Docker Bridge Network
Learn what a Docker bridge network is, how to create a docker bridge network, remove a docker bridge network, and docker container communication in a docker bridge network.
Table of Contents 📖
- What is a Docker Network?
- What is a Docker Bridge Network?
- Inspecting a Docker Network
- Creating a Docker Bridge Network
- Adding and Removing Docker Containers from a Docker Network
- Docker Container Communication
- Removing a Docker Network
What is a Docker Network?
Docker networks are networks that establish communication between Docker containers and the outside world. This communication is done through the host machine that the Docker daemon is running on. Docker supports different network types, one of these network types is a bridge network.
What is a Docker Bridge Network?
A bridge network consists of a bridge (hardware or software) that forwards traffic between network nodes. A Docker bridge network consists of a software bridge that connects Docker containers. Docker containers that are not connected to the bridge network are isolated from the network. The Docker bridge network is also the default network that Docker provides.
Inspecting a Docker Network
When Docker starts up, a bridge network called bridge is created by default. We can list the Docker networks using the docker network ls command.
docker network ls NETWORK ID NAME DRIVER SCOPE a7ae5bbcf70b bridge bridge local 7326878ec3b4 host host local 3268e81c32fc none null local
We can get more information about a specific network with the command docker network inspect
docker network inspect bridge [ { "Name": "bridge", "Id": "a7ae5bbcf70b3274293b8ac4ff1d3a84c6ecc6b24ab3c1a11730284731db334d", "Created": "2022-12-04T16:56:00.57771491Z", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} } ]
Some important information from above is the Subnet and Gateway. A subnet is a network inside a network. Specifically to Docker, the subnet is the network used by the Docker daemon. By default, Docker uses the 172.17.0.0/16 subnet range. A gateway is either software or hardware that is the entry and exit point of a network.
Creating a Docker Bridge Network
We can create a Docker bridge network with the docker network create
docker network create my-network 99a76ebbfafac28d0b9eac5cd8c4c63ebd7bd62b27f6ce42d222e63c159c4b1c
Now if we list out our Docker networks we can see my-network and the driver as bridge. We did not specify the network to be a bridge network. Remember, by default, Docker networks are bridge networks if no network type is supplied.
docker network ls NETWORK ID NAME DRIVER SCOPE a7ae5bbcf70b bridge bridge local 99a76ebbfafa my-network bridge local 7326878ec3b4 host host local 3268e81c32fc none null local
Adding and Removing Docker Containers from a Docker Network
Whenever a container is created, it is connected to the default bridge network if no network is provided. To demonstrate, lets create a simple alpine Docker container and execute a shell in it with the docker run command.
docker run -dit --name my-alpine-container alpine /bin/sh ccfce06f848f8e5f5e4b667bed47560270489af788c22a716675d8f1645058b4
- --name gives a name to the container
- -d Runs the container in the background and prints its ID
- -i keeps the standard input of the container open
- -t allocates a pseudo-TTY which makes the container look like a terminal connection session
Now lets inspect the default Docker bridge network and check the Containers property. The Containers property lists the Docker containers connected to the network.
docker network inspect bridge .... "Containers": { "ccfce06f848f8e5f5e4b667bed47560270489af788c22a716675d8f1645058b4": { "Name": "my-alpine-container", "EndpointID": "87e29bcca116705165652654143ba779e78af4ea3c80a045486c8740ad275314", "MacAddress": "02:42:ac:11:00:02", "IPv4Address": "172.17.0.2/16", "IPv6Address": "" } },
We can now see our alpine container along with the IP address it is accessible on. We can disconnect a Docker container from a network by using the command docker network disconnect
docker network disconnect bridge my-alpine-container
We can then add this alpine container to the network we created by using the command docker network connect
docker network connect my-network my-alpine-container
We can add a Docker container to a network on creation by providing the --network flag to the docker run command. The --network flag takes the name of the network we want to connect the container to. Lets create a alpine container called my-alpine-container2, start a shell in it in detached mode, and connect it to the network we created.
docker run -dit --name my-alpine-container2 --network my-network alpine /bin/sh 30c887f267333d0036509db7f079315b67f75a433deda549f45974bd0adacec2
Now lets check what containers are present in the network we created by inspecting it.
docker network inspect my-network "Containers": { "30c887f267333d0036509db7f079315b67f75a433deda549f45974bd0adacec2": { "Name": "my-alpine-container2", "EndpointID": "0ee2355f6cb391802b2ea3bbfc233ec6a96f50534904418b0a2a3268f63c2c10", "MacAddress": "02:42:ac:13:00:02", "IPv4Address": "172.19.0.2/16", "IPv6Address": "" }, "ccfce06f848f8e5f5e4b667bed47560270489af788c22a716675d8f1645058b4": { "Name": "my-alpine-container", "EndpointID": "2f1f847be3c522b82ab2365cfabaede81e7d3caef5712f9cb28c019a498dccfc", "MacAddress": "02:42:ac:13:00:03", "IPv4Address": "172.19.0.3/16", "IPv6Address": "" } },
Now we can see both alpine containers present inside the network. One with the IP Address 172.19.0.2 and the other with the IP Address 172.19.0.3.
Docker Container Communication
Now that we know the IP addresses of each Docker container in our network, lets have them communicate. Lets attach our terminal to one of the alpine Docker containers by running the command docker attach <container_name> where container name is the name of the container we want to attach to. Lets attach to my-alpine-container.
docker attach my-alpine-container
First, lets print the IP address of my-alpine-container by running hostname -i. The hostname command shows the hostname, the -i flag shows the address of the hostname.
hostname -i 172.19.0.2
Now lets ping the other container on the Docker network with the command ping
where address is the address of the device we want to send ICMP packets to.ping 172.19.0.3 PING 172.19.0.3 (172.19.0.3): 56 data bytes 64 bytes from 172.19.0.3: seq=0 ttl=64 time=0.479 ms 64 bytes from 172.19.0.3: seq=1 ttl=64 time=0.242 ms
--- 172.19.0.2 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.066/0.191/0.479 ms
We can also ping our other docker container by its name. This is because explicitly defined Docker bridges, like the one we created, provide DNS resolution between containers. The default bridge network does not provide automatic DNS resolution. Lets ping my-alpine-container2 by its name.
ping my-alpine-container2 PING my-alpine-container2 (172.19.0.2): 56 data bytes 64 bytes from 172.19.0.2: seq=0 ttl=64 time=0.296 ms 64 bytes from 172.19.0.2: seq=1 ttl=64 time=0.262 ms 64 bytes from 172.19.0.2: seq=2 ttl=64 time=0.201 ms 64 bytes from 172.19.0.2: seq=3 ttl=64 time=0.201 ms
--- my-alpine-container2 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 0.201/0.240/0.296 ms
Removing a Docker Network
We can remove a Docker network with the command docker network rm
docker network rm my-network
However, for a docker network to be removed, there must be no active endpoints in it.