Docker Networking

By default, when you create or run a container using docker create or docker run, the container doesn't expose any of its parts to the outside world.

Use the --publish or -p flag to make a port available to services outside of docker. This creates a firewall rule in the host, mapping a container port to a port on the docker host to the outside world.

Let's talk about some Network Drivers 

Docker's networking is pluggable using drivers. Several drivers exist by default and provide core networking functionality.

In this context, "pluggable" means that Docker's networking system is modular and flexible. So, you can swap, add or customize networking components(drivers) without changing Docker's core itself.

Think of it like USB Devices, you can play in a mouse, keyboard, or external driver and each works differently, but the computer doesn't need to be redesigned.

Docker uses network drivers (like build-in or third party-ones) to handle how containers communicate Because it's pluggable.

Bridge: The default bridge network is good for running containers that don't require special networking capabilities. User-defined bridge networks enable containers on the same docker host to communicate with each other. A user-defined network typically defines an isolated network for multiple containers belonging for a common project or component.

Host: Host network shares the hosts network with the container. When you use this driver, the containers network isn't isolated from the host.

Overlay: Overlay networks are best when you need containers running on different Docker hosts to communicate, or when multiple applications work together using swarm services.

Macvlan: Macvlan networks are best when you are migrating from a VM setup or need your containers to look like physical hosts on your network, each with unique MAC address.

IPvlan: The IPvlan driver gives users total control over both IPV4 and IPV6 addressing. IPvlan is new twist on the tried and true network virtualization technique. The linux implementation are extremely lightweight because rather than using the traditional linux bridge for isolation, they are associated to a Linux Ethernet interface or sub-interface to enforce separation between networks and connectivity to the physical network.

In terms of Docker, a bridge network uses a software bridge which allows containers connected to the same bridge network to communicate, while providing isolation from containers which are not connected to that bridge network.

The docker bridge driver automatically installs rules in the host machine so, that containers on different bridge networks cannot communicate directly with each other.

When you start, a default bridge network (also called a bridge) is created automatically, and newly started containers connect to it unless otherwise specified.

docker network ls: It is used to list all networks. bridge is the default network.

docker network inspect bridge: It is used to inspect bridge network to see what containers are connected to it.

docker network create --driver bridge_network_name: It is used to create user defined bridge network.

docker run --name container_name -itd --network_name alpine: It is used to connect a container to a specified network e.g. host, user-defined bridge.

docker network connect container_name: It is used to connect a running container to an existing user-defined bridge.

docker network disconnect container_name: It is used to discover a running container to an existing defined bridge.

docker network rm network_name: It is used to delete specified network.

I created the container c1 from alpine image and after creating, if we inspect bridge network than you can see a container c1 is connected to bridge by default.