Skip to main content
HashnodeNail the Code | Frontend, Fullstack & Cloud Dev BlogNail the Code | Frontend, Fullstack & Cloud Dev Blog

Command Palette

Search for a command to run...

Docker Networking

Updated
3 min read
Docker Networking
N
Nail the Code
Part of seriesThe Cloud Journal

When a container starts, it is unaware of the specific type of Docker network it's connected to (e.g., bridge, host, overlay). By default, Docker uses a bridge network driver, which technically creates an isolated network system on the host machine. When a container is run, it will have it's own IP address, access to other containers on the same bridge network and also the ability to connect to the internet through a NAT (outbound not inbound).

If you want the container completely isolated you can use the none driver.

Also, if you want, you can have the container connected to multiple networks as well.

Internet Exposed vs Internal Networks

Let's use an example given on the official docker docs. We might have a frontend container that may be connected to the internet through a bridge network, which would give it access to connect to the internet. Remember how Docker uses this default bridge network that has outbound internet access via NAT? Imagine giving that access to a backend or database service, and it ends up pulling remote dependencies or having a misconfiguration that makes sensitive outbound calls. Yes, that is a major security concern. That is where an internal network comes into play.

When you don't want to use the default driver you can create a custom Docker network with the --internal flag. This can prevent any internet access from that network. This means we can use this network to connect the backend or database services to the frontend without exposing them to the wild wild internet.

Custom Gateway Configuration

Here you can define what your gateway is. Docker by default has one selected and it may change based on your configurations change. So to make sure that the gateway being used is the one you choose you can use the gw-priority and set the priority of your chosen gateway higher than the default value of 0. Btw this is for ipvlan, for bridge and overlay networks Docker auto selects the gateway.

Container to Container Networking

Apparently you can also directly connect a container to another container's network stack. Read more about that here.

IP Addresses and Subnets

Note to Self
Damn I wish I had given more attention to my networking lecturer during his lectures :( Now here I am, revisiting basic networking concepts and barely remembering any of them.

When you attach a container to a network it gets an IP address from the network's subnet. This is done automatically through the Docker daemon. By default docker has IPv4 address allocation enabled when creating a network, however you can always disable that and enable IPv6 using --ipv4=false and --ipv6.

Each network has a default subnet mask and gateway upon creation. The subnet mask is used to separate IP addresses on the local network from those outside, and the gateway serves as ... pretty much a gateway? It is the exit door through which packets going out of the network pass through.

Ports & DNS Config

Photo by william on Unsplash

Docker, by default, doesn't expose any ports of a container when you use docker create or docker run without the --publish / -p flag in use.

When it comes to DNS services, Docker inherits the same DNS settings from the host's configuration. You can override the DNS Server when running a container using the --dns.

Cover Photo by Dominik Lückmann on Unsplash

#docker#cloud

Comments

Join the discussion

No comments yet. Be the first to comment.

The Cloud Journal

Part 3 of 4

Unfiltered blogs on my attempt at building cloud related projects.

Up next

The Cloud Journal

📢

More from this blog

N

Nail the Code | Frontend, Fullstack & Cloud Dev Blog

11 posts