Open in app

Sign in

Write

Sign in

Understanding Docker Bridge Network

Augustine Tetteh Ozor
6 min readJun 15, 2023

--

What is Docker Network?

Docker network is a virtual network that allows containers to communicate with each other and with the outside world. Docker provides a networking feature that enables containers to be connected to one or more networks, each with its own unique IP address.

When you create a Docker network, it creates a bridge network by default. The bridge network is under Linux bridge refer to as docker 0.

Docker also has an ethernet interface as shown below:

A bridge network acts as a software bridge that connects multiple containers together and provides isolation from other networks. Containers within the same bridge network can communicate with each other using their IP addresses or container names.

Docker also provides other types of networks, such as host networks and overlay networks.

- Host network: When you run a container in the host network mode, it shares the network stack with the Docker host, and thus the container’s network interface is directly attached to the host’s network interface. This mode gives the container full access to the host’s network stack, but it can also introduce potential security risks.

- Overlay network: Overlay networks are used for connecting multiple Docker daemons across multiple hosts. They enable containers running on different hosts to communicate with each other as if they were on the same network. Overlay networks use a distributed control plane to manage network routing and allow containers to discover and communicate with each other seamlessly.

Docker provides a default bridge network named “bridge” that containers can use for communication. However, you can create your own custom networks with specific configurations, such as defining a subnet, assigning IP addresses manually or automatically, and applying other network-related settings.

Check available networks on docker

Use the below to check the network

#this will display all the networks available on docker
 docker network ls

Creating Containers on Bridge Network

In Docker, when you create containers on a bridge network, each container is assigned an IP address from that network. Containers within the same bridge network can communicate with each other using these IP addresses.

By default, when you create a container without specifying a network, it is attached to the default bridge network named “bridge.” The Docker daemon automatically assigns an IP address to the container from the range of the bridge network subnet.

For example, let’s say you create two containers on the bridge network:

The subnet is 172.17.17.0/16 and the gateway is 172.17.0.1

Container 1:
— IP address: 172.17.0.2
— Container name: container1

Container 2:
— IP address: 172.17.0.3
— Container name: container2

These containers can communicate with each other using their respective IP addresses. For instance, container1 can reach container2 using the IP address 172.17.0.3

Additionally, Docker provides a built-in DNS resolution mechanism that allows containers to communicate using their container names as well. In this case, container1 can reach container2 using the hostname “container2” instead of the IP address.

By default, the bridge network provides automatic IP address assignment, but you can also define your own custom bridge networks with specific subnet ranges and manually assign IP addresses to containers if desired.

How to Create Container from bridge network

#this command will create a container from the default bridge
 #use can use - name to specify the container name
 
 docker run -dt - network bridge ubuntu bash 

 
 #use the command below to check the containers on the bridge network
 #and their ip address
 
 docker inspect <id of the bridge network>

By default, containers on the bridge network can communicate with each other, but they cannot directly communicate with containers in other networks unless additional configurations are made.

To verify if the two containers can communicate we need to enter one of the containers and ping the other. Let use the commands below to do that.

#use this command to enter a container
 docker exec -it <containerid> bash
 
 #update the packages
 apt-get update -y
 
 #install ping utility to allow us to use the ping command
 apt install iputils-ping -y
 
 #to ping a container use the commands below:
 ping <ip-address of the container you want to ping>
 
 #to ping an external network use the same method with dns
 ping google.com

We can verify that the containers within the bridge network can communicate with each other and also access external network.

Creating a customer bridge

You can create additional bridge networks using the `docker network create` command and then launch containers on those networks. This allows you to isolate containers on different networks and control their communication.

To create a custom bridge network, you can use the following command:

#this command will create a new bridg network name 'custom_bridge'
 
 docker network create custom_bridge

Let us create containers from the custom bridge the ‘docker run’ command

#this command creates a container from the custom_bridge network
#use can use --name to specify the name of the container

docker run -dt --network custom_bridge ubuntu bash

Now, `container1` and `container2` are connected to the “custom_bridge” network and can communicate with each other using their container names or IP addresses within that network.

Custom bridge networks provide a way to segment your containers into separate networks, control their network configurations, and manage their communication independently. It allows you to create different network environments for different sets of containers based on your application requirements.

We will use 172.18.0.2 to ping 172.18.0.3 on the custom_bridge network to verify if it will work.

The output shows that container 1 can communicate with container 2 on the custom_bridge network.

Let verify if containers in the bridge network can communicate with the custom_bridge network.

To do this will use the follow commands:

  1. We will enter the one of the containers on the bridge network
docker exec -it <container id>

2. We will ping one of the container on the custom_bridge network

#ping container 1 on custom_bridge from container 1 on default bridge


 ping 172.18.0.2

The result shows that the contain on the default network cannot communicate with the container on the custom_bridge network.

By default, containers on different networks, such as the default bridge network and a custom bridge network, cannot directly communicate with each other. Containers within the same network can communicate, but not across different networks without additional configuration.

_________________________________________________________________

😃All is done.

🔜 Watch out for the part two of this blog on how to connect two different networks to allow communication.

🐬#docker #network #devOps #cloudcomputing

Docker
Docker Networking
DevOps
Cloud

--

--

Augustine Tetteh Ozor

Written by Augustine Tetteh Ozor

129 Followers

Multi Cloud & DevOps Engineer| AWS Community Builder | ISC2 Certified Cybersecurity

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams