Docker provides several network drivers to suit different needs for container communication and isolation.
| Network Driver | Isolation | Connectivity | Use Case |
| Bridge | Containers are isolated from the host and other bridge networks. | Allows communication between containers on the same bridge network using container name/IP. Access to the external network via NAT (Network Address Translation). | Default for standalone containers. Used for local container-to-container communication on a single Docker host. Its the default network driver for containers on a single host. |
| Host | No network isolation between the container and the host. | The container uses the host's networking stack directly (same IP and ports). | Performance-critical applications or when you need the container to access the host's network services directly. |
| None | Complete network isolation. | No external or internal networking (only the loopback interface is available). | For specialized security or testing scenarios where a container should have no network access. |
| Overlay | Multi-host isolation. | Connects containers across multiple Docker hosts. | Used for Docker Swarm clustering and multi-host microservices communication. So it enable container communication between multiple docker host in orchestration environment. |
| Macvlan | Strong isolation; containers appear as physical devices. | Assigns a unique MAC address and IP address from the physical LAN to each container, bypassing NAT. | Integration with legacy network setups that expect physical devices on the network. |
| IPvlan | Similar to Macvlan, but containers share the host's MAC address. | Provides unique IP addresses to containers. More efficient for high-density environments. | High-scale networking, often used in telecommunications or cloud environments. |
Check the current network.
[root@devopsvm01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
7f85aa39d125 bridge bridge local
ec851c7b1512 host host local
3f368f337667 none null local
[root@devopsvm01 ~]#
[root@devopsvm01 ~]#
Spin up a new container and inspect it to see the network details.
[root@devopsvm01 ~]# docker run --name nginx-c1 -d -p 8080:80 nginx
5d421818a4698e50386339eca4e30aa76a102c693a0158cf67602832d496f5c1
[root@devopsvm01 ~]#
[root@devopsvm01 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5d421818a469 nginx "/docker-entrypoint.…" 10 seconds ago Up 9 seconds 0.0.0.0:8080->80/tcp, [::]:8080->80/tcp nginx-c1
0d88a6109a4b ubuntu "/bin/bash" 20 minutes ago Up 20 minutes u-c2
[root@devopsvm01 ~]#
[root@devopsvm01 ~]#
when you do docker inspect , yo will see the port binding and IP address details.
[root@devopsvm01 ~]# docker inspect nginx-c1
[
{
"Id": "5d421818a4698e50386339eca4e30aa76a102c693a0158cf67602832d496f5c1",
"Created": "2025-11-03T08:19:01.941879552Z",
"Path": "/docker-entrypoint.sh",
"Args": [
"nginx",
"-g",
"daemon off;"
],
"Ports": {
"80/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "8080"
},
{
"HostIp": "::",
"HostPort": "8080"
}
]
},
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "7ed33fec874900d0421ce68f276d0304d05a443f8b040924018bce86cda659c2",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "c2:bc:c8:10:ca:1a",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"MacAddress": "c2:bc:c8:10:ca:1a",
"DriverOpts": null,
"GwPriority": 0,
"NetworkID": "7f85aa39d125789216114adf547c80cd347822b2aeaf3978322b2c216972e4c5",
"EndpointID": "7ed33fec874900d0421ce68f276d0304d05a443f8b040924018bce86cda659c2",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DNSNames": null
}
}
}
}
]
[root@devopsvm01 ~]#
Create custom network.
[root@devopsvm01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
7f85aa39d125 bridge bridge local
ec851c7b1512 host host local
3f368f337667 none null local
[root@devopsvm01 ~]#
[root@devopsvm01 ~]# docker network create mynw
7ba38230b281847757e02caa04c564ad33079430cb839bd670a0fd8c602b85fa
[root@devopsvm01 ~]#
[root@devopsvm01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
7f85aa39d125 bridge bridge local
ec851c7b1512 host host local
7ba38230b281 mynw bridge local
3f368f337667 none null local
[root@devopsvm01 ~]#
Associate newly created network to a running container.
[root@devopsvm01 ~]# docker network connect mynw u-c2
[root@devopsvm01 ~]#
Inspect Container u-c2 to verify.
[root@devopsvm01 ~]# docker inspect u-c2 | grep -A40 Networks
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"MacAddress": "ba:c0:1d:9b:20:3b",
"DriverOpts": null,
"GwPriority": 0,
"NetworkID": "7f85aa39d125789216114adf547c80cd347822b2aeaf3978322b2c216972e4c5",
"EndpointID": "b7e7521103c707233bd849b0dda6d7257eab31cfa887ebca9f99178a4b95d2c6",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DNSNames": null
},
"mynw": {
"IPAMConfig": {},
"Links": null,
"Aliases": [],
"MacAddress": "1e:cd:65:dc:62:62",
"DriverOpts": {},
"GwPriority": 0,
"NetworkID": "7ba38230b281847757e02caa04c564ad33079430cb839bd670a0fd8c602b85fa",
"EndpointID": "1b55ffb577332b60dae4fd0b9b8c32ba290f8b0792c44d41c2289854f5e27ade",
"Gateway": "172.18.0.1",
"IPAddress": "172.18.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DNSNames": [
"u-c2",
"0d88a6109a4b"
]
}
}
}
}
[root@devopsvm01 ~]#
Logon to u-c2 container and verify the IP address
root@0d88a6109a4b:/# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.3 netmask 255.255.0.0 broadcast 172.17.255.255
ether ba:c0:1d:9b:20:3b txqueuelen 0 (Ethernet)
RX packets 7580 bytes 27237211 (27.2 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4361 bytes 267219 (267.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.18.0.2 netmask 255.255.0.0 broadcast 172.18.255.255
ether 1e:cd:65:dc:62:62 txqueuelen 0 (Ethernet)
RX packets 40 bytes 5624 (5.6 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3 bytes 126 (126.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
root@0d88a6109a4b:/#
Note: for ifconfig to work , you needs to install below package
apt update
apt install -y iproute2 net-tools
I see when I added mynw , docker has added IP address 172.18.0.2
172.17.0.3 is the default IP address associated with the bridge network.
Remove the network
[root@devopsvm01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
7f85aa39d125 bridge bridge local
ec851c7b1512 host host local
7ba38230b281 mynw bridge local
3f368f337667 none null local
[root@devopsvm01 ~]#
[root@devopsvm01 ~]# docker network rm mynw
Error response from daemon: error while removing network: network mynw has active endpoints (name:"u-c2" id:"1b55ffb57733")
exit status 1
[root@devopsvm01 ~]#
Stop u-c2 or exit from u-c2 container and retry.
root@0d88a6109a4b:/# exit
exit
[root@devopsvm01 ~]#
[root@devopsvm01 ~]# docker network rm mynw
mynw
[root@devopsvm01 ~]#
[root@devopsvm01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
7f85aa39d125 bridge bridge local
ec851c7b1512 host host local
3f368f337667 none null local
[root@devopsvm01 ~]#
Network prune
Network prune is used to remove all unused networks.
For the demo, create a new network and don't associate with any container.
[root@devopsvm01 ~]# docker network create mynw2
bd94d1fcf93630bddc13bdcb9fa8389b344a5964ccb34959094087b4ec0b8b52
[root@devopsvm01 ~]#
[root@devopsvm01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
7f85aa39d125 bridge bridge local
ec851c7b1512 host host local
bd94d1fcf936 mynw2 bridge local
3f368f337667 none null local
[root@devopsvm01 ~]#
[root@devopsvm01 ~]# docker network prune
WARNING! This will remove all custom networks not used by at least one container.
Are you sure you want to continue? [y/N] y
Deleted Networks:
mynw2
[root@devopsvm01 ~]#
[root@devopsvm01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
7f85aa39d125 bridge bridge local
ec851c7b1512 host host local
3f368f337667 none null local
[root@devopsvm01 ~]#
No comments:
Post a Comment