Estimated reading time: 5 minutes
Last updated on October 25th, 2024 at 02:19 pm
Docker provides various network drivers but let’s explore the difference and when to use “Docker Network Overlay vs Bridge“
Docker allows us to run an application in a single unit called Docker Containers. Containers include all application dependencies to run.
Docker Networking is an important component for the Docker ecosystem to communicate between the container and the internet.
Table of Contents
What Is a Docker Network?
Docker network provides the ability to connect and communicate the container with each other and the internet.
When you create the Docker container, networking is enabled by default, which means your container can communicate with other containers and to the internet without extra settings.
Why does everything work out of the box?
Docker Networking provides the core network component needed such as a network with an IP Address, Gateway, Routing, DNS Service, and other networking stuff. Docker provides various networking drivers apart from default for various use cases.
Let’s explore in detail the Docker network Overlay and Bridge.
DevOps Efficiency Hacks in Your Inbox! 📩
Stop wasting time searching. Get weekly tips & tutorials to streamline your DevOps workflow.
Docker Network Overlay vs Bridge
Docker networking is very flexible and provides plug-and-play driver support.
Bridge Network
A bridge network is the default network driver, when you don’t mention anything while creating a container, this network is used.
When you start the Docker, it creates the default network called bridge
, all the containers started without a specific network connected to this one.
It’s a software bridge created by Docker, to communicate between the containers on the same bridge network and isolate from non-connected containers.
A Bridge Network is most commonly used to enable communication with other containers on the same host.
The above figure connects the Host Network and Docker Network with the bridge. The bridge is a single aggregated unit that connects two different networks and works as a single unit.
You can create a bridge between networks on the same host to provide the connection. ( eg: Bridge for the Docker Network and Bridge for the Hypervisor or VM Network )
Let’s check with an example by creating the Docker container:
docker run --name busybox-default busybox
Once the container is running, inspect the bridge network
# Inspect Network
docker network inspect bridge
{
"Containers": {
"235a2716d018c6fe4e9f93a81d88aca5a3437f0084ddb170v707662818e6d2f54": {
"Name": "bridge",
"EndpointID": "beffdb1f1194f60d449f45b87fdbdd1d821db3ee1d8e67c699ff4cf2b00d50f8",
"MacAddress": "01:32:bc:12:00:07",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
}
}
You can see that the container is connected to the default network and the IP address is automatically assigned. By this point, your container has full network connectivity without extra configuration.
# Connect google.com to check network connectivity
/ ping google.com
PING google.com (172.253.115.101): 56 data bytes
64 bytes from 172.253.115.101: seq=0 ttl=54 time=2.038 ms
64 bytes from 172.253.115.101: seq=1 ttl=54 time=1.949 ms
64 bytes from 172.253.115.101: seq=2 ttl=54 time=1.852 ms
64 bytes from 172.253.115.101: seq=3 ttl=54 time=1.914 ms
--- google.com ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 1.852/1.938/2.038 ms
Overlay Network
An overlay network provides connectivity when you have multiple Docker hosts running. Bridge network only works on the same host but in production, we run a Docker container in multiple hosts using Docker Swarm.
How can we connect the Docker container across the multiple Docker hosts?
An Overlay network solves the issue by connecting multiple Docker daemon and acting as a single distributed network. You can create an overlay network that creates a private internal network in all Docker hosts connecting to Docker Swarm.
The above figure connects two different Docker Hosts over an external network, on top of that there’s an overlay network. This creates a distributed and virtual network between them.
Let’s create an overlay network:
docker network create -d overlay --attachable distributed-overlay
here --attachable
is an important flag you need to pass, or you can’t attach the containers.
Once the network is created, you can run and attach the container to this network:
docker run --network distributed-overlay --name busybox-overlay busybox
Docker Network Overlay vs Bridge: Difference
Let’s compare the Docker Network Overlay vs Bridge in detail:
Feature | Bridge Network | Overlay Network |
---|---|---|
Basic Functionality | Connects containers on the same host | Connects containers across multiple Docker daemon hosts |
Isolation | Provides isolation for containers on the same network same host | Provides isolation for containers across hosts |
Network | Default network created automatically on Docker start | Must be explicitly created using docker network create |
User-Defined Networks | Supports user-defined custom bridge networks | Supports user-defined overlay networks |
IPv6 Support | Can enable IPv6 support with the –ipv6 flag | Supports IPv6 with additional configuration |
Communication | Containers communicate with an IP address by default | Containers are discoverable through DNS lookup |
Max Containers | Linux kernel limitation: 1000 containers only | Linux kernel limitation: 1000 containers only |
Security Features | Limited security features | Supports IPsec encryption for secure communication |
Communication Across Hosts | Not designed for communication across hosts | Secure communication across multiple hosts |
Swarm Dependency | Works independently of Docker Swarm | Swarm services or containers in Swarm mode. |
Port Requirements | No specific port requirements for container communication | Requires specific ports (2377/tcp, 4789/udp, 7946/tcp, 7946/udp) for Swarm and overlay communication |
Management | Simple configuration and management | Requires additional configuration on multiple hosts |
Use Cases | single-host setups or basic container communication in local development | Multi-host setups, especially in Swarm mode |
Level Up Your DevOps Skills! 📈
Get Weekly Tips, Tutorials & Master the Latest Trends – Subscribe Now!
Conclusion
We learn about the Docker network and how it isolates containers from the host network. Docker provides out-of-the-box networking functionality. Docker network overlay and bridge is not the only available network driver but it’s a commonly used one.
We learn about the Bridge network and Overlay network in detail with examples and lastly, we learn about the difference between Docker Network Overlay vs Bridge in depth.
If you’re looking for how to make your Docker container secure, check out the Docker Container Security Cheatsheet and don’t get hacked🔐