Docker Networks

What is Docker Networking?

Docker networking allows containers to communicate with:

  • Each other
  • The host machine
  • The outside world (internet)

Without a network, containers are completely isolated and cannot talk to each other or the outside world.

Default Network Drivers

Docker ships with several built-in network drivers:

DriverDescriptionUse Case
bridgeDefault network, containers on same hostSingle-host container communication
hostContainer uses host's network directlyBest performance, no isolation
noneNo networkingMaximum isolation
overlayMulti-host networkingDocker Swarm / multi-server setups
macvlanContainer gets its own MAC addressLegacy apps needing physical network access
graph TD subgraph HOST["Host Machine"] subgraph BRIDGE["bridge - default, containers talk by IP"] C1["container1\n172.17.0.2"] C2["container2\n172.17.0.3"] C3["container3\n172.17.0.4"] GW["docker0 gateway\n172.17.0.1"] C1 --- GW C2 --- GW C3 --- GW end subgraph CUSTOM["custom bridge - containers talk by NAME"] WEB["web container\nping db "] DB["db container\nping web "] WEB <-->|by name| DB end subgraph HOST_NET["host - no isolation, uses host network directly"] HC["container\nshares host IP"] end subgraph NONE_NET["none - fully isolated, no network"] NC["container\nno network interface"] end GW --> Internet end

1. Bridge Network (Default)

When you run a container without specifying a network, it connects to the default bridge network.

Containers on the default bridge can communicate by IP but not by name.

Custom bridge networks allow containers to communicate by name:

graph LR subgraph DEFAULT["Default Bridge - IP only, no DNS"] D1["Container A\n172.17.0.2"] -->|"ping 172.17.0.3 \nping containerB "| D2["Container B\n172.17.0.3"] end subgraph CUSTOM["Custom Bridge - DNS by name"] W["web"] -->|"ping db \ncurl http://db:3306 "| D["db"] end

All Docker Network Commands

docker network create - Create a Network

# Create a custom bridge network
docker network create my-network

# Create with a specific driver
docker network create --driver bridge my-network

# Create with a custom subnet
docker network create --subnet 192.168.10.0/24 my-network

# Create with a custom gateway
docker network create \
  --subnet 192.168.10.0/24 \
  --gateway 192.168.10.1 \
  my-network

# Create with IP range
docker network create \
  --subnet 192.168.10.0/24 \
  --ip-range 192.168.10.100/28 \
  my-network

# Create overlay network (for Docker Swarm)
docker network create --driver overlay swarm-network

# Create with labels
docker network create --label project=myapp my-network

# Create host network (already exists, can't create)
# docker network create --driver host  <- not needed, "host" already exists

docker network ls - List Networks

# List all networks
docker network ls

# Filter by driver
docker network ls --filter "driver=bridge"

# Filter by name
docker network ls --filter "name=my-network"

# Show only network IDs
docker network ls -q

# Custom format
docker network ls --format "{{.Name}}\t{{.Driver}}\t{{.Scope}}"

Example output:

NETWORK ID     NAME           DRIVER    SCOPE
a4b5c6d7e8f9   bridge         bridge    local
b5c6d7e8f9a0   host           host      local
c6d7e8f9a0b1   none           null      local
d7e8f9a0b1c2   my-network     bridge    local

docker network inspect - Detailed Network Info

# Inspect a network
docker network inspect my-network

# Inspect the default bridge
docker network inspect bridge

# Get connected containers
docker network inspect --format '{{json .Containers}}' my-network

# Get the subnet
docker network inspect --format '{{range .IPAM.Config}}{{.Subnet}}{{end}}' my-network

docker network connect - Connect Container to Network

# Connect a running container to a network
docker network connect my-network my-container

# Connect with a specific IP
docker network connect --ip 192.168.10.50 my-network my-container

# Connect with an alias (can be reached by this alias)
docker network connect --alias webserver my-network my-container

# Connect multiple networks to one container
docker network connect network1 my-container
docker network connect network2 my-container

docker network disconnect - Disconnect Container from Network

# Disconnect a container from a network
docker network disconnect my-network my-container

# Force disconnect (even if container is running)
docker network disconnect -f my-network my-container

docker network rm - Remove a Network

# Remove a network
docker network rm my-network

# Remove multiple networks
docker network rm network1 network2

# Cannot remove a network that has containers connected to it
# Disconnect containers first, then remove

docker network prune - Remove Unused Networks

# Remove all unused networks
docker network prune

# Remove without confirmation
docker network prune -f

# Filter by age
docker network prune --filter "until=24h"

Connecting Containers to Networks

At Container Creation (--network flag)

# Run a container on a specific network
docker run -d --name web --network my-network nginx

# Run another container on the same network
docker run -d --name db --network my-network mysql:8.0

# Now "web" can reach "db" by name:
# docker exec web ping db

After Container is Running

# Connect a running container to a network
docker network connect my-network existing-container

Practical Network Examples

Example 1 - Web App + Database (Isolated Network)

# Create a dedicated network for the app
docker network create app-network

# Start the database
docker run -d \
  --name mysql-db \
  --network app-network \
  -e MYSQL_ROOT_PASSWORD=secret \
  -e MYSQL_DATABASE=myapp \
  mysql:8.0

# Start the web app (same network - can reach mysql-db by name)
docker run -d \
  --name web-app \
  --network app-network \
  -p 8080:80 \
  -e DB_HOST=mysql-db \
  my-web-app

# web-app can connect to mysql-db:3306
# No need for IP addresses

Example 2 - Container Connected to Multiple Networks

# Create two networks
docker network create frontend-network
docker network create backend-network

# Start backend services (only on backend network)
docker run -d --name redis --network backend-network redis
docker run -d --name mysql --network backend-network mysql:8.0

# Start API (connected to both networks - acts as bridge)
docker run -d --name api \
  --network backend-network \
  my-api-app

docker network connect frontend-network api

# Start frontend (only on frontend network)
docker run -d --name frontend \
  --network frontend-network \
  -p 80:80 \
  my-frontend-app

# frontend -> api (via frontend-network)
# api -> redis and mysql (via backend-network)
# frontend -> redis directly  (isolated!)

Network Drivers in Detail

Bridge Network

# Default bridge - containers reach each other by IP only
docker run -d --name c1 nginx
docker run -d --name c2 nginx
# c1 cannot ping c2 by name - only by IP

# Custom bridge - containers reach each other by name
docker network create my-bridge
docker run -d --name c1 --network my-bridge nginx
docker run -d --name c2 --network my-bridge nginx
docker exec c1 ping c2   # works by name

Host Network

The container shares the host's network stack directly - no network isolation.

# Run with host networking
docker run -d --network host nginx

# nginx now listens on port 80 of the host directly
# No -p port mapping needed (or allowed)
# Access: http://localhost:80

When to use host: High-performance apps where network overhead matters, or when you need access to many host ports.

None Network

No networking at all - maximum isolation.

# Run with no network
docker run -d --network none my-app

# Container has no network interface (except loopback)
# Cannot reach internet or other containers

When to use none: Security-sensitive containers that should never access the network.

Port Mapping and Publishing

# Map host port 8080 to container port 80
docker run -d -p 8080:80 nginx

# Map to a specific host IP
docker run -d -p 127.0.0.1:8080:80 nginx   # localhost only

# Map UDP port
docker run -d -p 5000:5000/udp my-app

# Map multiple ports
docker run -d -p 8080:80 -p 8443:443 nginx

# Auto-assign a random host port for all EXPOSED ports
docker run -d -P nginx

# Check the auto-assigned port
docker port nginx-container

DNS in Docker Networks

Docker has a built-in DNS server for custom networks. Containers on the same custom network can find each other by container name.

# These containers can reach each other by name
docker network create app-net
docker run -d --name web --network app-net nginx
docker run -d --name api --network app-net my-api

# From inside "web" container:
# ping api        (Docker DNS resolves "api" to its IP)
# curl http://api:3000

Docker DNS does NOT work on the default bridge network - only on custom networks.

Network Commands Quick Reference

CommandWhat it does
docker network create <name>Create a new network
docker network lsList all networks
docker network inspect <name>Show network details
docker network connect <net> <container>Connect container to network
docker network disconnect <net> <container>Disconnect container
docker network rm <name>Delete a network
docker network pruneRemove all unused networks
docker run --network <name>Run container on specific network
docker run -p host:containerPublish a port
docker run -PPublish all exposed ports
docker port <container>Show port mappings

FAQ

Should I memorize every Docker command?+

No. Memorize the core workflow first: build, run, list, inspect, logs, exec, stop, remove, and clean up. Then learn specialized commands when you need them.

Is Docker only for developers?+

No. Docker is useful for system administrators, infrastructure engineers, DevOps engineers, cloud engineers, support engineers, and learners who want repeatable labs.

What should I do after reading this guide?+

Run the examples, write down what each command changes, rebuild the workflow with Docker Compose, and then add one CI/CD step that builds the image automatically.

Need help applying Docker in a real project?

Work directly with Muhammad Irfan Aslam for Docker, Linux, DevOps, CI/CD, cloud deployment, or infrastructure troubleshooting support.

Hire Me for Support