge ★★★★☆ Default, moderate isolation ││ overlay ★★★☆☆ Multi-host, encrypted ││ macvlan ★★★★★ Direct network access ││ │└─────────────────────────────────────────────────────────────────────────────┘Summary
Section titled “Summary”In this chapter, you learned:
- Docker network drivers (bridge, host, overlay, none, macvlan)
- User-defined bridge networks
- Port mapping and exposure
- DNS and service discovery
- Network troubleshooting