Skip to content

Docker Networking Explained — Bridge, Host, Overlay

DodaTech 2 min read

In this tutorial, you'll learn about Docker Networking Explained. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.

What You'll Learn

Understand Docker networking — how containers communicate, network drivers (bridge, host, overlay), port mapping, and custom network configuration.

Why It Matters

Networking is where most Docker complexity lives. Understanding it is essential for multi-service apps and production deployments.

Real-World Use

A web container talking to a database container, Microservices discovering each other, or scaling services across multiple hosts in a swarm.

Docker Network Drivers

Driver Scope Use Case
bridge Single host Default. Containers on same bridge can communicate
host Single host Container uses host's network directly
overlay Multi-host Swarm and Kubernetes networking
macvlan Multi-host Assign MAC addresses, appear as physical devices
none Single host No networking

Bridge Network (Default)

When you run a container without specifying a network, it joins the default bridge:

# Both containers on default bridge
docker run -d --name web nginx:alpine
docker run -d --name db postgres:16-alpine

# They can communicate via IP addresses
docker inspect web | grep IPAddress  # 172.17.0.2
docker inspect db | grep IPAddress   # 172.17.0.3

# But NOT by container name (unless on user-defined bridge)

User-Defined Bridge

Better isolation and DNS resolution by container name:

# Create a custom bridge network
docker network create app-network

# Run containers on it
docker run -d --name web --network app-network nginx:alpine
docker run -d --name db --network app-network postgres:16-alpine

# Now web can reach db by name
docker exec web ping db  # Works!

Host Network

Container shares the host's network stack:

# No port mapping needed — uses host ports directly
docker run -d --network host nginx:alpine

# Nginx is now available at localhost:80 (not through Docker NAT)

Use when: Performance-critical apps, apps that need to detect host IP/ports.

Security concern: Container has full host network access.

Overlay Network

For multi-host communication (Swarm or Kubernetes):

# In Docker Compose with Swarm
networks:
  app-net:
    driver: overlay
    attachable: true

Port Publishing

# Map host port 8080 to container port 80
docker run -d -p 8080:80 nginx

# Multiple ports
docker run -d -p 8080:80 -p 8443:443 nginx

# Random host port
docker run -d -p 80 nginx  # Host port assigned randomly

# Bind to specific interface
docker run -d -p 127.0.0.1:8080:80 nginx

Internal DNS

On user-defined networks, Docker provides built-in DNS:

# Create network
docker network create my-net

# Run containers
docker run -d --net my-net --name api my-api
docker run -d --net my-net --name web nginx:alpine

# web can resolve "api" to the container's IP
docker exec web ping api

Network Troubleshooting

# Inspect network
docker network inspect app-network

# Check container networking
docker inspect web --format '{{json .NetworkSettings}}'

# Test connectivity
docker run --rm --network app-network alpine ping web

# View iptables rules Docker created
iptables -L -n -t nat | grep DOCKER

# Capture traffic
docker run --rm --net container:web nicolaka/netshoot tcpdump

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro