Docker networking enables communication between containers and the outside world. Let's explore the different types of Docker networks and their use cases.
1. Bridge Network (Default)
The default network driver in Docker. When you create a container without specifying a network, it automatically attaches to the bridge network.
# Create a custom bridge network
docker network create my-bridge-network
# Run container in custom bridge network
docker run --network my-bridge-network nginx
# Inspect bridge network
docker network inspect bridge
Key characteristics:
Containers on the same bridge can communicate
Provides network isolation
Supports port mapping to host
2. Host Network
Removes network isolation between container and host, allowing containers to use the host's network directly.
# Run container with host networking
docker run --network host nginx
Use cases:
Maximum performance required
Container needs direct access to host network
Network security is handled at host level
No port mapping needed as container uses host network directly
3. None Network
Completely isolates a container from the network.
# Run container with no networking
docker run --network none nginx
Best for:
Maximum security requirements
Containers that need no network access
Batch processing jobs
4. Overlay Network
Enables communication between containers across multiple Docker hosts (used when implementing docker swarm)
# Create an overlay network
docker network create -d overlay my-overlay-network
# Run service using overlay network
docker service create --network my-overlay-network nginx
Ideal for:
Docker Swarm deployments
Multi-host container communications
Distributed applications
Network Management Commands
Essential commands for managing Docker networks:
# List networks
docker network ls
# Create network
docker network create network-name
# Connect container to network
docker network connect network-name container-name
# Disconnect container from network
docker network disconnect network-name container-name
# Remove network
docker network rm network-name
Network Security Best Practices
- Use Custom Networks
# Create network with custom subnet
docker network create --subnet=172.20.0.0/16 secure-network
- Isolate Sensitive Services (docker compose setup)
# Docker Compose example with network isolation
services:
web:
networks:
- frontend
db:
networks:
- backend
networks:
frontend:
backend:
internal: true
Troubleshooting Network Issues
Common debugging commands:
# Check container networking details
docker inspect container-name
# Test network connectivity
docker exec container-name ping another-container
# View network logs
docker events --filter type=network
# Check DNS resolution
docker exec container-name nslookup hostname
There are two more networking options: MacvLAN and IPvLAN which are for advanced use cases, please refer this link for further information.