1.1 Bridge Network Driver
Docker network drivers let containers talk to each other and to external networks. Docker offers several network drivers, each with its own features and suited for specific use cases. In this lecture, we're gonna check out four main network drivers: bridge, host, none, and overlay.
The bridge network driver is the default network driver in Docker. It creates a private internal network where containers can communicate with each other. This network is isolated from the host’s external network.
Key Features:
- Containers connected to a
bridgenetwork can talk to each other via IP addresses. - External networks can’t directly interact with containers in a
bridgenetwork unless port forwarding is set up. - Easy to use for local development and testing scenarios.
Example Use Case:
When you create a container without specifying a network, it auto-connects to the bridge network.
docker run -d --name my_container nginx
To set up port forwarding, you use the -p flag.
docker run -d -p 8080:80 --name my_container nginx
1.2 Network Driver Host
The host network driver lets a container use the host machine's network stack directly. This means the container will have the same IP address as the host and access all its network interfaces.
Features:
- Containers using the
hostnetwork driver run faster due to reduced overhead on network virtualization. - Containers have access to the same network interfaces as the host, which might increase security risks.
- Useful for scenarios requiring high network performance or specific network configurations.
Example of usage:
docker run -d --network host --name my_container nginx
1.3 Network Driver None
The none network driver disables all network capabilities of the container. A container connected to the none network has no network interface, which completely isolates it from other containers and networks.
Features:
- Complete isolation of the container from all networks.
- Useful for containers that don't need a network, for example, for executing tasks independent of networking.
Usage example:
docker run -d --network none --name my_container busybox
1.4 Network Driver Overlay
The overlay network driver is used to create a distributed network that spans multiple Docker hosts. This driver is often used in Docker Swarm or Kubernetes to enable networking between containers on different hosts.
Features:
- Provides communication between containers on different hosts.
- Requires a configured cluster, such as Docker Swarm.
- Allows you to create virtual networks on top of existing networks, ensuring a high level of isolation and security.
Usage Example:
To use the overlay driver, you first need to create a Docker Swarm cluster.
1. Initialize Docker Swarm:
docker swarm init
2. Create an overlay network:
docker network create -d overlay my_overlay_network
3. Start containers connected to the overlay network:
docker service create --name my_service --network my_overlay_network nginx
1.5 Comparison of Network Drivers
Comparison of different network drivers
| Network Driver | Isolation | Performance | Applicability | Features |
|---|---|---|---|---|
| bridge | High | Moderate | Local networks | Default isolated network |
| host | Low | High | Performance | Shared network stack with the host |
| none | Complete | Highest | Isolation | Complete isolation from the network |
| overlay | High | High | Distributed networks | Communication between containers on different hosts |
Use of network drivers
-
Bridge: use for local apps and testing when containers need to interact with each other but must be isolated from the external network. -
Host: apply for apps requiring high network performance or specific network configurations where network isolation is not a priority. -
None: use for completely isolated containers that don’t need network interaction. -
Overlay: use for distributed apps running in a cluster where communication between containers on different hosts is required.
GO TO FULL VERSION