A Simple Analogy

Docker networking is like a postal system for containers. Each container has an address (IP), networks are like cities, and containers communicate through defined routes.

---

Network Types

| Type | Use Case | Scope | |------|----------|-------| | Bridge | Default, container-to-host | Single host | | Host | Performance critical | Host network | | Overlay | Multi-host communication | Swarm/Kubernetes | | Macvlan | Physical network access | Special use | | None | Isolated | Disabled |

---

Bridge Network (Default)

# Create custom bridge network
docker network create myapp-network

# Run container on network
docker run -d --name api --network myapp-network myapi:latest
docker run -d --name db --network myapp-network postgres:15

# Containers communicate by name: api:3000, db:5432

---

Multi-Host Networking (Overlay)

# In Docker Swarm
docker network create --driver overlay myapp-overlay

# Services on overlay network communicate across hosts
docker service create --name api --network myapp-overlay myapi:latest
docker service create --name db --network myapp-overlay postgres:15

---

Port Mapping

# Map container port to host
docker run -p 8080:80 nginx  # Host:8080 -> Container:80

# Map to specific interface
docker run -p 127.0.0.1:8080:80 nginx  # Only localhost

# Map multiple ports
docker run -p 8080:80 -p 443:443 nginx

# Random port assignment
docker run -p 80 nginx  # Gets random host port

---

DNS and Service Discovery

# In Docker Compose, services are automatically discoverable
version: '3.8'
services:
  api:
    image: myapi:latest
    # Accessible as: http://api:3000

  db:
    image: postgres:15
    # Accessible as: postgresql://db:5432

# api service can connect to db service by name
# Docker's embedded DNS resolves 'db' to container IP

---

Network Inspect

# List networks
docker network ls

# Inspect network details
docker network inspect myapp-network
# Shows connected containers and their IPs

# Inspect container network
docker inspect container_name | grep -A 20 NetworkSettings

---

Advanced: Custom DNS

# Use custom DNS server
docker run --dns 8.8.8.8 --dns 8.8.4.4 myapp:latest

# In Docker Compose
version: '3.8'
services:
  app:
    image: myapp:latest
    dns:
      - 8.8.8.8
      - 8.8.4.4
    dns_search:
      - example.com

---

Network Security

# Run container with no network
docker run --network none isolated-app:latest

# Limit outbound to specific hosts
docker run -d \
  --cap-add=NET_RAW \
  --network restricted \
  myapp:latest

# In Docker Compose with explicit networks
version: '3.8'
services:
  frontend:
    image: frontend:latest
    networks:
      - frontend-net

  api:
    image: api:latest
    networks:
      - frontend-net
      - backend-net

  db:
    image: postgres:latest
    networks:
      - backend-net

networks:
  frontend-net:
  backend-net:

---

Practical Example

version: '3.8'

services:
  frontend:
    image: frontend:latest
    ports:
      - "3000:3000"
    networks:
      - public
    depends_on:
      - api

  api:
    image: api:latest
    networks:
      - public
      - private
    depends_on:
      - db

  db:
    image: postgres:15
    networks:
      - private
    environment:
      POSTGRES_PASSWORD: secret

networks:
  public:
    driver: bridge
  private:
    driver: bridge
    internal: true  # No external access

---

Best Practices

1. Use custom networks: Better isolation
2. DNS by name: More reliable than IPs
3. Restrict networks: Only connect necessary services
4. Monitor traffic: Use tcpdump, Wireshark
5. Health checks: Verify connectivity

---

Related Concepts

• Docker Swarm ingress network
• Kubernetes service networking
• Reverse proxies for routing
• Container load balancing

---

Summary

Master Docker networking to enable secure, scalable inter-container communication. Use bridge networks for single-host development and overlay networks for multi-host production deployments.