Host Mode Networking
This mode allow the container shares the networking namespace of the host, it is directly exposed to the public network. It will use the host’s IP address and host’s TCP port space to expose the service running inside the container.
To enable this networking mode when run docker container by command:
# docker run -d — net=host — name container webservice:latest
This networking mode is simple, allow developers easy to understand, easy to use and troubleshoot. However, without an dynamic port assignment mechanism, network port will easily conflict lead to fail of service starting. There’re vulnerability due to sharing the host network namespace between container and host.
Bridge Mode Networking
The Docker daemon creates virtual ethernet bridge docker0, that automatically forwards packets between any other attached network interfaces. By default, all containers on a host will be connected to internal network. This mode put the container on a separated network namespace, and sharing the external IP address of the host amongst the many containers through the use of Network Address Translation.
To enable this networking mode when run docker container by commands:
# docker run -d — name -p 8801:80 container1 webservice:latest
# docker run -d — name -p 8802:80 container2 webservice:latest
The bridge mode networking prevent network port conflict when running multiple containers on the same host. Moreover each container own the private network namespace separate from the host, which could be considered safer. But this mode impact to network throughput and latency due to the use NAT, another drawbacks is controlling network port mapping between host and container, this should use automatic assignment by using container orchestrater.
