Container Networking

🏘️ Docker Container Networking: Building a Neighborhood for Your Apps

The Big Idea: Imagine containers are like houses in a neighborhood. Networking is how these houses connect to each other and the outside world—through roads, bridges, and mailboxes!

🌐 Container Networking Overview

What’s the Story?

Picture a brand-new city being built. Each building (container) needs a way to:

• Talk to neighbors (other containers)
• Receive visitors (external traffic)
• Send mail (make requests to the internet)

Docker networking is the city planner that creates roads and addresses for every building!

How Docker Does It

# See all networks in your Docker city
docker network ls

Docker automatically creates three default networks:

1. bridge — The neighborhood road
2. host — Direct street access
3. none — A house with no doors

graph TD
    A["Docker Host"] --> B["bridge network"]
    A --> C["host network"]
    A --> D["none network"]
    B --> E["Container 1"]
    B --> F["Container 2"]
    C --> G["Container 3"]
    D --> H["Container 4"]

Simple Example:

# Run a container - automatically joins bridge
docker run -d --name my-web nginx

🌉 Bridge Network

The Neighborhood Street

Think of bridge as a quiet street inside your neighborhood. Houses on this street can:

• ✅ Talk to each other easily
• ✅ Go outside through the main gate (NAT)
• ❌ Can’t be seen directly from outside

How It Works

# This container joins the default bridge
docker run -d --name webapp nginx

# Check its network settings
docker inspect webapp | grep IPAddress

Output might show: "IPAddress": "172.17.0.2"

Key Points

Real Example — Two friends chatting:

# Start two containers
docker run -d --name alice nginx
docker run -d --name bob nginx

# Alice can ping Bob using Bob's IP
docker exec alice ping 172.17.0.3

🏠 Host Network

Sharing the Front Door

With host networking, your container uses the same address as your computer. No separate house—it’s like living in your parents’ house!

# This container shares YOUR network
docker run -d --network host nginx

When to Use It?

Simple Example:

# Nginx now listens on YOUR port 80
docker run --network host nginx
# Visit http://localhost — that's your container!

⚠️ Warning: Two containers can’t use the same port on host network!

🚫 None Network

The Isolated Castle

None means the container has NO network connection. Like a castle with the drawbridge up!

# This container is completely isolated
docker run -d --network none alpine sleep 1000

Why Would Anyone Want This?

• 🔒 Security: Processing sensitive data
• 🧪 Testing: Checking offline behavior
• 📦 Batch jobs: No network needed

Example — A lonely container:

docker run --network none alpine ping google.com
# Result: ping: bad address 'google.com'

🔨 Creating Networks

Building Your Own Roads

Default bridge is fine, but custom networks are like building your own private street!

# Create a custom network
docker network create my-street

Why Custom Networks Rock

graph TD
    A["Custom Network"] --> B["DNS Names Work!"]
    A --> C["Better Isolation"]
    A --> D["Custom IP Ranges"]
    B --> E["ping webapp works"]
    C --> F["Only members can talk"]

Example — Creating different network types:

# Simple bridge network
docker network create app-network

# With custom settings
docker network create \
  --driver bridge \
  --subnet 192.168.100.0/24 \
  --gateway 192.168.100.1 \
  custom-net

Network Drivers

🔧 Managing Networks

Keeping Your City Organized

List all networks:

docker network ls

Remove a network:

docker network rm my-street

Clean up unused networks:

docker network prune

Management Commands Cheat Sheet

Example — Spring cleaning:

# See what you have
docker network ls

# Remove old networks (careful!)
docker network prune -f

🔌 Connecting to Networks

Moving Between Neighborhoods

Containers can join networks when they start, or even switch neighborhoods later!

Method 1 — At birth:

docker run -d --network my-street \
  --name shop nginx

Method 2 — Join later:

# Connect running container to network
docker network connect my-street shop

# Disconnect from network
docker network disconnect bridge shop

Multi-Network Containers

A container can be on multiple networks at once! Like having houses in two neighborhoods.

graph LR
    A["Container"] --> B["frontend-net"]
    A --> C["backend-net"]
    B --> D["Web Servers"]
    C --> E["Database"]

Example — A container on two networks:

# Create two networks
docker network create frontend
docker network create backend

# Start container on frontend
docker run -d --network frontend \
  --name api nginx

# Also connect to backend
docker network connect backend api

🔍 Network Inspection

Becoming a City Inspector

Want to know everything about a network? Inspect it!

docker network inspect bridge

What You’ll See

{
  "Name": "bridge",
  "Driver": "bridge",
  "IPAM": {
    "Config": [{
      "Subnet": "172.17.0.0/16",
      "Gateway": "172.17.0.1"
    }]
  },
  "Containers": {
    "abc123": {
      "Name": "webapp",
      "IPv4Address": "172.17.0.2/16"
    }
  }
}

Key Information Revealed

Example — Find a container’s IP:

# Quick IP lookup
docker inspect webapp \
  --format '{{.NetworkSettings.IPAddress}}'

🎯 Quick Reference Summary

graph TD
    A["Docker Networking"] --> B["Default Networks"]
    A --> C["Custom Networks"]
    B --> D["bridge - default isolation"]
    B --> E["host - share host network"]
    B --> F["none - no network"]
    C --> G["docker network create"]
    G --> H["connect containers"]
    G --> I["inspect & manage"]

Commands You’ll Use Daily

💡 Pro Tips

1. Use custom networks for container name DNS
2. Host network is Linux-only (limited on Mac/Windows)
3. Inspect often to debug connection issues
4. Prune regularly to clean up orphan networks

🎉 You did it! You now understand how Docker containers talk to each other and the world. Networks are like roads — once you know how to build them, your containers can go anywhere!