Master Docker Networking: Bridge, Host, None, and Container Modes Explained

Introduction

Docker networking is a crucial component for enabling communication between containers, hosts, and external networks, offering multiple modes and configuration options to build efficient, secure, and scalable solutions.

Docker Network Modes

Bridge Network

The bridge mode is Docker's default. Docker creates a virtual bridge (docker0) on the host, connecting all containers to a Layer‑2 network similar to a physical switch. Each container receives its own network namespace, IP address, and a virtual eth0 interface, but communication with the host network requires NAT and port mapping.

Host Network

In host mode, containers share the host's network stack, using the host's IP address and interfaces directly without a separate network namespace, which improves performance but reduces isolation and may pose security risks.

None Network

The none mode isolates the container completely, providing no network interfaces except a loopback; it is useful for non‑networked workloads or debugging scenarios.

Container Mode

Container mode allows a new container to share the network namespace of an existing container, reusing its IP address and ports while keeping other resources isolated.

Docker Network Drivers

Docker leverages Linux kernel features through various drivers, each suited for specific scenarios:

bridge : default driver creating a virtual bridge for container‑to‑container communication on a single host.

host : merges the container into the host's network stack.

overlay : builds a distributed network across multiple Docker daemons, enabling cross‑host container communication.

macvlan : assigns a MAC address to containers, allowing direct connection to the physical network.

ipvlan : similar to macvlan but allocates IP addresses instead of MAC addresses for better scalability.

none : provides no networking at all.

Docker Network Configuration

Create a Network

Use docker network create to define a new network, specifying driver, subnet, gateway, IP range, and auxiliary addresses.

docker network create my-network

docker network create --driver overlay my-overlay-network

docker network create \
  --driver bridge \
  --subnet=172.25.0.0/16 \
  --gateway=172.25.0.1 \
  --ip-range=172.25.50.0/24 \
  --aux-address "my-router=172.25.50.10" \
  my-custom-network

Connect a Container to a Network

Attach a container to a network with the --network option in docker run or with docker network connect.

docker run --network my-network -d my-image

docker network connect my-network running-container

Docker Swarm Service Discovery and Load Balancing

In Swarm mode, Docker provides built‑in service discovery using DNS and virtual IPs, allowing services to locate each other without hard‑coded addresses. When multiple replicas run, Swarm automatically balances traffic across them using the underlying network driver and iptables.