What are network drivers in Docker?

In Docker, network drivers help with communication between containers, allowing them to establish connections with external networks and one another while providing isolation, security, and flexibility. Docker offers a variety of network drivers to meet different networking requirements and scenarios.

There are four network drivers:

  • None network driver

  • Host network driver

  • Bridge network driver

  • Overlay network driver

None network driver

A network isolation option in Docker that turns off networking for a container is called a none network driver. A container launched with the none network—-network none—option has no network interfaces and is not connected to the outside world.

The none network driver
The none network driver

When a container doesn’t need network connectivity or access, using the none network driver may be useful in certain situations. When a container just needs to carry out fully self-contained functions and doesn’t require communication with other services or systems, isolated operation could be required for security concerns.

The following code shows how to run a network with none:

# Run a container without networking
docker run -d --name isolated-container --network none ubuntu

In this example, isolated-container is launched using the none network driver and is therefore entirely isolated from the network. It won't have internet access, won't be reachable from outside the container itself, and won't be able to communicate with other containers or services.

Host network driver

Containers can directly share the host’s networking stack due to the host network driver. This shows that containers running this driver share the host's network namespace and avoid network isolation.

The host network driver
The host network driver

This mode works well when isolation and security offered by the default bridge network driver are not needed, and performance is a key consideration. Due to the reduced separation between containers and the host system, host networking should be used cautiously, particularly in multitenant or production scenarios.

The following code shows how to run a network with host:

# Run a container using host networking
docker run -d --name container1 --network host nginx

In this example, a container named container1 is started using the host network mode and the nginx image. The container will use the networking of the Docker host itself, having direct access to the host's network interfaces. Any ports exposed by the nginx server in the container will be directly accessible on the host's IP address and ports.

Bridge network driver

When we create a Docker container without specifying a network, Docker uses the bridge network driver by default. On the host system, it establishes a virtual network bridge (docker0) that enables communication between containers.

The bridge network driver
The bridge network driver

Many applications make use of the bridge network driver, which enables communication across containers on the same network. While allowing containers to share the host system’s network resources, it offers an adequate level of isolation.

Let’s see how we can use the bridge network:

  • Step 1: Create a bridge network.

# Create a bridge network
docker network create my-bridge-network

The command above creates a new bridge network named my-bridge-network.

  • Step 2: Run containers attached to the bridge network.

# Run containers attached to the bridge network
docker run -d --name container1 --network my-bridge-network nginx
docker run -d --name container2 --network my-bridge-network redis

Two containers (container1 and container2) are made in this example and connected to the my-bridge-network. A redis instance is running in one container, while a nginx web server is running in the other. As both containers are a part of the same network, they can communicate to one another within the my-bridge-network by using either of their container names or IP addresses.

Overlay network driver

In Docker Swarm mode, the overlay network driver is primarily used to facilitate communication between containers across many Docker daemons, or hosts. It establishes an overlay network across several nodes in a Docker Swarm, facilitating smooth communication between containers running on various hosts.

An essential part of Docker Swarm networking is the overlay network driver, which offers a scalable and smooth means for containers on different nodes to communicate. It is especially helpful for distributed applications deployed in Swarm mode and require communication across containers running on different hosts.

Let's see how we can use the overlay network:

  • Step 1: Initialize the Docker Swarm:

docker swarm init

This command initializes a Docker Swarm on the current node if one isn’t already set up.

  • Step 2: Create an overlay network.

docker network create --driver overlay my-overlay-network

The my-overlay-network overlay network is created by the command above. The network driver should be of type overlay which is specifically made for Swarm mode, according to the --driver overlay flag.

  • Step 3: Deploy services attached to the overlay network.

docker service create --name service1 --network my-overlay-network nginx
docker service create --name service2 --network my-overlay-network redis

In this example, the built overlay network my-overlay-network deploys two services (service1 and service2). redis is used by one service, whereas another uses nginx. Even though these services could be operating on distinct Docker Swarm nodes, they can still communicate with one another.

Copyright ©2024 Educative, Inc. All rights reserved