Skip to main content
Docker simplifies container networking by providing built-in networks and easy-to-use commands for creating custom networks. Whether you need isolated environments or seamless inter-container communication, this guide covers everything from default networks to user-defined bridges, inspection commands, and internal mechanics.

Built-in Docker Networks

Docker creates three networks upon installation:
Network NameDescriptionTypical Use Case
bridgeDefault private internal network on the hostGeneral container communication
hostShares host’s network namespace—no isolationHigh-performance networking, host apps
noneNo network interfaces except loopbackSecurity-isolated or self-managed setups
You can attach containers to any network using the --network flag: 
docker run --network=<network_name> ubuntu

1. Bridge Network

The bridge network is Docker’s default. Each container on this network gets an internal IP (typically in 172.17.x.x). Containers on the same bridge can communicate directly.

Port Mapping

Expose container ports to the host with -p: 
docker run -d -p 8080:80 nginx
This maps port 80 in the container to port 8080 on your Docker host.
If you omit -d, the container runs in the foreground.

2. Host Network

Running with --network=host makes the container share your host’s network stack: 
docker run --network=host ubuntu
Key points:
  • No port mapping needed
  • Ports in the container are the same as on the host
  • Cannot run multiple containers on the same host port
Using the host network removes isolation. Only use this when you trust the container’s network behavior.

3. None Network

The none network disables all external interfaces, leaving only the loopback: 
docker run --network=none ubuntu
Use this for maximum network isolation when no connectivity is desired.

Creating a User-Defined Bridge Network

Custom bridge networks let you isolate groups of containers and define subnets: 
docker network create \
  --driver bridge \
  --subnet 182.18.0.0/16 \
  custom-isolated-network
List all available networks: 
docker network ls
Example output: 
NETWORK ID          NAME                         DRIVER    SCOPE
dba0fb9370fe        bridge                       bridge    local
4d60768bc9          custom-isolated-network      bridge    local
6de6865ce1c6        docker_gwbridge              bridge    local
e29d81be47          host                         host      local
mmrho7vb9rm         ingress                      overlay   swarm
d371b4009142        simplewebappdocker_default   bridge    local
The image illustrates a user-defined network setup with Docker containers, showing IP addresses and connections between them.

Inspecting a Container’s Network Settings

To retrieve a container’s IP address and network details: 
docker inspect <container_id_or_name>
Search for the NetworkSettings section in the JSON output: 
"NetworkSettings": {
  "Gateway": "172.17.0.1",
  "IPAddress": "172.17.0.6",
  "MacAddress": "02:42:ac:11:00:06",
  "Networks": {
    "bridge": {
      "Gateway": "172.17.0.1",
      "IPAddress": "172.17.0.6",
      "MacAddress": "02:42:ac:11:00:06"
    }
  }
}
Use jq to filter output:
docker inspect <id> | jq '.[0].NetworkSettings'

Name-Based Container Communication

Docker’s embedded DNS (at 127.0.0.11) lets containers resolve each other by name: 
mysql.connect(mysql)
Here, mysql refers to the target container’s name. No static IPs required.

Under the Hood: Namespaces & veth Pairs

Docker uses Linux network namespaces to isolate containers. Communication between a container and the host bridge relies on veth (virtual Ethernet) pairs:
  • One end lives in the container’s namespace
  • The other end attaches to the host bridge
This setup ensures both isolation and connectivity.

Watch Video