Master Docker Container Networking: From Container Mode to Overlay and Macvlan

Container Network

Container is a special Docker network mode where a newly created container shares the network namespace of an existing container instead of the host, inheriting its IP address and ports, resulting in no isolation between the two containers but isolation from the host and other containers.

Example: create a BusyBox container named test1 (default bridge mode) and inspect its IP (172.17.0.2). Then create another container with --network=container:test1 named test-container , which shares the same IP as test1 . Both containers can communicate, while isolated from the host and other containers.

Multi‑Node Container Networks

Docker supports two multi‑node network types: native Overlay networks (introduced in Docker 1.19) based on VxLAN, and third‑party plugins like Flannel and Calico.

Overlay Network creates a virtual network across hosts, enabling containers on different machines to communicate securely. Docker also supports distributed key‑value stores (Consul, etcd, ZooKeeper) for cluster state.

Deploy an Overlay network using three machines: one runs Consul (e.g., 192.168.56.135) and the other two host Docker. Configure each Docker daemon with --cluster-store=consul://192.168.56.135:8500 and --cluster-advertise=eth0:2376, reload the daemon, and restart Docker.

Create an Overlay network named ov-test with docker network create -d overlay ov-test. Verify its creation on both nodes; containers attached to this network receive IPs in the 10.0.X.0/24 range and can ping each other.

Overlay networks are global; they appear on all nodes because the network definition is stored in Consul.

To connect containers across different Overlay networks, attach a container from one network to the other using docker network connect.

Macvlan Network

Macvlan enables Docker containers to communicate across hosts by assigning additional MAC addresses to the host's physical NIC, effectively creating virtual sub‑interfaces.

Create a Macvlan network with

docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o parent=eth0 macvlan-net

on each host, then launch containers specifying an IP address to avoid conflicts.

Containers in the Macvlan network can ping each other across hosts, demonstrating cross‑host connectivity.

Summary

This article systematically covers Docker container networking, including none, host, bridge, container, overlay, and Macvlan modes, providing practical commands and diagrams to help readers master Docker networking techniques.