docker / getting-started

Container Networking

Motivation

Containers need to communicate with each other to function as a cohesive application. This requires defining a network for containers and establishing communication between them. The docker network command enables the creation and management of these networks.

Network Types

Docker offers multiple network types for connecting containers:

bridge (default)

  • Creates a new network with a dedicated bridge interface.
  • Containers on the same bridge can communicate with each other.
  • The docker0 bridge network is used for containers created without an explicit network.

Example

docker network create my-bridge-network

Source: https://docs.docker.com/engine/reference/commandline/network_create/

host

  • [IMPORTANT] No network isolation between container and host.
  • Containers share the host’s networking stack.
  • Containers can access host resources directly.

Example

docker run -it --network host nginx

Source: https://docs.docker.com/engine/reference/commandline/run/

none

  • No network connection for the container.
  • Useful for applications that handle networking on their own.

Example

docker run -it --network none ubuntu:latest

Source: https://docs.docker.com/engine/reference/commandline/run/

overlay (for Docker Swarm)

  • Creates a virtual network across multiple Docker nodes.
  • Uses VXLAN for network communication.
  • Suitable for distributed applications.

Example

docker network create -d overlay my-overlay-network

Source: https://docs.docker.com/engine/swarm/networking/

macvlan

  • Creates a virtual network interface with its own MAC address.
  • Used for advanced networking scenarios like directly connecting containers to physical networks.

Example

docker network create -d macvlan --subnet 172.17.0.0/16 --gateway 172.17.0.1 my-macvlan-network

Source: https://docs.docker.com/engine/reference/commandline/network_create/

Connecting Containers

  • Using Docker Compose: Specify the networks key in the docker-compose.yml file.
  • Using the docker network connect command: Directly connect a container to a network.
  • Using the docker run command: Specify the network when creating a container.

Example

version: "3.8"
          services:
            web:
              image: nginx:latest
              networks:
                - app-net
            db:
              image: mysql:latest
              networks:
                - app-net
          networks:
            app-net:
              driver: bridge

Source: https://docs.docker.com/compose/networking/

Network Subnets and IP Addressing

  • Networks can be assigned subnets and IP ranges.
  • Docker automatically assigns IP addresses to containers within the specified subnet.

Example

docker network create -d bridge --subnet 172.18.0.0/16 my-network

Source: https://docs.docker.com/engine/reference/commandline/network_create/

Network Configuration

  • Custom DNS: Configure custom DNS servers for containers on a network.
  • Network Aliases: Assign aliases to containers for easy name resolution.
  • Network Options: Customize network behavior using options like internal, ingress, and ipam.

Example

docker network create -d bridge --subnet 172.18.0.0/16 --gateway 172.18.0.1 --dns 8.8.8.8,1.1.1.1 my-network

Source: https://docs.docker.com/engine/reference/commandline/network_create/

Considerations

  • Network Security: Consider using firewalls or network policies to secure container communication.
  • Performance: Choose the appropriate network type for your application’s performance needs.
  • Scalability: Use Docker Swarm and overlay networks for scalable, distributed applications.

Source: https://docs.docker.com/engine/reference/commandline/network_create/