The docker engine creates three types of networks (drivers) when installed. These types of network are ready to be used by containers.
Bridge network: This network uses a software bridge (layer 2 switch) to connect containers that are running on the same host. These containers communicate with each other and are isolated from containers that are not connected to the same bridge. A newly created container joins the default bridge unless a user-defined bridge is specified.
Host network: This is the network to which the docker host is connected. Containers connected to this network can communicate with the host without port mappings. This network works only on linux systems.
None network: Containers with none network have their networking disabled. They cannot communicate with other containers. They are limited to loopback interface.
The ls command allows the listing of all networks on the host.
$ docker network ls
Options:
-q : List network ids
The inspect command displays detailed information about the network such as name, subnet, gateway, connected containers, and configuration.
$ docker network inspect <network-name>
$ docker network inspect bridge
The create command creates new networks. It has multiple options to configure the network.
$ docker network create [options] <network-name>
$ docker network create net1
$ docker network ls
$ docker network inspect net1
Options:
-d (--bridge) : Specify the type of network. It accepts either bridge, overlay, macvlan types. The network type is bridge if this option is omitted.
--gateway : The ip address of the gateway
--subnet : The subnet of the network using CIDR format
--ip-range : The range of ip addresses to use. They should be a subset of the subnet. It is specified in CIDR form.
Create a network of type bridge with a specific subnet.
$ docker network create -d bridge --subnet 192.168.2.0/24 net2
$ docker network inspect net2
Specify a gateway
$ docker network create -d bridge --subnet 192.168.3.0/24 --gateway 192.168.3.1 net3
Specify the ip address range that the network can assign to containers (DHCP server). The remaining ip addresses that are part of the subnet can be assigned to containers with static ip addresses. The ip-range is a subset of the subnet. (e.g. 192.168.4.16/28 = 192.168.4.16-192.168.4.31). See a subnet calculator.
$ docker network create -d bridge --subnet 192.168.4.0/24 --ip-range 192.168.4.16/28 --gateway 192.168.4.1 net4
When the --network is not specified, containers joins the default bridge network.
$ docker run -dit --name alpine1 alpine ash
$ docker run -dit --name alpine1 alpine ash
Check the containers that are connected to the default bridge network. The container list is under the containers section.
$ docker network inspect bridge
The two containers belong to the same network (e.g. 172.17.x.x). You can check this by executing the command ip addr show on each container.
$ docker exec alpine1 ip addr show
$ docker exec alpine2 ip addr show
To verify the connection between the containers, you may ping the ip address of the container from another container on the same bridge.
$ docker exec alpine1 ping 172.17.0.2
$ docker exec alpine2 ping 172.17.0.1
With the default bridge, you cannot ping containers using their names. There is no name resolution service.
$ docker exec alpine1 ping alpine2
Running containers can be connected to a specific network.
$ docker network connect <network-name> <container-name>
$ docker network create -d bridge mynet
$ docker run -dit --name alpine3 alpine
$ docker network connect mynet alpine3
$ docker network inspect mynet
Containers can be connected to a network during the startup using the --network option.
$ docker run -dit --name alpine4 --network mynet alpine
$ docker network inspect mynet
A container can be connected to multiple networks of the same network type (e.g. bridge)
$ docker network create mynet2
$ docker network connect mynet2 alpine4
$ docker network inspect mynet
$ docker network inspect mynet2
With the user-defined networks, you may ping containers using their names.
$ docker exec alpine3 ping alpine4
To exit from the ping, type Ctrl + C.
$ docker network disconnect <network-name> <container-name>
$ docker network disconnect mynet2 alpine4
$ docker network inspect mynet2
$ docker network disconnect mynet alpine3
$ docker network disconnect mynet alpine4
$ docker network inspect mynet
The rm command removes one or more networks. No container should be connected to the network you want to remove.
$ docker network rm <network-name>
$ docker network inspect mynet2
$ docker network rm mynet2
$ docker network ls
Networks that are unused can be removed using the prune command.
$ docker network prune
$ docker network ls
The predefined networks bridge, host and none cannot be removed. Only user-defined networks can be removed.
To bind a container to the host network, you can use the option --net host when running the container.
$ docker run -d --rm --net host --name nginx-host nginx
To test that the web server is available on the host, open the browser and navigate to http://localhost address.
The host network works only on Linux systems.
To disable networking on containers, you may use the option --net none when running or starting the container.
$ docker run --rm -it --net none --name alpine-none alpine ash
# ip addr show
# ip route