Basics of Docker networking: Configuring communication between containers

Docker is an open-source platform that enables developers to build, ship, and run applications in containers.

One of the key advantages of containerization is the ability to easily configure communication between containers, allowing them to work together seamlessly to deliver a complete solution.

In this article, we'll explore the basics of Docker networking, and show you how to configure communication between containers.

What is Docker Networking:

Docker containers are designed to be self-contained and isolated, but they often need to communicate with each other to form a complete application.

Docker networking refers to the process of creating a virtual network that enables the communication between containers, as well as between containers and the host machine.

By default, Docker creates a bridge network for each host, which provides a secure and isolated environment for container communication.

When you create a container, it's automatically assigned an IP address on the bridge network, which allows it to communicate with other containers and the host.

However, if you want to configure more complex networking scenarios, such as creating multiple networks or connecting containers to external networks, you'll need to use Docker networking commands.

In this article, we will discuss how to configure communication between containers using Docker networking.

Types of Docker Networks

Docker provides several types of network drivers for creating custom networks that connect containers. Let's take a look at the different types of networks:

  1. Bridge Network

The bridge network is the default network in Docker, and it provides automatic IP address assignment to containers. Containers connected to the same bridge network can communicate with each other using their IP addresses or hostnames.

To create a bridge network, use the following command:

docker network create my-bridge-network

You can connect a container to the bridge network using the --network option when running the container:

docker run --network my-bridge-network my-container
  1. Host Network

The host network driver allows the container to use the host's networking directly. This means that the container does not have a separate network namespace and shares the host's network stack. This can improve network performance but can also cause security issues.

To use the host network, use the following command:

docker run --network host my-container
  1. Overlay Network

The overlay network driver allows you to create a distributed network across multiple Docker hosts. It uses the VXLAN protocol to create an overlay network that spans multiple hosts. Containers connected to the same overlay network can communicate with each other, even if they are running on different hosts.

To create an overlay network, use the following command:

docker network create --driver overlay my-overlay-network
  1. Macvlan Network

The Macvlan network driver allows you to assign a MAC address to a container, which makes it appear as a physical device on the network. This can be useful for legacy applications that require direct access to the network hardware.

To create a Macvlan network, use the following command:

docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o parent=eth0 my-macvlan-network

In this command, --subnet specifies the IP address range for the network, --gateway specifies the default gateway, and -o parent specifies the physical interface to use.

Creating a Docker Network

To create a new Docker network, you can use the docker network create command, followed by a network name and options to specify the network driver and subnet. For example, to create a new bridge network called my-network, you can run the following command:

docker network create --driver bridge --subnet 172.20.0.0/16 demo-network

This command creates a new bridge network with the specified subnet and assigns the name demo-network to the network. You can then use this network to connect containers to each other and to external networks.

Connecting Containers to a Network

Once you've created a network, you can connect containers to it using the --network option when you run the container.

For example, to start a new container and connect it to the my-network bridge network, you can run the following command:

docker run --name my-container --network my-network my-image

This command starts a new container called my-container from the image demo-image and connects it to the demo-network bridge network.

If you want to connect an existing container to a network, you can use the docker network connect command. For example, to connect a container called demo-container to the demo-network bridge network, you can run the following command:

docker network connect my-network my-container

This command connects the demo-container container to the demo-network bridge network.

Exposing Container Ports

When you connect containers to a network, you can also expose the container's ports to the network, allowing other containers to access the container's services.

To expose a port, you can use the -p option when you run the container, followed by the container port and the host port.

For example, to expose port 80 on the container to port 8080 on the host, you can run the following command:

docker run -p 8080:80 demo-image

This command starts a new container from the my-image image, and maps port 80 in the container to port 8080 on the host.

Using Docker DNS

By default, Docker provides a DNS server for containers, which allows containers to communicate with each other using hostnames instead of IP addresses. When you create a container, Docker automatically adds the container's hostname to the DNS server, which allows other containers to access the container using its hostname.

For example, if you have two containers called web and db connected to the same network, you can access the db container from the web container using its hostname, like this:

ping db

What is the Best Way to Work with Docker DNS:

Docker Compose is a tool that allows you to define and run multi-container Docker applications. It simplifies the process of configuring network communication between containers by allowing you to define networks in a single file.

To define a network in a Docker Compose file, use the following syntax:

In this example, we define a bridge network called my-network and connect two services (app and db) to it.

Network Security:

Security is an important consideration when configuring communication between containers.

By default, all containers on the same Docker network can communicate with each other, which can create a security risk. Here are some tips for securing your Docker network:

  1. Use Network Segmentation: Divide your Docker network into multiple subnets to restrict communication between containers. For example, you can create a separate network for your database containers and only allow application containers to access it.

  2. Use Access Control: Use Docker's built-in firewall to restrict traffic between containers. You can use

Conclusion:

In conclusion, Docker networking plays an important role in containerized applications. It provides a seamless and efficient way of communication between containers and the host machine. Docker offers a range of networking options, such as bridge, host, overlay, and macvlan, that can be used to meet various requirements.

Understanding Docker networking is crucial for anyone who works with Docker containers. It helps in managing containerized applications efficiently and effectively. Docker provides a lot of tools to monitor and troubleshoot networking issues, such as Docker inspect, Docker network, and Docker logs.

Overall, Docker networking is a powerful and essential feature of the Docker platform. It allows developers and operations teams to build and deploy complex containerized applications with ease. By mastering Docker networking, you can make your containerized applications more reliable, scalable, and secure.

Did you find this article valuable?

Support Ravi Kyada - The DevOps Guy by becoming a sponsor. Any amount is appreciated!