This article explains four basic types of Docker network, it does not explain Docker network using tunneling technology. All of the four types are discussed on a single host.

Prerequisites

• CentOS Linux release 7.2.1511 (Core)
• Docker Client/Server

Bridge Mode Networking

When docker daemon bootstrapped, a virtual bridge called docker0 will be created, and all the nic created in containers will connect to this bridge. It is working in layer2. IP address will be allocated in a subnet of docker0, and the gateway is docker0. Virtual nic pair will be created, in container side it is eth0, in host side it is vethxxx (naming like this), vethxxx will be added to docker0 bridge afterwards. If you use "docker run -p" to do port mapping, iptables rules will be created to do port mapping work between container and host.

docker run -tid --net=bridge --name docker_bri1 ubuntu

docker run -tid --net=bridge --name docker_bri2 ubuntu

docker exec -ti docker_bri1 /bin/bash

docker exec -ti docker_bri2 /bin/bash

apt-get update

apt-get install -y net-tools

ifconfig -a

route -n

Host Mode Networking

When create and bootstrap container using host mode, this container will not have a unique network namespace, but share network namespace with the host. No virtual nic would be created and no IP address will be allocated. But filesystem, proc information is isolated from the host.

docker run -tid --net=host --name docker_host1 ubuntu

docker run -tid --net=host --name docker_host2 ubuntu

docker exec -ti docker_host1 /bin/bash

docker exec -ti docker_host /bin/bash

apt-get update

apt-get install -y net-tools

ifconfig -a

route -n

Container Mode Networking

In this mode, the newly created container will share the same network namespace with an existing container. New container will not create its own nic and allocate new IP, it shares IP address and port with the existing container. And the same, except network, filesystem and proc information are isolated. This mod is very like Kubernetes' pod infrastructure.

docker run -tid --net=container:docker_bri1 --name docker_con1 ubuntu

docker exec -ti docker_bri1 /bin/bash

docker exec -ti docker_con1 /bin/bash

apt-get update

apt-get install -y net-tools

ifconfig -a

route -n

None Mode

In this mode, docker container has its own network namespace, but no network configuration would be done for it, which means docker has no nic, IP address, routing information. We could add them once we are going to do it.