Docker Networking
Network Drivers
| Driver | Use Case | Notes |
|---|---|---|
| bridge | Default for standalone containers | Isolated network on single host |
| host | Performance-critical apps | Shares host network stack; no isolation |
| overlay | Docker Swarm multi-host | Encrypts traffic between nodes |
| macvlan | Legacy apps needing MAC address | Container appears as physical device |
| ipvlan | Control L2/L3 routing | Container shares host MAC |
| none | Fully isolated container | No network interfaces except loopback |
Network Management
# List networks
docker network ls
# Create custom bridge network
docker network create \
--driver bridge \
--subnet 172.20.0.0/16 \
--ip-range 172.20.240.0/20 \
--gateway 172.20.0.1 \
my-network
# Create overlay network (Swarm)
docker network create \
--driver overlay \
--attachable \
--encrypted \
my-overlay
# Inspect network
docker network inspect my-network
# Connect / disconnect running container
docker network connect my-network my-container
docker network disconnect my-network my-container
# Remove network
docker network rm my-network
docker network prune # remove all unused
Port Binding
# Publish specific port
docker run -p 8080:80 nginx
# Publish to specific host IP
docker run -p 127.0.0.1:8080:80 nginx
# Publish all exposed ports (random host ports)
docker run -P nginx
# UDP port
docker run -p 5353:53/udp my-dns
# Multiple ports
docker run -p 80:80 -p 443:443 -p 22:22 my-server
# View port mappings
docker port my-container
# Check listening ports inside container
docker exec my-container ss -tlnp
DNS & Container Discovery
# Containers on the SAME user-defined network resolve by name
docker network create app-net
docker run -d --name db --network app-net postgres:16
docker run -d --name api --network app-net myapp
# api can reach db via hostname "db"
# Custom DNS settings
docker run \
--dns=8.8.8.8 \
--dns-search=example.com \
--hostname=my-host \
nginx
# Add /etc/hosts entry
docker run --add-host myservice:192.168.1.100 nginx
# Default bridge network uses IP only (not DNS)
# Always use user-defined networks for service discovery
Docker Compose Networking
# docker-compose.yml
services:
web:
image: nginx
ports:
- "80:80"
networks:
- frontend
- backend
api:
image: myapi
networks:
- backend
expose:
- "3000" # only accessible inside Docker network
db:
image: postgres:16
networks:
- backend
networks:
frontend:
driver: bridge
backend:
driver: bridge
internal: true # no internet access from this network
Network Troubleshooting
# Test connectivity between containers
docker exec web ping db
docker exec web curl http://api:3000/health
# Inspect container network settings
docker inspect --format='{{range .NetworkSettings.Networks{{"}}"}}{{.IPAddress{{"}}"}}{{end{{"}}"}}' my-container
# Run one-off network debug container
docker run --rm --network my-network nicolaka/netshoot \
nmap -p 80,443,3306 db
# Monitor network traffic (tcpdump)
docker run --rm --network container:my-container \
nicolaka/netshoot tcpdump -i eth0 port 80