Docker Container Networking and Network Modes Explained
This article provides a comprehensive guide to Docker container networking, covering the default networks, the four network modes (bridge, host, none, container), virtual Ethernet pairs, Linux network namespaces, and practical configuration examples such as port mapping and custom bridge creation.
Docker Container Networking
Docker creates three default networks after installation, which can be listed with docker network ls . The default bridge network (docker0) assigns each container an IP address (Container‑IP) and acts as the default gateway, allowing containers on the same host to communicate directly.
Docker's Four Network Modes
Network Mode
Configuration
Description
host
--network host
Container shares the host's network namespace.
container
--network container:NAME_OR_ID
Container shares the network namespace of another container.
none
--network none
Container gets its own network namespace but no network interfaces are configured.
bridge
--network (default)
Default bridge mode.
Bridge Mode
Docker creates a virtual bridge docker0 on the host. Containers are attached to this bridge, receive IPs from its subnet, and use the bridge as the default gateway. Port mapping with -p creates DNAT rules in iptables.
# docker network ls
NETWORK ID NAME DRIVER SCOPE
cd97bb997b84 bridge bridge local
0a04824fc9b6 host host local
4dcb8fbdb599 none null localContainer Mode
Shares the network namespace of an existing container, so the new container uses the same IP and ports. Filesystems remain isolated.
# docker run -it --name b2 --network container:b3 busyboxHost Mode
The container uses the host's network stack directly, gaining the host's IP address and ports without NAT, which improves performance but reduces isolation.
# docker run -it --name b2 --network host busybox
ifconfig
# shows the host's interfaces inside the containerNone Mode
Creates an isolated network namespace with only a loopback interface; the container has no external connectivity unless manually configured.
# docker run -it --network none busybox
ifconfig -a
# only lo interface is presentVirtual Ethernet (veth) Pairs and Network Namespaces
Linux network namespaces can be created with ip netns . A veth pair connects two namespaces, enabling communication between them.
# ip netns add ns0
# ip netns add ns1
# ip link add type veth
# ip link set veth0 netns ns0
# ip link set veth1 netns ns1
# ip netns exec ns0 ip addr add 192.0.0.1/24 dev veth0
# ip netns exec ns1 ip addr add 192.0.0.2/24 dev veth1
# ip netns exec ns0 ping -c 2 192.0.0.2Common Container Operations
Set hostname with --hostname , add custom DNS with --dns , or inject host entries with --add-host . Expose container ports to the host using -p in various forms.
# docker run -dit --name web1 -p 192.168.203.138::80 httpd
# docker port web1
80/tcp -> 192.168.203.138:49153Custom Bridge Networks
Create user‑defined bridge networks with specific subnets and gateways, then attach containers to them.
# docker network create -d bridge --subnet "192.168.2.0/24" --gateway "192.168.2.1" br0
# docker run --name b1 --network br0 busybox ifconfigDocker Daemon Configuration
Modify /etc/docker/daemon.json to set a custom bridge IP (bip) or registry mirrors, then reload and restart Docker.
{
"registry-mirrors": ["https://4hygggbu.mirror.aliyuncs.com/"],
"bip": "192.168.1.5/24"
}These examples demonstrate how Docker networking can be inspected, customized, and integrated with Linux networking tools for advanced container deployments.
Architect's Guide
Dedicated to sharing programmer-architect skills—Java backend, system, microservice, and distributed architectures—to help you become a senior architect.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.