Smart Learning/Kubernetes Learning Journey/Docker

Docker Networking Types and Use Cases

---

TrackKubernetes Learning Journey
Current SectionDocker
Progress7 of 271

Docker Networking Types and Use Cases

1. Types of Docker Networks

  • Bridge (default)

    • Description: Containers communicate inside an isolated virtual network.
    • Use Case: Multi-container apps on a single host.

  • Host

    • Description: Removes isolation; container shares host’s network stack.
    • Use Case: Performance-critical apps (e.g., web servers).

  • Overlay

    • Description: Multi-host networking for Swarm/Kubernetes.
    • Use Case: Clustered applications.

  • Macvlan

    • Description: Assigns a unique MAC address to each container.
    • Use Case: Direct network integration (IoT, legacy apps).

  • None

    • Description: No network access.
    • Use Case: Fully isolated workloads.

2. Bridge Network (Default)

What is it?

  • Creates a virtual network inside the host.
  • Containers inside a bridge can talk to each other.
  • Containers can access external networks via NAT (masquerading).
  • Host and other networks cannot directly access the containers unless ports are mapped.

Example Use Case:

  • Running multiple microservices (e.g., web, db, cache) on the same host.
  • Default for standalone Docker containers.

Example: Creating and Connecting Containers in a Bridge Network

# Create a custom bridge network
docker network create my_bridge

# Run two containers in the bridge network
docker run -d --name web1 --network my_bridge nginx
docker run -d --name web2 --network my_bridge nginx

# Test network communication
docker exec -it web1 ping web2

Result: web1 can ping web2 using its container name.

How to Expose a Container to the Host?

docker run -d --name web -p 8080:80 nginx

Now, the host machine can access the container at http://localhost:8080.

3. Host Network

What is it?

  • Removes network isolation and uses the host’s network stack.
  • The container directly uses the host’s IP address (no port mapping required).

Example Use Case:

  • Running high-performance applications that require direct access to the network (e.g., web servers, VoIP applications).
  • Use when containers need very low latency (since there is no NAT overhead).

Example: Running an Nginx container with Host Network

docker run -d --network host nginx

Now, Nginx listens on the host's ports directly (e.g., http://localhost:80).

Limitations:

  • Cannot run multiple containers using the same port (e.g., two containers on port 80 will conflict).
  • Less isolation (containers share host’s network).

4. Overlay Network (Multi-Host)

What is it?

  • Used in Docker Swarm to enable communication across multiple hosts.
  • Creates a virtual distributed network across multiple Docker nodes.
  • Containers on different hosts can communicate as if they were on the same network.

Example Use Case:

  • Scaling applications across multiple machines (e.g., microservices in a Kubernetes cluster).
  • Cloud deployments where containers need to communicate securely across nodes.

Example: Creating an Overlay Network (Swarm Mode)

# Initialize Docker Swarm
docker swarm init

# Create an overlay network
docker network create --driver overlay my_overlay

# Deploy services using the overlay network
docker service create --name web --network my_overlay nginx

Benefit: Containers on different physical hosts can communicate securely.

5. Macvlan Network (Direct Physical Network Access)

What is it?

  • Assigns unique MAC addresses to containers, making them appear as physical devices on the network.
  • The container gets an IP address from the same subnet as the host.

Example Use Case:

  • Running IoT devices, legacy applications, or VMs that expect a real MAC address.
  • Integrating Docker with an existing physical network.

Example: Creating a Macvlan Network

# Create a Macvlan network
docker network create -d macvlan \
  --subnet=192.168.1.0/24 \
  --gateway=192.168.1.1 \
  -o parent=eth0 my_macvlan

# Run a container with a direct IP from the network
docker run -d --network=my_macvlan --ip=192.168.1.100 nginx

Benefit:

  • The container appears like a real network device.
  • Other devices in the network can communicate with the container without port mapping.

Limitation:

  • Requires network admin permissions.
  • Works only on specific network interfaces.

6. None Network (No Network)

What is it?

  • Containers are completely isolated from networking.
  • No external communication (except manual IPC setup).

Example Use Case:

  • Running security-sensitive workloads (e.g., malware analysis).
  • Isolating batch processing jobs that don’t need network access.

Example: Running a Container Without a Network

docker run -d --network none ubuntu

Benefit:

  • Maximum isolation for security-critical applications.

Choosing the Right Network Type

  • Running multiple containers on the same host

    • Recommended Network: Bridge

  • Running a high-performance web server

    • Recommended Network: Host

  • Deploying a multi-host cluster (Swarm/Kubernetes)

    • Recommended Network: Overlay

  • Exposing containers as physical devices

    • Recommended Network: Macvlan

  • Running isolated applications (no network access)

    • Recommended Network: None
Next TopicDocker Notes