Skip to main content

Docker Networks

Docker networking is an essential aspect of containerized applications, enabling containers to communicate with each other and with external networks. Docker provides several network types, each designed for different use cases. Below is an overview of the various Docker networks.

Table of Contents

Bridge Network

The bridge network is the default network type when you run a container without specifying a network.

  • Use case: It's used when you want isolated communication between containers on the same host.
  • How it works: When you create a container using the bridge network, Docker creates a virtual bridge (typically named docker0) on the host machine. Containers connected to this network can communicate with each other but are isolated from other networks.
  • Features:
    • Containers can communicate with each other using their container IP addresses.
    • Containers can access the outside world through Network Address Translation (NAT).
    • You can expose ports to allow access from the host to containers.
# Create a container with bridge network (default network)
docker run -d --name my-container my-image

Host Network

The host network uses the host machine's networking stack instead of creating a virtual network for the container.

  • Use case: It's used when you need to have direct access to the host's network interfaces or need low-latency communication.
  • How it works: When a container is started with the host network, it shares the network namespace with the host, meaning the container doesn't have its own IP but uses the host's IP address.
  • Features:
    • The container has full access to the host’s network.
    • Useful when the container needs to access services on the host.
    • Avoids the overhead of virtual networking, leading to potentially faster communication.
# Run a container on the host network
docker run --network host -d my-image

None Network

The none network gives the container no network access (no virtual network interface).

  • Use case: It's used when you want complete isolation and prevent the container from accessing any networks.
  • How it works: Containers connected to this network won't have network access, meaning they cannot communicate with the outside world or other containers.
  • Features:
    • Useful for specific use cases like testing or for applications that don’t require network access.
    • Provides the maximum isolation for containers.
# Run a container with no network
docker run --network none -d my-image

Overlay Network

The overlay network enables containers on different Docker hosts to communicate with each other, typically used in Docker Swarm mode or Kubernetes clusters.

  • Use case: It’s used when you need multi-host networking, i.e., when containers running on different physical or virtual machines need to communicate.
  • How it works: Docker uses an overlay driver that creates a virtual network on top of the physical network. Containers across multiple hosts can communicate as if they were on the same local network.
  • Features:
    • Provides communication across multiple Docker hosts.
    • Essential for setting up a Docker Swarm or Kubernetes cluster.
    • Uses VXLAN or other tunneling protocols to encapsulate traffic between hosts.
# Create an overlay network in Swarm mode
docker network create --driver overlay my-overlay-network

Macvlan Network

The macvlan network allows containers to have their own unique MAC addresses and appear as separate devices on the network.

  • Use case: It’s used when you need containers to appear as separate physical devices on the network, with unique IP addresses.
  • How it works: It allows containers to connect directly to the physical network with their own MAC and IP addresses. This is useful when you want containers to be directly accessible from the physical network without NAT.
  • Features:
    • Containers can be accessed using their own IPs on the network.
    • It’s ideal for applications that require their own IP, like legacy apps or services that need to be discoverable by physical network devices.
    • Requires more advanced configuration, such as network bridges and VLANs.
# Create a macvlan network
docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o parent=eth0 my-macvlan-network

Host Gateway Network

The host gateway network (introduced in Docker 20.10) enables containers to access the host machine’s default gateway, allowing network communication outside the container to be routed via the host's gateway.

  • Use case: It's used when you want containers to access the internet but with different routing options than the default bridge or host networks.
  • How it works: Similar to the host network, but with more flexibility for routing and access.
  • Features:
    • Provides the ability to route network traffic from containers through the host gateway.
    • Allows for direct access to external networks but with container-specific isolation.
# Run a container using host gateway network
docker run --network host-gateway -d my-image

Summary of Docker Networks

Network TypeUse CaseKey Features
BridgeDefault network for single-host container commsIsolated containers on the same host, NAT support
HostContainers that need direct access to the host networkShares network stack with host, no container IP
NoneContainers without network accessMaximum isolation, no networking capabilities
OverlayMulti-host networking (Docker Swarm, Kubernetes)Cross-host communication, VXLAN tunneling
MacvlanContainers with unique MAC and IP on the networkDirect network access with individual IPs
Host GatewayContainers accessing host gateway for routingAllows containers to access external networks

Each network type has specific advantages depending on your use case, from isolated local networking to complex multi-host setups. Choose the network that fits your architecture and operational needs.

For more details, refer to the official Docker Documentation.