Docker Network Overlay vs Bridge – Ultimate Difference

Estimated reading time: 5 minutes

Last updated on October 25th, 2024 at 02:19 pm

Docker provides various network drivers but let’s explore the difference and when to use “Docker Network Overlay vs Bridge

Docker allows us to run an application in a single unit called Docker Containers. Containers include all application dependencies to run.

Docker Networking is an important component for the Docker ecosystem to communicate between the container and the internet.

What Is a Docker Network?

Docker network provides the ability to connect and communicate the container with each other and the internet.

When you create the Docker container, networking is enabled by default, which means your container can communicate with other containers and to the internet without extra settings.

Why does everything work out of the box?

Docker Networking provides the core network component needed such as a network with an IP Address, Gateway, Routing, DNS Service, and other networking stuff. Docker provides various networking drivers apart from default for various use cases.

Let’s explore in detail the Docker network Overlay and Bridge.

DevOps Efficiency Hacks in Your Inbox! 📩

Stop wasting time searching. Get weekly tips & tutorials to streamline your DevOps workflow.

Subscribe Now!

Docker Network Overlay vs Bridge

Docker networking is very flexible and provides plug-and-play driver support.

Bridge Network

A bridge network is the default network driver, when you don’t mention anything while creating a container, this network is used.

When you start the Docker, it creates the default network called bridge, all the containers started without a specific network connected to this one.

It’s a software bridge created by Docker, to communicate between the containers on the same bridge network and isolate from non-connected containers.

A Bridge Network is most commonly used to enable communication with other containers on the same host.

docker network bridge vs overlay - bridge network
Docker Network Bridge vs Overlay – Bridge Network

The above figure connects the Host Network and Docker Network with the bridge. The bridge is a single aggregated unit that connects two different networks and works as a single unit.

You can create a bridge between networks on the same host to provide the connection. ( eg: Bridge for the Docker Network and Bridge for the Hypervisor or VM Network )

Let’s check with an example by creating the Docker container:

Bash
docker run --name busybox-default busybox

Once the container is running, inspect the bridge network

Bash
# Inspect Network
docker network inspect bridge
JSON
{
  "Containers": {
    "235a2716d018c6fe4e9f93a81d88aca5a3437f0084ddb170v707662818e6d2f54": {
      "Name": "bridge",
      "EndpointID": "beffdb1f1194f60d449f45b87fdbdd1d821db3ee1d8e67c699ff4cf2b00d50f8",
      "MacAddress": "01:32:bc:12:00:07",
      "IPv4Address": "172.17.0.2/16",
      "IPv6Address": ""
    }
  }
}

You can see that the container is connected to the default network and the IP address is automatically assigned. By this point, your container has full network connectivity without extra configuration.

Bash
# Connect google.com to check network connectivity
/ ping google.com

PING google.com (172.253.115.101): 56 data bytes
64 bytes from 172.253.115.101: seq=0 ttl=54 time=2.038 ms
64 bytes from 172.253.115.101: seq=1 ttl=54 time=1.949 ms
64 bytes from 172.253.115.101: seq=2 ttl=54 time=1.852 ms
64 bytes from 172.253.115.101: seq=3 ttl=54 time=1.914 ms

--- google.com ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 1.852/1.938/2.038 ms

Overlay Network

An overlay network provides connectivity when you have multiple Docker hosts running. Bridge network only works on the same host but in production, we run a Docker container in multiple hosts using Docker Swarm.

How can we connect the Docker container across the multiple Docker hosts?

An Overlay network solves the issue by connecting multiple Docker daemon and acting as a single distributed network. You can create an overlay network that creates a private internal network in all Docker hosts connecting to Docker Swarm.

docker network bridge vs overlay - overlay network
Docker Network Bridge vs Overlay – Overlay Network

The above figure connects two different Docker Hosts over an external network, on top of that there’s an overlay network. This creates a distributed and virtual network between them.

Let’s create an overlay network:

Bash
docker network create -d overlay --attachable distributed-overlay

here --attachable is an important flag you need to pass, or you can’t attach the containers.

Once the network is created, you can run and attach the container to this network:

Bash
docker run --network distributed-overlay --name busybox-overlay busybox

Docker Network Overlay vs Bridge: Difference

Let’s compare the Docker Network Overlay vs Bridge in detail:

FeatureBridge NetworkOverlay Network
Basic FunctionalityConnects containers on the same hostConnects containers across multiple Docker daemon hosts
IsolationProvides isolation for containers on the same network same hostProvides isolation for containers across hosts
NetworkDefault network created automatically on Docker startMust be explicitly created using docker network create
User-Defined NetworksSupports user-defined custom bridge networksSupports user-defined overlay networks
IPv6 SupportCan enable IPv6 support with the –ipv6 flagSupports IPv6 with additional configuration
CommunicationContainers communicate with an IP address by defaultContainers are discoverable through DNS lookup
Max ContainersLinux kernel limitation: 1000 containers onlyLinux kernel limitation: 1000 containers only
Security FeaturesLimited security featuresSupports IPsec encryption for secure communication
Communication Across HostsNot designed for communication across hosts Secure communication across multiple hosts
Swarm DependencyWorks independently of Docker SwarmSwarm services or containers in Swarm mode.
Port RequirementsNo specific port requirements for container communicationRequires specific ports (2377/tcp, 4789/udp, 7946/tcp, 7946/udp) for Swarm and overlay communication
ManagementSimple configuration and managementRequires additional configuration on multiple hosts
Use Casessingle-host setups or basic container communication in local developmentMulti-host setups, especially in Swarm mode
Docker Network Overlay vs Bridge

Level Up Your DevOps Skills! 📈

Get Weekly Tips, Tutorials & Master the Latest Trends – Subscribe Now!

Subscribe Now!

Conclusion

We learn about the Docker network and how it isolates containers from the host network. Docker provides out-of-the-box networking functionality. Docker network overlay and bridge is not the only available network driver but it’s a commonly used one.

We learn about the Bridge network and Overlay network in detail with examples and lastly, we learn about the difference between Docker Network Overlay vs Bridge in depth.

If you’re looking for how to make your Docker container secure, check out the Docker Container Security Cheatsheet and don’t get hacked🔐

Kashyap Merai
Kashyap Merai

Kashyap Merai, a Certified Solution Architect and Public Cloud Specialist with over 7 years in IT. He helped startups in Real Estate, Media Streaming, and On-Demand industries launch successful public cloud projects.

Passionate about Space, Science, and Computers, He also mentors aspiring cloud engineers, shaping the industry's future.

Connect with him on LinkedIn to stay updated on cloud innovations.