Post

Understanding Docker Networking - Exploring Different Network Drivers

Posted Updated
Preview Image
By Rynaard Burger 4 min read

Docker is a popular containerization platform that allows you to package and run applications in isolated environments called containers. In a multi-container environment, effective networking is crucial for seamless communication between containers and the outside world. Docker provides various network drivers to enable different networking capabilities for containers. In this blog post, we will explore Docker networking and the different network drivers available.

Let’s explore the different network drivers available in Docker and how to configure them for various use cases.

Understanding Docker Networking

Docker networking allows containers to communicate with each other and with external networks. By default, Docker creates a bridge network for each host, allowing containers to communicate with each other on the same host. However, Docker also provides additional network drivers that offer more advanced networking features and flexibility.

bridge

The default bridge network is created automatically when Docker is installed. It provides basic networking capabilities for containers running on the same host. Containers connected to the bridge network can communicate with each other using their IP addresses or container names.

Example of creating and running containers on the default bridge network:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

version: '3'
services:
  app1:
    build: .
    hostname: app1
    networks:
      - my-bridge-network

  app2:
    build: .
    hostname: app2
    networks:
      - my-bridge-network

networks:
  my-bridge-network:

The app1 container should now be able to ping the app2 container using the Docker internal network:

1
2

# Connect container2 to container1 on the default bridge network
docker exec -it app1 ping app2

host

The host network driver allows containers to share the network namespace with the Docker host. This means that containers directly use the host’s network stack, bypassing Docker’s network isolation. It provides better network performance but sacrifices container isolation. The host network driver is suitable for scenarios where you need to bind container ports directly to the host’s ports or require low-level network access.

1
2
3
4
5
6
7
8
9
10
11

version: '3'
services:
  app1:
    build: .
    hostname: app1
    network_mode: host

  app2:
    build: .
    hostname: app2
    network_mode: host

The app1 container should now be able to ping the app2 container using the host network:

1
2

# Connect container2 to container1 on the default bridge network
docker exec -it app1 ping app2

overlay

The overlay network driver creates a distributed network across multiple Docker hosts. It enables containers to communicate with each other seamlessly, even if they are running on different hosts.

This driver is suitable for running distributed applications or services that require high availability and scalability.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

version: '3'
services:
  app1:
    build: .
    networks:
      - my-overlay-network

  app2:
    build: .
    networks:
      - my-overlay-network

networks:
  my-overlay-network:
    driver: overlay

Assuming app1 and app2 runs on different Docker hosts, the app1 container should still be able to ping the app2 container:

1
2

# Connect container2 to container1 on the default bridge network
docker exec -it app1 ping app2

macvlan

The macvlan network driver allows containers to have their own MAC addresses and appear as separate physical devices on the network. It enables containers to directly connect to the physical network infrastructure, making them appear as individual devices on the network.

This driver is suitable for scenarios where you need containers to have direct access to the network, such as running network appliances or applications that require specific network configurations.

1
2
3
4
5
6
7
8
9
10
11
12
13

version: '3'
services:
  app:
    build: .
    networks:
      - my-macvlan-network

networks:
  my-macvlan-network:
    driver: macvlan
    driver_opts:
      parent: eth0
      mode: bridge

ipvlan

The ipvlan network driver is similar to the macvlan driver but operates at the IP layer. It allows containers to have their own IP addresses and appear as separate devices on the network.

1
2
3
4
5
6
7
8
9
10
11
12

version: '3'
services:
  app:
    build: .
    networks:
      - my_macvlan_network

networks:
  my_macvlan_network:
    driver: macvlan
    driver_opts:
      parent: eth0

bridge-nf-call-iptables

The bridge-nf-call-iptables network driver is used to enable forwarding traffic from Docker containers to the host’s iptables rules.

It is required when using Docker with network address translation (NAT) and iptables rules on the host.

1
2
3
4
5
6
7

version: '3'
services:
  app:
    build: .
    network_mode: bridge
    sysctls:
      - net.bridge.bridge-nf-call-iptables=1

none

The none network driver disables networking for the container, making it completely isolated from the network.

This driver is suitable for scenarios where you don’t require any network connectivity.

1
2
3
4
5

version: '3'
services:
  app:
    build: .
    network_mode: none

Conclusion

Docker provides a wide range of network drivers to meet different networking requirements for containers. By choosing the appropriate network driver and configuring it correctly, you can ensure secure communication, high performance, and scalability for your Docker applications.

Experiment with these network drivers and configurations to build and deploy containerized applications that meet your specific networking needs. Docker networking gives you the flexibility and control to create robust and interconnected container environments.

devops, docker
docker networking networking-drivers
This post is licensed under CC BY 4.0 by the author.