Docker Networking
Difficulty: medium
Overview
Docker networking enables containers to communicate with each other and the external world.
Built-in Network Drivers:
| Driver | Description |
|---|---|
bridge | Default for standalone containers. Virtual switch on host. |
host | Container shares host network namespace — no network isolation. |
none | No networking. Container has only loopback (lo). |
overlay | Multi-host networking for Docker Swarm via VXLAN. |
macvlan | Assigns MAC address to container — appears as physical device on network. |
ipvlan | Similar to macvlan but shares the host MAC address. |
The docker0 Bridge:
- Default virtual bridge interface created at Docker startup (typically 172.17.0.0/16).
- Containers on the default bridge communicate by IP only — no DNS name resolution.
- User-defined bridges provide automatic DNS: containers find each other by name.
Virtual Ethernet (veth) Pairs:
- Each container gets a veth pair: one end in the container (
eth0), one on the host connected to docker0. - This is the plumbing that lets container traffic reach the host and external networks.
Port Publishing:
-p host:container— maps host port to container port via iptables NAT rules.-p 127.0.0.1:8080:80— bind only on localhost (more secure).-P— publish ALL EXPOSE'd ports to random high host ports.EXPOSEin Dockerfile documents intent but does NOT publish — requires-pat runtime.
User-Defined Bridge:
docker network create mynet docker run --network mynet --name api myapi # reachable as "api" by name docker run --network mynet --name web nginx # can reach "api" by DNS
Container Linking (Deprecated):
--link injects environment variables and /etc/hosts entries. Use user-defined networks instead.
Practice Linked Questions
Q1. What is the default network that Docker containers are connected to if no network is specified?
Select one answer before revealing.
Q2. What does `-p 8080:80` do when used with `docker run`?
Select one answer before revealing.
Q3. What command lists all Docker networks on the host?
Select one answer before revealing.
Q4. What is the advantage of user-defined bridge networks over the default bridge network?
Select one answer before revealing.
Q5. What happens when a container is started with `--network host`?
Select one answer before revealing.
Q6. What is the purpose of a veth (virtual Ethernet) pair in Docker networking?
Select one answer before revealing.
Q7. What does `docker run --network none alpine` do?
Select one answer before revealing.
Q8. How do you create a custom user-defined bridge network named "appnet"?
Select one answer before revealing.
Q9. A container is already running. How do you connect it to an additional network named "monitoring"?
Select one answer before revealing.
Q10. What is the Docker overlay network driver used for?
Select one answer before revealing.
Q11. Why can't two containers on the default bridge network resolve each other by name, but containers on a user-defined bridge can?
Select one answer before revealing.
Q12. What is the difference between EXPOSE in a Dockerfile and `-p` in `docker run`?
Select one answer before revealing.
Q13. Which of the following are built-in Docker network drivers? (Select all that apply — more than one answer may be correct.)
Select one answer before revealing.
Q14. Which of the following statements about Docker bridge networking are true? (Select all that apply — more than one answer may be correct.)
Select one answer before revealing.
Q15. How does Docker implement port publishing (`-p 8080:80`) at the Linux kernel level?
Select one answer before revealing.
Q16. A container needs to communicate with a service running on the Docker host itself (not in a container). What hostname should it use?
Select one answer before revealing.
Q17. What does `docker network inspect bridge` show?
Select one answer before revealing.
Q18. You bind `-p 127.0.0.1:8080:80` instead of `-p 8080:80`. What is the effect?
Select one answer before revealing.
Q19. What is the macvlan network driver used for in Docker?
Select one answer before revealing.
Q20. Which of the following are true about Docker overlay networks? (Select all that apply — more than one answer may be correct.)
Select one answer before revealing.
Q21. A container is running on the default bridge network. What is the default gateway IP it uses to reach external networks?
Select one answer before revealing.
Q22. Which of the following correctly describe Docker's container linking and why it is deprecated? (Select all that apply — more than one answer may be correct.)
Select one answer before revealing.
Q23. How can you set a custom DNS server (e.g., 8.8.8.8) for a specific container?
Select one answer before revealing.
Q24. A container running a web app needs to communicate with a container running a database. Both are on the same user-defined network "appnet". What is the correct way to reference the database container from the web app container?
Select one answer before revealing.
Q25. What is `docker network prune` used for?
Select one answer before revealing.
Q26. What happens to network traffic between two containers on the same user-defined bridge network? Does it go through the host's external network interface?
Select one answer before revealing.
Q27. You have three containers: `frontend`, `backend`, and `db`. `frontend` must reach `backend` but NOT `db`. `backend` must reach both `frontend` and `db`. How should the networks be designed?
Select one answer before revealing.