Docker 03 - Docker Networks Overview

Created in December 27, 2023

2023   ·   docker   ·   docker

Docker networks are a crucial component of containerized applications, allowing containers to communicate with each other and the outside world. In this post, we’ll explore the basics of Docker networks, focusing on the default network types you’ll see when running docker network ls.

Default Docker Networks

When you install Docker, it automatically creates three default networks:

  1. Bridge
  2. Host
  3. None

Bridge Network

The bridge network is the default private virtual network for Docker containers. When you run a container without specifying a network, it’s automatically attached to the bridge network.

Key features of the bridge network:

  • Containers on the bridge network can communicate with each other. All containers on the same virtual network can reach each other without needing to expose ports (-p).
  • It provides a layer of isolation from the host system.
  • Containers get their own IP address within the bridge network.
  • Port mapping is used to access container services from outside the Docker host.

Example

Let’s run an Nginx container and see how it’s connected to the bridge network:

docker container run --detach --name test1 --publish 8000:80 nginx

Run the following command to see the networks:

docker network ls

You’ll see the bridge network listed as one of the default networks:

NETWORK ID     NAME      DRIVER    SCOPE
638035b5ef34   bridge    bridge    local
189ad47fcfb9   host      host      local
54782e0f4314   none      null      local

You’ll see the bridge network listed as one of the default networks.

To see how ports are mapped, run:

docker container port test1

Host Network

The host network removes network isolation between the container and the Docker host. Containers on the host network share the host’s networking namespace.

Key features of the host network:

  • Containers use the host’s IP address and port space directly.
  • No need for port mapping.
  • Offers the best networking performance.
  • Reduces security isolation of the container.

Example

To run a container on the host network, use the --network host option:

docker container run --detach --name test2 --network host nginx

None Network

The none network is a container-specific network stack that lacks a network interface. Containers on this network have only a loopback interface.

Key features of the none network:

  • Provides maximum isolation from the network.
  • Useful for containers that don’t need network access.
  • Containers cannot communicate with other containers or the outside world.

Example

To run a container on the none network, use the --network none option:

docker run -d --network none alpine sleep infinity

This runs an Alpine container with no network access.

CLI Management

  • docker network inspect: Displays detailed information about a network.

  • docker network create: Creates a new network. You can specify the driver, subnet, gateway, and other options.

    Example:

    docker network create my_app_net

    The above command creates a new network named my_app_net.

  • docker network connect: Attach a network to a container. You can connect a container to multiple networks.

    Example:

    docker network connect my_app_net test1

    The above command connects the container test1 to the network my_app_net.

  • docker network disconnect: Detach a network from a container.

    Example:

    docker network disconnect my_app_net test1

    The above command disconnects the container test1 from the network my_app_net.

DNS in Docker Networks

Docker uses a built-in DNS server to provide name resolution for containers in user-defined networks. This makes it easier to reference and communicate with other containers within the same network.

Key Concepts

  1. Docker DNS Server:

    • Docker runs an internal DNS server for each user-defined network.
    • Containers in the same network can resolve each other’s names using the DNS server.

  2. Network Aliases:

    • Containers can be given network aliases using the --network-alias option.
    • Multiple containers can share the same alias, allowing DNS-based load balancing.

How It Works

  1. Container Name Resolution:

    • When a container joins a user-defined network, Docker’s DNS server registers the container’s hostname and IP address.
    • Containers can resolve each other’s hostnames to their respective IP addresses.

  2. Network Aliases:

    • Containers can be assigned one or more network aliases.
    • When a DNS query is made for an alias, Docker’s DNS server returns the IP addresses of all containers with that alias.
    • This enables basic DNS round-robin load balancing.

  3. DNS Round Robin:

    • When multiple containers share the same alias, Docker’s DNS server returns multiple A records (IP addresses) for the alias.
    • Client applications typically choose one of these IP addresses to connect to, effectively distributing the load among the containers.

Caveats

  • Make sure not to use static IP addresses or IPs for communicating with containers. It is recommended to use container names or service names for communication.


    Enjoy Reading This Article?

    Here are some more articles you might like to read next:

  • Dependency Injection
  • CPU Cache
  • Understanding Linear Blended Skinning in 3D Animation
  • Starvation in Operating Systems
  • Virtual Memory