Docker Networking

Bhaskar MehtaBhaskar Mehta
6 min read

Table of contents

What is Docker Networking?

Docker networking is used for security purposes. It is used to provide complete isolation for Docker containers.

-> Suppose we have created two containers container1 and container2 using docker.

-> By default both the containers can communicate with each other. It means we can access the data of container1 from container2 and we can also access the data of container2 from container1.

-> Now if we want that container1 data should not be accessed from container2 and vice-versa then with the help of docker networking we can achieve this by creating each container in a different network.

Mainly there are 4 types of networking –

1. Default Bridge

2. Custom Bridge

3. Host

4. None

NoteIf the containers are in the same network then they can communicate with each other.

Default Bridge

-> When we create containers then by default, all containers will be created in the default bridge network which is why all the containers communicate with each other.

-> In the above image, we can see that there are three networks which are bridge, host and none network.

-> Now we are creating two containers container1 and container2 and here we are not specifying any network name. Then by default, container1 and container2 will be created in the bridge network.

-> By running docker inpect <container name> command, in the Networks section we can verify the network name in which the container created is the bridge network.

-> By running docker inspect <network name> or docker inspect bridge command, we can check how many containers are created in the particular network.

-> As we can see that both container1 and container2 are in the same network which is the bridge network.

->So we can access the container1 from container2 and vice-versa. As both containers are in the same network so we can view the content of one container from another container.

->IP address of container1 we can get by running docker inspect container1 command -

->IP address of container2 we can get by running docker inspect container2 command -

-> Now we will access the container2 content from container1 by using curl <container2 ip> as curl 172.17.0.3

-> Here we have entered into the container1 and then used the curl command to access the container2 content.

-> Now we will access the container1 content from container2 by running curl <container1 ip> as curl 172.17.0.2

-> As we can see that we can get the content of container1 also.

Note - Here we are using the nginx container*. So I am changing the default content of nginx by -*

  1. Go inside the container1(Container)

  2. Run apt update command

  3. Go to the default page path of nginx which is /usr/share/nginx/html and run apt install vim

  4. Run ls command and now you will have to delete the index.html file by rm -rf index.html.

  5. Now create a new index.html file by running vi index.html. It will open a vi terminal, now press i and now add your content in this file for example "From container1". Now press Esc and Shift and :wq

  6. Now exit from the container by running exit command.

  7. Now do the same thing for other containers as well.

  8. Now access one container from another container.

Custom Bridge

-> Suppose we want to create containers in our network then we create the custom bridge network.

Commands to create the custom bridge network –

docker network create <network name>

Ex – docker network create my-custom-network

-> Here we have created our custom network which is my-custom-network.

To create a container in a custom network -

docker run –d --name <container name> --network <network name> <image name>

Ex - docker run -d --name custom-net-container --network my-custom-network nginx

-> Here we have created a container custom-net-container in my-custom-network.

-> By running docker inspect <container name> command, in the Networks section we can verify the network name in which the container is created.

-> Now this container can not communicate with the container in the default bridge network or another custom network.

Here IP address of custom-net-container is -

-> Now we will try to access the content of the custom bridge network(my-custom-network) from the default bridge network(bridge). i.e. From custom-net-container container to container1.

-> As both containers are in different networks, they should not access the content of another container.

-> Here we can see that we are not able to access the content of container1 from custom-net-container.

Host Network

-> If we create a container in the host network then this can be accessed from everywhere.

(Or) If we create a container in the host network then this container can directly be accessed to the internet without exposing the port.

docker run –d --name <container name> --network host <image name>

Ex – docker run –d --name host-container --network host nginx

-> Here we have created a container in the host network.

Note - When we run a container in Host Network then containers do not get their IP address. It has the host IP only.

-> When we run a container in a host network then its content can be accessed from any network's container or any network's container content can be accessed from the host network's container.

-> It means that container1 content can be accessed from host-container and vice-versa

-> Now we will access the content of container1 from host-container by curl <ip address of container1> as curl 172.17.0.2

-> Here we are able to access the container1 content from host-container

-> Now we will access the host-container content from container1.

-> As we know that container which is created in the host network does not get a separate IP address. It uses the host IP address.

-> So we will run the command curl <host ip address> as curl 172.31.86.232 because host IP address is 172.31.86.232

-> Here we are able to access the host-container content from container1.

None Network

-> If we want that our container should not be accessed from anywhere then we can create the container in None Network.

docker run –d --name <container name> --network none <image name>

Ex - docker run –d --name none-container --network none nginx

Commands in Docker Networking

1. docker network ls - List all the network

2. docker network create <network name> - Create the new docker network

Ex – docker network create my-network

  1. docker network inspect <network name> - It gives the information about the network and shows how many containers are created in this network.

Ex - docker network inspect my-network

4. docker network delete <network name> - It deletes the network

Ex - docker network delete my-network

0
Subscribe to my newsletter

Read articles from Bhaskar Mehta directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Dockerdocker-networkdocker-bridge-networkdocker-commandnetworking in docker

Written by

Bhaskar Mehta
Bhaskar Mehta

I am DevOps Engineer who works on DevOps tools like Docker, Kubernetes, Terraform, Git, GitHub, Jenkins and AWS services.