Docker Series – Part 18: Docker Swarm Networking, Overlay Networks & Docker Stack Deployment

In this 17th part of our Docker journey, we go beyond single-host containers and dive into the magic that makes multi-node communication, security, and stack-level orchestration possible.

Concepts Covered in This Session

• Bridge vs Overlay Networks

• Creating encrypted overlay networks

• How Swarm manages container-to-container communication across nodes

• Real-world deployment with Docker Stack

• Enabling service discovery and load balancing with Swarm

• Limitations of Docker Compose and how Stack solves them

• VXLAN, IPSEC, and container-level networking internals

Let’s walk through the major highlights

---

Bridge vs Overlay: Local vs Distributed Networking

By default, Docker creates a bridge network allowing containers on the same host to talk. But what happens when containers are spread across multiple nodes?

That’s where Overlay Networks come into play.

"Overlay networks allow containers running on different hosts to communicate as if they were on the same host."

Swarm automatically creates an overlay network during cluster initialization. All nodes that join the Swarm contribute to this distributed network.

Command to view all networks:

docker network ls

---

Encrypted Overlay Networks (IPSEC)

While overlay networks are powerful, by default they send packets in plain text. We can secure this communication using the --opt encrypted flag.

docker network create --opt encrypted --driver overlay mysecnet

With this, Docker uses IPSEC protocol to encrypt inter-container communication.

---

Real-Time Service Deployment & Fault Tolerance

Create a service:

docker service create --name myweb --publish 8080:80 vimal13/apache-webserver-php

Even if the container runs on a worker node, accessing the manager node’s IP renders the web app. Thanks to Swarm’s built-in load balancer and service discovery!

---

Creating Custom Overlay Network

You can create your own overlay network like this:

docker network create --driver overlay myoverlay

And deploy services in it:

docker service create --name myweb --network myoverlay --publish 8080:80 vimal13/apache-webserver-php

---

The Limitation of Docker Compose

Docker Compose is great, but it only works on a single node. In real-world distributed systems, this is a dealbreaker.

That’s why Docker introduced Stacks to run multi-container apps across multiple nodes using a familiar Compose file.

---

Docker Stack: Distributed Deployment Using Compose File

We built a small Flask + Redis app using:

📂 app.py
📄 Dockerfile
📦 requirements.txt
📋 docker-compose.yml

Sample Stack File (docker-compose.yml)

version: "3.9"
services:
  web:
    image: 127.0.0.1:5000/stackdemo
    build: .
    ports:
      - "8000:8000"
  redis:
    image: redis:alpine

Deploying with Stack:

docker stack deploy --compose-file docker-compose.yml mypyapp

You can access the app via:

curl 127.0.0.1:8000

Or in your browser using:

http://<node-ip>:8000

Checking the Stack:

docker stack ls
docker stack services mypyapp

---

Quick Learnings Recap:

• Overlay Networks connect containers across nodes.

• Use encryption for secure container communication.

• Docker Stack solves Docker Compose’s single-node limitation.

• Real-world deployments rely on VXLAN tunneling and Swarm services.

---

Real-World Use Case

This kind of distributed, fault-tolerant networking setup is widely used in:

• E-commerce platforms

• Banking systems

• Multi-region SaaS applications

• Containerized microservices architecture

---

Final Notes

This was one of the most exciting and foundational sessions to understand how distributed containers communicate and scale securely. With the Docker Stack capability, we are bridging the gap between development convenience and production-grade orchestration.

In the next article, we’ll explore container monitoring and logging in a Swarm cluster.

Stay tuned!