Networking Basics
Docker networking enables containers to communicate with each other and the outside world. Understanding Docker's network model is essential for building multi-container applications.
Docker Network Types
Docker provides several network drivers:
┌────────────────────────────────────────────────────────────────┐
│ Docker Host │
│ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ Bridge Network (default) │ │
│ │ ┌───────────┐ ┌───────────┐ ┌───────────┐ │ │
│ │ │ Container │ │ Container │ │ Container │ │ │
│ │ └───────────┘ └───────────┘ └───────────┘ │ │
│ │ └─────────────────┼─────────────────┘ │ │
│ │ docker0 │ │
│ └─────────────────────────┼───────────────────────────────┘ │
│ │ │
│ ┌─────────────────────────┼───────────────────────────────┐ │
│ │ Host Network │ │
│ │ (shares host network) │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ None Network │ │
│ │ (no network access) │ │
│ └─────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────┘
| Driver | Description | Use Case |
|---|---|---|
| bridge | Default isolated network | Most containers |
| host | Use host's network stack | Performance-critical apps |
| none | No networking | Security-isolated containers |
| overlay | Multi-host networks | Docker Swarm |
| macvlan | Assign MAC address | Legacy applications |
The Default Bridge Network
When you run a container without specifying a network, it connects to the default bridge:
# Run containers on default bridge
docker run -d --name web nginx
docker run -d --name api node
# Both are on the default bridge network
docker network inspect bridge
Default Bridge Limitations
- Containers communicate via IP addresses only (no DNS)
- Less isolation between unrelated containers
- IP addresses change on container restart
Creating Custom Networks
Custom bridge networks provide better features:
# Create a custom network
docker network create myapp-network
# Create with specific options
docker network create \
--driver bridge \
--subnet 172.20.0.0/16 \
--gateway 172.20.0.1 \
myapp-network
Custom Network Benefits
# Containers can resolve each other by name
docker run -d --name db --network myapp-network postgres
docker run -d --name api --network myapp-network myapi
# From api container, can connect to "db"
docker exec api ping db
# PING db (172.20.0.2): 56 data bytes...
Network Commands
Listing Networks
# List all networks
docker network ls
# Output:
NETWORK ID NAME DRIVER SCOPE
abc123 bridge bridge local
def456 host host local
ghi789 none null local
jkl012 myapp-network bridge local
# Filter networks
docker network ls --filter driver=bridge
Inspecting Networks
# Detailed network information
docker network inspect myapp-network
# Get specific field
docker network inspect -f '{{.IPAM.Config}}' myapp-network
# List connected containers
docker network inspect -f '{{range .Containers}}{{.Name}} {{end}}' myapp-network
Managing Networks
# Create network
docker network create mynetwork
# Remove network
docker network rm mynetwork
# Remove all unused networks
docker network prune
# Force prune without confirmation
docker network prune -f
Connecting Containers to Networks
At Container Creation
# Connect to specific network
docker run -d --name web --network myapp-network nginx
# Connect to multiple networks
docker run -d \
--name api \
--network frontend \
myapi
docker network connect backend api # Add second network
After Container Creation
# Connect running container to network
docker network connect myapp-network mycontainer
# Disconnect from network
docker network disconnect myapp-network mycontainer
DNS Resolution in Custom Networks
Custom networks provide automatic DNS:
# Create network
docker network create myapp
# Start database
docker run -d --name postgres --network myapp postgres
# Start application - can use "postgres" as hostname
docker run -d \
--name api \
--network myapp \
-e DATABASE_URL=postgres://user:pass@postgres:5432/db \
myapi
Network Aliases
Assign multiple DNS names to a container:
docker run -d \
--name postgres \
--network myapp \
--network-alias db \
--network-alias database \
postgres
# Container can be reached as "postgres", "db", or "database"
Host Network Mode
Container shares the host's network stack:
# Container uses host ports directly
docker run -d --network host nginx
# No port mapping needed - nginx is on host's port 80
curl localhost:80
When to Use Host Mode
- Maximum network performance needed
- Container needs to access host's localhost services
- Monitoring tools that need raw network access
Host Mode Limitations
- Only works on Linux (not Docker Desktop on Mac/Windows)
- Container can conflict with host ports
- Less isolation
None Network Mode
Completely isolated - no network access:
# No network interfaces except loopback
docker run --network none alpine ip addr
# Only shows lo (loopback)
# Use cases:
# - Batch processing of local files
# - Security-sensitive computation
# - Testing offline behavior
Multi-Network Architecture
Connect containers to multiple networks for isolation:
# Create frontend and backend networks
docker network create frontend
docker network create backend
# Database only on backend
docker run -d --name db --network backend postgres
# API on both networks
docker run -d --name api --network backend myapi
docker network connect frontend api
# Web server only on frontend
docker run -d --name web --network frontend nginx
┌──────────────────────────────────────────────────────────────┐
│ │
│ Frontend Network Backend Network │
│ ┌────────────────┐ ┌────────────────────────────────┐ │
│ │ │ │ │ │
│ │ ┌──────────┐ │ │ ┌──────────┐ ┌──────────┐ │ │
│ │ │ Web │ │ │ │ API │ │ DB │ │ │
│ │ │ Server │◄─┼───────┼─►│ Server │◄──►│ Postgres │ │ │
│ │ └──────────┘ │ │ └──────────┘ └──────────┘ │ │
│ │ │ │ │ │
│ └────────────────┘ └────────────────────────────────┘ │
│ │
│ Web can reach API │
│ API can reach DB │
│ Web CANNOT reach DB (different networks) │
└──────────────────────────────────────────────────────────────┘
Inspecting Container Network
# View container's network settings
docker inspect -f '{{json .NetworkSettings.Networks}}' mycontainer | jq
# Get container IP address
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mycontainer
# List container's ports
docker port mycontainer
Troubleshooting Network Issues
# Test connectivity from inside container
docker exec mycontainer ping other-container
docker exec mycontainer curl http://other-container:8080
# Check DNS resolution
docker exec mycontainer nslookup other-container
# View network configuration
docker exec mycontainer ip addr
docker exec mycontainer netstat -tlnp
Key Takeaways
- Docker provides bridge, host, and none network drivers
- The default bridge network lacks automatic DNS resolution
- Create custom networks for automatic DNS between containers
- Containers can be connected to multiple networks
- Use network isolation to control communication between services
- Host mode provides maximum performance but less isolation
- Use network aliases for flexible service discovery
- Custom networks are required for container-to-container DNS resolution