In Docker, network drivers help with communication between containers, allowing them to establish connections with external networks and one another while providing isolation, security, and flexibility. Docker offers a variety of network drivers to meet different networking requirements and scenarios.
There are four network drivers:
None network driver
Host network driver
Bridge network driver
Overlay network driver
A network isolation option in Docker that turns off networking for a container is called a none network driver. A container launched with the none network—-network none
—option has no network interfaces and is not connected to the outside world.
When a container doesn’t need network connectivity or access, using the none network driver may be useful in certain situations. When a container just needs to carry out fully self-contained functions and doesn’t require communication with other services or systems, isolated operation could be required for security concerns.
The following code shows how to run a network with none
:
# Run a container without networkingdocker run -d --name isolated-container --network none ubuntu
In this example, isolated-container
is launched using the none
network driver and is therefore entirely isolated from the network. It won't have internet access, won't be reachable from outside the container itself, and won't be able to communicate with other containers or services.
Containers can directly share the host’s networking stack due to the host network driver. This shows that containers running this driver share the host's network namespace and avoid network isolation.
This mode works well when isolation and security offered by the default bridge network driver are not needed, and performance is a key consideration. Due to the reduced separation between containers and the host system, host networking should be used cautiously, particularly in multitenant or production scenarios.
The following code shows how to run a network with host
:
# Run a container using host networkingdocker run -d --name container1 --network host nginx
In this example, a container named container1
is started using the host network mode and the nginx
image. The container will use the networking of the Docker host itself, having direct access to the host's network interfaces. Any ports exposed by the nginx
server in the container will be directly accessible on the host's IP address and ports.
When we create a Docker container without specifying a network, Docker uses the bridge network driver by default. On the host system, it establishes a virtual network bridge (docker0
) that enables communication between containers.
Many applications make use of the bridge network driver, which enables communication across containers on the same network. While allowing containers to share the host system’s network resources, it offers an adequate level of isolation.
Let’s see how we can use the bridge network:
Step 1: Create a bridge network.
# Create a bridge networkdocker network create my-bridge-network
The command above creates a new bridge network named my-bridge-network
.
Step 2: Run containers attached to the bridge network.
# Run containers attached to the bridge networkdocker run -d --name container1 --network my-bridge-network nginxdocker run -d --name container2 --network my-bridge-network redis
Two containers (container1
and container2
) are made in this example and connected to the my-bridge-network
. A redis
instance is running in one container, while a nginx
web server is running in the other. As both containers are a part of the same network, they can communicate to one another within the my-bridge-network
by using either of their container names or IP addresses.
In Docker Swarm mode, the overlay network driver is primarily used to facilitate communication between containers across many Docker daemons, or hosts. It establishes an overlay network across several nodes in a Docker Swarm, facilitating smooth communication between containers running on various hosts.
An essential part of Docker Swarm networking is the overlay network driver, which offers a scalable and smooth means for containers on different nodes to communicate. It is especially helpful for distributed applications deployed in Swarm mode and require communication across containers running on different hosts.
Let's see how we can use the overlay network:
Step 1: Initialize the Docker Swarm:
docker swarm init
This command initializes a Docker Swarm on the current node if one isn’t already set up.
Step 2: Create an overlay network.
docker network create --driver overlay my-overlay-network
The my-overlay-network
overlay network is created by the command above. The network driver should be of type overlay
which is specifically made for Swarm mode, according to the --driver overlay
flag.
Step 3: Deploy services attached to the overlay network.
docker service create --name service1 --network my-overlay-network nginxdocker service create --name service2 --network my-overlay-network redis
In this example, the built overlay network my-overlay-network
deploys two services (service1
and service2
). redis
is used by one service, whereas another uses nginx
. Even though these services could be operating on distinct Docker Swarm nodes, they can still communicate with one another.