Note_Tech

All technological notes.

---

Project maintained by simonangel-fong Hosted on GitHub Pages — Theme by mattgraham

Docker - Network

Back

• Docker - Network
  • Docker Commands
  • Types of Networks in Docker
    • Bridge Network (Default)
    • Host Network
    • None Network
    • Overlay Network
    • Macvlan Network
    • IPvlan Network
    • Lab: Bridge Network

---

Docker Commands

Command	Description
docker network ls	List all Docker networks
docker network inspect network_name	Show detailed info about a specific network
docker network create network_name	Create a default (bridge) network
docker network create -d bridge network_name	Create a custom bridge network
docker network create -d overlay network_name	Create an overlay network (used in Swarm)
docker network create -d macvlan network_name	Create a macvlan network for bridging to host network
docker network create -d transparent network_name	Create a transparent bridge network on Windows (for VM integration)
docker network rm network_name	Remove a Docker network (only if no containers are using it)
docker network prune	Remove unused networks to free up resources

• Connect/Disconnect Containers to/from Networks

Command	Description
docker network connect network_name container_name	Connect a running container to a network
docker network disconnect network_name container_name	Disconnect a container from a network

---

• Create a Transparent Network on Windows

docker network create -d transparent `
  --subnet=192.168.128.0/24 `
  --gateway=192.168.128.1 `
  -o com.docker.network.windowsshim.interface="VMware Network Adapter VMnet2" `
  pxe_net

• Create a Macvlan Network

docker network create --driver macvlan `
  --subnet=192.168.128.0/24 `
  --gateway=192.168.128.1 `
  -o parent=eth0 `
  pxe_net

---

Types of Networks in Docker

• Default network for container

Driver	Description
bridge	The default network driver.
host	Remove network isolation between the container and the Docker host.
none	Completely isolate a container from the host and other containers.
overlay	Overlay networks connect multiple Docker daemons together.
ipvlan	IPvlan networks provide full control over both IPv4 and IPv6 addressing.
macvlan	Assign a MAC address to a container.

---

Bridge Network (Default)

• Default network
  • uses the 172.17.0.0/16 subnet
• Key features:
  • isolate containers from the host
  • Containers can talk to each other (same network)
    • Use container IP / name
  • External access via port mapping
    • iptables (NAT)
• How it works:
  • Docker creates a virtual bridge: docker0
  • Each container connects via a veth pair
  • Containers get private IPs (e.g., 172.17.x.x)

Container A ──┐
              ├── docker0 (bridge) ── Host ── Internet
Container B ──┘

---

Host Network

• Key features:
  • Container shares host network stack
    • container uses the host’s network namespace, IP address, and network ports.
  • No separate IP
• Pros:
  • No NAT → better performance
• Cons:
  • No isolation
  • Port conflicts
• Use case:
  • if a container needs to access host network interfaces
  • very low latency is required for network access

---

None Network

• Key features:
  • No network access at all
• Used for:
  • security isolation
  • batch jobs

---

Overlay Network

• Key features:
  • Connect containers across multiple hosts
  • creates a virtual overlay network across several hosts.

Host A (Container A) ←→ Overlay Network ←→ Host B (Container B)

• Use case:
  • Docker Swarm
  • Kubernetes (conceptually similar)

---

Macvlan Network

• Assigns a MAC address to the container, thus making it appear on the network as if it were an actual device.
• This is useful in scenarios where you need to integrate Docker containers into existing networks that require specific MAC addresses or when the containers are supposed to communicate directly with some physical devices.

---

IPvlan Network

• It provides finer control of IPv4 and IPv6 addressing for containers.
• It provides different modes like L2 or L3 to serve different isolation and routing needs.

---

Lab: Bridge Network

# list all network
docker network ls
# NETWORK ID     NAME             DRIVER    SCOPE
# 64ccce4b39fe   bridge           bridge    local
# 00ff80315dde   host             host      local
# dfae2c7dc626   none             null      local

# inspect bridge
docker network inspect bridge
# [
#     {
#         "Name": "bridge",
#         "Id": "64ccce4b39fea1c2c9ff29d9c39c2edce435d6c506a53a012dc5b33e69ec7aff",
#         "Created": "2025-04-20T01:21:41.301203897Z",
#         "Scope": "local",
#         "Driver": "bridge",
#         "EnableIPv6": false,
#         "IPAM": {
#             "Driver": "default",
#             "Options": null,
#             "Config": [
#                 {
#                     "Subnet": "172.17.0.0/16",
#                     "Gateway": "172.17.0.1"
#                 }
#             ]
#         },
#         "Internal": false,
#         "Attachable": false,
#         "Ingress": false,
#         "ConfigFrom": {
#             "Network": ""
#         },
#         "ConfigOnly": false,
#         "Containers": {},
#         "Options": {
#             "com.docker.network.bridge.default_bridge": "true",
#             "com.docker.network.bridge.enable_icc": "true",
#             "com.docker.network.bridge.enable_ip_masquerade": "true",
#             "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
#             "com.docker.network.bridge.name": "docker0",
#             "com.docker.network.driver.mtu": "1500"
#         },
#         "Labels": {}
#     }
# ]

---

• Create a container using bridge network

# run 2 containers
docker run -d --name myapp01 -p 8081:8080 myapp:v1
docker run -d --name myapp02 -p 8082:8080 myapp:v1

docker ps

docker inspect myapp01
docker inspect myapp02
# confirm ip
curl localhost:8081/api/info
curl localhost:8082/api/info

# confirm 2 apps in the same bridge network can communicate with each other
docker exec -it myapp01 sh
curl ip_myapp01:8080/api/info
curl ip_myapp02:8080/api/info

# clear
docker rm -f myapp01 myapp02

---

• Create a custom defined network

docker network create my-bridge-net --subnet 10.0.0.0/19 --gateway 10.0.0.1
# confirm
docker network ls

# inspect
docker inspact my-bridge-net

• Create container using custom network

docker run -d --name myapp01 -p 8081:8080 --network my-bridge-net myapp:v1
docker run -d --name myapp02 -p 8082:8080 --network my-bridge-net myapp:v1

# confrim
curl localhost:8081/api/info
curl localhost:8082/api/info

docker exec -it myapp01 sh
# using dns to access app
curl myapp02:8080/api/info

# clean
docker rm -f myapp01 myapp02

• Delete custom network

docker network rm my-bridge-net
docker network ls

---

• Compose method

• compose.bridge.yaml

services:
  myapp01:
    image: myapp:v1
    ports:
      - 8081:8080
    networks:
      - my-bridge-net
  myapp02:
    image: myapp:v1
    ports:
      - 8082:8080
    networks:
      - my-bridge-net

networks:
  my-bridge-net:
    driver: bridge
    ipam:
      - subnet: "10.0.0.0/19"
        gateway: "10.0.0.1"

docker compose -f compose.bridge.yaml up -d
curl localhost:8081/api/info
curl localhost:8082/api/info

docker compose -f compose.bridge.yaml down