Docker Networking

Network Drivers

DriverUse CaseNotes
bridgeDefault for standalone containersIsolated network on single host
hostPerformance-critical appsShares host network stack; no isolation
overlayDocker Swarm multi-hostEncrypts traffic between nodes
macvlanLegacy apps needing MAC addressContainer appears as physical device
ipvlanControl L2/L3 routingContainer shares host MAC
noneFully isolated containerNo network interfaces except loopback

Network Management

# List networks docker network ls # Create custom bridge network docker network create \ --driver bridge \ --subnet 172.20.0.0/16 \ --ip-range 172.20.240.0/20 \ --gateway 172.20.0.1 \ my-network # Create overlay network (Swarm) docker network create \ --driver overlay \ --attachable \ --encrypted \ my-overlay # Inspect network docker network inspect my-network # Connect / disconnect running container docker network connect my-network my-container docker network disconnect my-network my-container # Remove network docker network rm my-network docker network prune # remove all unused

Port Binding

# Publish specific port docker run -p 8080:80 nginx # Publish to specific host IP docker run -p 127.0.0.1:8080:80 nginx # Publish all exposed ports (random host ports) docker run -P nginx # UDP port docker run -p 5353:53/udp my-dns # Multiple ports docker run -p 80:80 -p 443:443 -p 22:22 my-server # View port mappings docker port my-container # Check listening ports inside container docker exec my-container ss -tlnp

DNS & Container Discovery

# Containers on the SAME user-defined network resolve by name docker network create app-net docker run -d --name db --network app-net postgres:16 docker run -d --name api --network app-net myapp # api can reach db via hostname "db" # Custom DNS settings docker run \ --dns=8.8.8.8 \ --dns-search=example.com \ --hostname=my-host \ nginx # Add /etc/hosts entry docker run --add-host myservice:192.168.1.100 nginx # Default bridge network uses IP only (not DNS) # Always use user-defined networks for service discovery

Docker Compose Networking

# docker-compose.yml services: web: image: nginx ports: - "80:80" networks: - frontend - backend api: image: myapi networks: - backend expose: - "3000" # only accessible inside Docker network db: image: postgres:16 networks: - backend networks: frontend: driver: bridge backend: driver: bridge internal: true # no internet access from this network

Network Troubleshooting

# Test connectivity between containers docker exec web ping db docker exec web curl http://api:3000/health # Inspect container network settings docker inspect --format='{{range .NetworkSettings.Networks{{"}}"}}{{.IPAddress{{"}}"}}{{end{{"}}"}}' my-container # Run one-off network debug container docker run --rm --network my-network nicolaka/netshoot \ nmap -p 80,443,3306 db # Monitor network traffic (tcpdump) docker run --rm --network container:my-container \ nicolaka/netshoot tcpdump -i eth0 port 80

Related Tools

โ˜ AWS CLI Reference AWS CLI common commands reference โ˜ IAM Policies Reference AWS IAM Policy syntax reference โ˜ S3 Operations Reference AWS S3 bucket operations guide โ˜ Lambda Patterns AWS Lambda function patterns โ˜ EC2 Reference AWS EC2 instance management โ˜ CloudFormation Basics CloudFormation template syntax โ˜ VPC Guide AWS VPC network config guide โ˜ RDS Guide AWS RDS database instance guide ๐Ÿ”ต GCP CLI Reference gcloud CLI tool cheatsheet ๐Ÿ”ต GCP IAM Guide Google Cloud IAM permissions ๐Ÿ”ต Cloud Run Reference Google Cloud Run deploy guide ๐Ÿ”ต BigQuery Reference Google BigQuery SQL reference