BestHub
Sign in
Cloud Native 11 min read

Understanding Docker Networking: veth Pairs, Bridge, and Custom Networks

This article explains how Docker isolates containers using Linux veth pairs, the default docker0 bridge, the deprecated --link method, and how to create and use custom bridge networks for reliable service‑name communication and cross‑network connectivity.

Efficient Ops
Efficient Ops
Efficient Ops
Understanding Docker Networking: veth Pairs, Bridge, and Custom Networks

Docker Network Principles

Containers run in isolated environments similar to small Linux systems; Docker uses Linux veth pairs to connect each container to the host network.

1. Linux veth pair

A veth pair consists of two virtual network interfaces that are linked together, one attached to the container’s network stack and the other to the host.

veth pair connects two interfaces veth0 and veth1.

2. Understanding docker0

On the host you can see three interfaces:

lo      127.0.0.1      # loopback
eth0    172.31.179.120 # host IP
docker0 172.17.0.1     # Docker bridge
docker0 is created when Docker is installed and bridges containers to the host.

Example: start a Tomcat container.

[root@host]# docker pull tomcat
[root@host]# docker run -d -p 8081:8080 --name tomcat01 tomcat

After starting, a new veth pair appears (e.g., vethad33778@if200) and the container receives IP 172.17.0.2.

Each new container adds a veth pair linked to docker0.

3. Container linking – --link

Containers cannot reach each other directly; using --link adds the target container’s name to /etc/hosts.

[root@host]# docker run -d -p 8083:8080 --name tomcat03 --link tomcat02 tomcat
[...]
[root@host]# docker exec -it tomcat03 cat /etc/hosts
...
172.17.0.3 tomcat02 e4060ea4ee28   # linked container name
172.17.0.4 db75c42f7f7f
--link is one‑way; the source sees the target, but not vice‑versa.

4. Custom networks (recommended)

docker0 is the default bridge network.

It does not support DNS name resolution.

--link works but is deprecated.

Docker provides three built‑in network drivers: bridge, host, none.

# Create a user‑defined bridge network
docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet

Run containers on the custom network:

docker run -d -p 8081:8080 --name tomcat-net-01 --net mynet tomcat
docker run -d -p 8082:8080 --name tomcat-net-02 --net mynet tomcat

Containers can ping each other by name:

docker exec -it tomcat-net-01 ping tomcat-net-02
Service‑name resolution works without --link.

5. Network connectivity across networks

To connect a container to another network, use docker network connect: docker network connect mynet tomcat01 This attaches the container to the specified network, enabling cross‑network communication.

6. Summary

veth pair provides a paired virtual network interface.

Docker uses the default bridge network docker0.

docker0 acts as a router linking containers to the host.

Custom bridge networks allow service‑name resolution and avoid IP changes.

Network connect bridges containers across isolated networks.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

DockerbridgeVethcustom networkcontainer linking
Efficient Ops
Written by

Efficient Ops

This public account is maintained by Xiaotianguo and friends, regularly publishing widely-read original technical articles. We focus on operations transformation and accompany you throughout your operations career, growing together happily.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment