Docker Networking

Docker Networking

Docker networking allows containers to communicate with each other and the outside world. Several network types are supported to facilitate common use cases.

Docker Network Types

Docker has 5 built-in network drivers:

  • bridge : Default network. Isolates containers but allows them to communicate.

  • host: Removes isolation and attaches the container directly to the host network.

  • overlay: Allows containers on different Docker hosts to communicate.

  • macvlan: Assigns each container a MAC address, exposing it as a physical network interface.

  • none: Disables all networking for the container.

Bridge networks are the most commonly used. Host networks are useful when binding ports directly to the host. Overlay networks span multiple Docker hosts.

The docker network command allows you to create and manage Docker networks. The most commonly used subcommands are create, ls, inspect, rm, connect and disconnect.

Creates a Docker network. You can specify the network driver and options:

  docker network create --driver bridge my-network
  docker network create --driver overlay --subnet 10.0.9.0/24 my-overlay

Lists all networks:

  docker network ls
$ docker network ls
NETWORK ID     NAME           DRIVER    SCOPE
338357be06bf   bridge         bridge    local
ee5e48ae4cbc   my-network     bridge    local
bfd8a38e6635   host           host      local
0cc57ea63f2a   none           null      local

Inspects a network's details:

  docker network inspect bridge
$  docker network inspect bridge
[
    {
        "Name": "bridge",
        "Id": "338357be06bf26c708d16e17417ce40f18e61db47d24df3ebfd0259f3961c490",
        "Created": "2023-08-24T17:38:23.1225357Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]

Removes a network:

  docker network rm my-network

Connects a container to a network:

  docker network connect bridge container1

You can specify the IP address and aliases:

  docker network connect --ip 172.16.238.10 --alias db bridge container1

Disconnects a container from a network:

  docker network disconnect bridge container1

Removes all unused networks:

  docker network prune

Docker Compose makes it easy to manage networking between containers in an application. By default, Compose sets up a single network for your app and joins all containers to it. Containers can then communicate using the service names as hostnames.

However, Compose also allows you to define custom networks with specific options. This gives you more flexibility and control over how your containers are connected.

By default, when you run docker compose up, Compose performs the following:

  • A network called [projectname]_default is created.

  • Containers are created for each service defined in the docker-compose.yml file.

  • The containers join the default network and can be reached using their service names as hostnames.

For example:

  services:
    web: 
      build: .
    db:
      image: postgres

The web container can then connect to the db container using the hostname db.

You can define custom networks in the networks section of your Compose file:

  networks:
    front-tier:
    back-tier:

Then, you can attach services to the networks:

  services:
    web:
      networks:
        - front-tier
    db:  
      networks:
        - back-tier

This isolates the web and db containers on separate networks. Only services attached to both networks can communicate.

You can also:

  • Specify static IPs for containers

  • Connect to external networks

  • Use custom network drivers

  • Configure the default network

Here's an example docker-compose.yml file that defines two custom networks:

  networks:
    backnet:  
    frontnet:

  services:  
    db:  
      networks:  
        - backnet  
    backend:
      networks:
        - backnet  
        - frontnet 
    proxy:
      networks:
        - frontnet

The db service is only connected to the backnet while the backend service is connected to both backnet and frontnet. This allows the backend service to communicate with both db and proxy while isolating db and proxy.

Docker Compose makes it easy to manage networking between containers in an application:

  • Containers can communicate using service names by default

  • You can isolate services on custom networks

  • Compose manages port mappings between containers and the host

  • Advanced options allow for more complex network topologies

Overall, Compose networking drastically simplifies the process of connecting containers and allows you to focus on your application logic.

Docker networking provides flexibility in how containers communicate and connect to external networks. The appropriate network type depends on your use case. Bridge networks cover the majority of scenarios, with host and overlay networks fulfilling more specialized roles.

Hope this blog helped you somehow! Let me know if you have any other questions.