Dmitry Nikolaev - stock.adobe.co
Networking is a key component of container deployment and management. And while Docker networking concepts present a learning curve to IT operations admins, a few fundamental best practices -- and commands -- can help them get started.
In this article, we'll review Docker networking basics, including the host and bridge network types, how to view available networks and learn about their configuration details, and how to expose ports for communication.
Docker host vs. bridge networking
Docker communicates over network addresses and ports. Within Docker hosts, this occurs with host or bridge networking.
With host networking, the Docker host sends all communications via named pipes. This method, however, can pose a security risk, as all traffic flows across the same set of containers with no segregation.
The other approach from Docker, bridge networking, provides an internal network that connects to the external one.
Use the docker network ls command to see a list of available networks. This command should return results that look similar to the output in Figure 1.
In the example, the administrator sees the two primary networking options -- bridge and host -- among others. The network IDs are shown in the first column, followed by the network name, driver and scope, which is the domain of the driver. Note that, in this example, the network names are the same as the driver names, but this is not the best practice, as it can create confusion.
Admins can create additional networks where traffic flows among containers specifically grouped together, to meet unique requirements. For example, an admin could segment network tiers by function type, such as front-end web servers.
Work within a Docker network
To discover network settings, including the host network, subnet and default gateway, use the docker network inspect command.
To find specific information on the bridge network, for example, use docker network inspect bridge. This command should enumerate pertinent network information, as shown in Figure 2.
When an admin creates a Docker image, that image will use the bridge network, by default. To connect to a running Docker container, use docker attach, which attaches the admin terminal to the running container via standard input and output streams.
A Docker network configuration example
To grasp more Docker networking basics, follow the below example, which features an Ubuntu container.
First, use the following command on the host to install a base Ubuntu container:
sudo docker run -itd ubuntu:latest
Once connected to the container, run the below command to update the package index, and then install the software package net-tools. You can then get the IP information from the host, which, in this example, is a Docker base Ubuntu install:
apt-get install net-tools
With the Ubuntu net-tools package installed, the admin can access basic network connectivity, IP address configuration and other aspects of the network setup, as shown in Figure 3.
After those steps are complete, the admin can create a new network on that bridge. Use the command below, specifying the driver to manage the network, which defaults to bridge.
docker network create --driver bridge newnet
To connect and use the network, provide the network type and name via the command line interface. For example:
docker run --network=newnet -itd ubuntu
A more complex example -- as cited on Docker's website -- is:
docker network create \
This approach enables the administrator to configure network details, such as subnets and gateways. However, all communication still goes through the host, so requires mapping at the host level for any external communication.
The role of ports
In addition to IP addresses, ports are a critical part of Docker networking basics. To connect from the local network to a Docker image -- for example, to expose HTTP or HTTPS -- an admin must expose those ports to the outside world.To expose those ports, provide them at the startup of a new container, specifying the network and the port in the command, as shown here with --network=newnet and -p 80:80, respectively, and choosing http:
docker run -itd --network=newnet -p 80:80 http
Open a web browser and navigate to the IP address of the Docker host. If set up correctly, it should show the HTTP welcome screen of Apache, as seen in Figure 4.
Depending on requirements, an admin can specify multiple ports. For example, organizations can use both HTTP and HTTPS on the same host.
These Docker networking basics cover the host level. As a system expands beyond a single host, explore more advanced networking options, such as network overlays, which eliminate a lot of the manual configuration required at a single-host level.