Navigating the Docker Network: A Comprehensive Guide

Docker Network

Docker networks are logical constructs that allow containers to communicate with each other and with external services. Docker networks are based on the concept of network drivers, which define how the network operates and what features it supports.

Docker Images: A Deep Dive into Container Technology

Docker provides several built-in network drivers, such as:

Besides these built-in network drivers, Docker also supports third-party network plugins that can provide additional features and functionalities for networking.

Main Components of Docker Network

How do Docker Networks Work?

Docker networks work by creating virtual interfaces, bridges, routes, iptables rules, and DNS entries on the host machine and inside the containers. These components enable the communication between containers and external services.

When you create a container without specifying a network, Docker automatically connects it to the default bridge network, called docker0. This network has a subnet of 172.17.0.0/16 and assigns each container an IP address from this range. For example, if you run two containers without specifying a network, they will have IP addresses like 172.17.0.2 and 172.17.0.3.

To enable communication between these containers, Docker creates a virtual interface for each container, called vethXXXXX, where XXXXX is a random string. These interfaces are attached to the docker0 bridge on the host machine. For example, if you run two containers without specifying a network, they will have interfaces like vetha1b2c3d and vethd4e5f6g.

To enable communication between these containers and external services, Docker uses port mapping or host networking. Port mapping allows you to expose a port on the host machine that maps to a port inside the container. For example, if you run a container with -p 8080:80 option, it will expose port 8080 on the host machine that maps to port 80 inside the container. Host networking allows you to use the host machine’s network stack for the container. For example, if you run a container with — network=host option, it will use the host’s IP address and ports for communication.

When you create a custom network using docker network create command, Docker creates a new bridge network with a different subnet and name. For example, if you run docker network create mynet command, it will create a new bridge network called mynet with a subnet of 172.18.0.0/16.

To enable communication between containers on this custom network, Docker assigns each container an IP address from this range and attaches their interfaces to the mynet bridge on the host machine.

To enable communication between containers on different networks, Docker uses network routing or network plugins. Network routing allows you to connect two or more networks using the host machine’s routing table. For example, if you have two networks, mynet1 and mynet2, with subnets of 172.18.0.0/16 and 172.19.0.0/16, respectively, you can connect them by adding a route on the host machine, such as:

sudo ip route add 172.19.0.0/16 via 172.18.0.1 dev mynet1

This will allow containers on mynet1 to communicate with containers on mynet2 using their IP addresses.

Network plugins allow you to connect two or more networks using a third-party solution, such as Weave Net, Calico, or Flannel. These plugins create overlay networks that span across multiple hosts and provide features such as encryption, load balancing, or service discovery.

To enable communication between containers and external services on custom networks, Docker uses ingress routing or service discovery. Ingress routing allows you to expose a port on the host machine that maps to a service inside the network.

Service discovery allows you to access a service inside the network using its name or alias. For example, if you run a service with — name web option on a custom network, you can access it using web or web.mynet as its hostname.

How to Use Docker Network?

To use Docker network, you need to perform three main steps.

Create a network

Create a network using the docker network create command or the Docker API. You can specify the name, driver, options, and labels for the network

docker network create --driver bridge --subnet 172.18.0.0/16 --gateway 172.18.0.1 my-network

This command creates a user-defined bridge network named my-network with a custom subnet and gateway.

Connect a container to a network

Connect a container to a network using the docker run command or the Docker API. You can specify the name or ID of the network and optionally an alias for the container

docker run -d --name my-container --network my-network --network-alias my-alias my-image

This command runs a container named my-container using the image my-image and connects it to the network my-network with an alias my-alias.

Communicate between containers using the container name

Communicate between containers using the container name, alias, IP address, or service name. You can use any network tool or protocol that works on the IP layer, such as ping, curl, HTTP

docker exec -it my-container ping my-alias

This command executes a ping command from inside the container my-container to another container with the alias my-alias on the same network.

Best Practices

Common Problems and Solutions

Conclusion

Docker network is a powerful and versatile component of Docker that enables you to create and manage networks for your containers.

It allows you to isolate, portabilize, scale, and customize your application’s networking according to your needs and preferences.

How to use Docker Compose to orchestrate multiple containers