Docker Networking Explained — Bridge, Host, Overlay
In this tutorial, you'll learn about Docker Networking Explained. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.
What You'll Learn
Understand Docker networking — how containers communicate, network drivers (bridge, host, overlay), port mapping, and custom network configuration.
Why It Matters
Networking is where most Docker complexity lives. Understanding it is essential for multi-service apps and production deployments.
Real-World Use
A web container talking to a database container, Microservices discovering each other, or scaling services across multiple hosts in a swarm.
Docker Network Drivers
| Driver | Scope | Use Case |
|---|---|---|
| bridge | Single host | Default. Containers on same bridge can communicate |
| host | Single host | Container uses host's network directly |
| overlay | Multi-host | Swarm and Kubernetes networking |
| macvlan | Multi-host | Assign MAC addresses, appear as physical devices |
| none | Single host | No networking |
Bridge Network (Default)
When you run a container without specifying a network, it joins the default bridge:
# Both containers on default bridge
docker run -d --name web nginx:alpine
docker run -d --name db postgres:16-alpine
# They can communicate via IP addresses
docker inspect web | grep IPAddress # 172.17.0.2
docker inspect db | grep IPAddress # 172.17.0.3
# But NOT by container name (unless on user-defined bridge)
User-Defined Bridge
Better isolation and DNS resolution by container name:
# Create a custom bridge network
docker network create app-network
# Run containers on it
docker run -d --name web --network app-network nginx:alpine
docker run -d --name db --network app-network postgres:16-alpine
# Now web can reach db by name
docker exec web ping db # Works!
Host Network
Container shares the host's network stack:
# No port mapping needed — uses host ports directly
docker run -d --network host nginx:alpine
# Nginx is now available at localhost:80 (not through Docker NAT)
Use when: Performance-critical apps, apps that need to detect host IP/ports.
Security concern: Container has full host network access.
Overlay Network
For multi-host communication (Swarm or Kubernetes):
# In Docker Compose with Swarm
networks:
app-net:
driver: overlay
attachable: true
Port Publishing
# Map host port 8080 to container port 80
docker run -d -p 8080:80 nginx
# Multiple ports
docker run -d -p 8080:80 -p 8443:443 nginx
# Random host port
docker run -d -p 80 nginx # Host port assigned randomly
# Bind to specific interface
docker run -d -p 127.0.0.1:8080:80 nginx
Internal DNS
On user-defined networks, Docker provides built-in DNS:
# Create network
docker network create my-net
# Run containers
docker run -d --net my-net --name api my-api
docker run -d --net my-net --name web nginx:alpine
# web can resolve "api" to the container's IP
docker exec web ping api
Network Troubleshooting
# Inspect network
docker network inspect app-network
# Check container networking
docker inspect web --format '{{json .NetworkSettings}}'
# Test connectivity
docker run --rm --network app-network alpine ping web
# View iptables rules Docker created
iptables -L -n -t nat | grep DOCKER
# Capture traffic
docker run --rm --net container:web nicolaka/netshoot tcpdump
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro