Docker Networking: Bridge, Host, and Overlay
Understand Docker networking modes, container communication, port mapping, custom bridge networks, and multi-host overlay networking with Docker Swarm.
Docker Network Drivers
Docker provides several network drivers for different use cases:
| Driver | Scope | Use Case |
|---|---|---|
| bridge | Single host | Default. Containers on the same host communicate via virtual bridge. |
| host | Single host | Container shares the host's network stack directly. |
| none | Single host | No networking. Fully isolated container. |
| overlay | Multi-host | Containers across multiple Docker hosts communicate. |
| macvlan | Single host | Container gets its own MAC and IP on the physical network. |
Bridge Networks (Default)
When you run a container without specifying a network, Docker attaches it to the default bridge network:
# Run two containers on the default bridge
docker run -d --name web nginx
docker run -d --name api node:20
# They can communicate by IP but NOT by name on the default bridge
docker inspect web | grep IPAddress
# "IPAddress": "172.17.0.2"
Custom Bridge Networks
Custom bridge networks are preferred because they provide automatic DNS resolution between containers:
# Create a custom network
docker network create app-network
# Run containers on the custom network
docker run -d --name web --network app-network nginx
docker run -d --name api --network app-network node:20
# Now containers can reach each other by name
docker exec web curl http://api:3000
# This works because Docker's embedded DNS resolves "api" to its container IP
Port Mapping
Containers are isolated by default. To expose a service to the host (and external clients), map ports:
# Map host port 8080 to container port 80
docker run -d -p 8080:80 nginx
# Map to localhost only (not accessible from other machines)
docker run -d -p 127.0.0.1:8080:80 nginx
# Map a random host port
docker run -d -p 80 nginx
docker port <container_id>
# 80/tcp -> 0.0.0.0:32768
Docker Compose Networking
Docker Compose automatically creates a bridge network for each project:
# docker-compose.yml
services:
web:
image: nginx
ports:
- "80:80"
api:
image: node:20
expose:
- "3000" # Internal only, no host mapping
db:
image: postgres:16
expose:
- "5432"
All three services can reach each other by service name (web, api, db) on the auto-created network. Only web is accessible from outside on port 80.
Host Network Mode
The host driver removes network isolation entirely. The container uses the host's network stack:
docker run -d --network host nginx
# Nginx listens on the host's port 80 directly
# No port mapping needed (or possible)
Host mode eliminates the NAT overhead and is useful for performance-critical applications. However, port conflicts become your responsibility, and container isolation is reduced.
Overlay Networks (Multi-Host)
For containers running across multiple Docker hosts (Docker Swarm), overlay networks provide transparent communication:
# Initialize Swarm
docker swarm init
# Create an overlay network
docker network create --driver overlay --attachable app-overlay
# Services on different hosts can communicate
docker service create --name web --network app-overlay nginx
docker service create --name api --network app-overlay node:20
Overlay networks use VXLAN encapsulation to tunnel traffic between hosts. From the container's perspective, communication works exactly like a local bridge network.
Network Troubleshooting
# List all networks
docker network ls
# Inspect a network (see connected containers)
docker network inspect app-network
# Check container's network settings
docker inspect --format='{{json .NetworkSettings.Networks}}' web
# Test connectivity from inside a container
docker exec web ping api
docker exec web nslookup api