Docker Networking

---

1, 2

---

Docker networking is what allows your containers to talk to each other, the host machine, and the outside world. By default, Docker provides an isolated environment for each container, but you can use different network drivers to control how that isolation is broken.

---

The Core Network Drivers

Docker uses drivers to handle networking. Choosing the right one depends on your use case:

Driver	Best Use Case	Key Characteristic
Bridge (Default)	Standard standalone containers.	Creates a private internal network on the host.
Host	Performance-critical apps.	Removes isolation; container uses host's IP directly.
Overlay	Multi-host / Docker Swarm.	Connects multiple Docker daemons together.
Macvlan	Legacy apps / Network monitoring.	Assigns a MAC address, making the container look like a physical device.
None	Highly secure/Isolated tasks.	Disables all networking for the container.

---

Working with the Bridge Network

The Bridge network is what you will use 90% of the time.

Default vs. User-Defined Bridges

• Default Bridge: When you run a container without specifying a network, it joins the default bridge. However, containers on the default bridge can only talk to each other via IP addresses, which change often.

• User-Defined Bridge: Recommended for production. These provide Automatic DNS Resolution, meaning containers can talk to each other using their container names as hostnames.

Hands-on Example:

# 1. Create a custom network
docker network create my-app-net

# 2. Run a database container on that network
docker run -d --name db-container --network my-app-net mariadb

# 3. Run a web app on the same network
# It can now reach the DB using the hostname "db-container"
docker run -d --name web-app --network my-app-net my-web-img

---

Essential Docker Network Commands

Use these commands to manage and troubleshoot your connections:

• docker network ls: Lists all networks on your engine.

• docker network inspect [name]: See the subnet, gateway, and which containers are connected (with their IPs).

• docker network connect [net] [container]: Add a running container to a network on the fly.

• docker network disconnect [net] [container]: Remove a container from a network.

• docker network prune: Clean up all unused networks.

---

Advanced: Overlay and Macvlan

Overlay (Multi-host)

If you are running a cluster of servers (Docker Swarm), the Overlay driver creates a distributed network. Traffic is encrypted by default, and containers on Host A can ping containers on Host B as if they were on the same local switch.

Macvlan (Direct Physical Access)

If you have an application that must have its own identity on your physical network (e.g., it needs its own IP from your router's DHCP), Macvlan is the answer. It bypasses the Docker bridge entirely.

---

Pro-Tips for 2026

• Use Docker Compose: Don't manually create networks. Define them in your docker-compose.yml. Compose automatically creates a shared bridge network for all services in the file.

• Don't expose all ports: Use the -p flag only for services that need to be accessed from outside the host. For internal communication (like Web to DB), they will talk over the internal bridge without needing exposed ports.

• Security: If a container doesn't need internet access, use the --internal flag when creating the network to block all external traffic.

---