Docker network mode


When using docker run to create a docker container, we can use the — net option to specify the network mode of the container. Docker has the following four network modes:

  • Host mode, specified with — net = host.
  • Container mode, using — net = container: name\_ or\_ ID assignment.
  • None mode, specified with — net = none.
  • Bridge mode, specified with — net = bridge, default setting.

The following describes the various network modes of docker.

1.1 host mode

As we all know, docker uses Linux namespaces technology to isolate resources, such as PID namespace to isolate processes, Mount namespace to isolate file systems, network namespace to isolate networks, etc. A network namespace provides an independent network environment, including network card, routing and IPtable rules, which are isolated from other network namespaces. A docker container is usually assigned an independent network namespace. However, if the host mode is used when starting the container, the container will not obtain an independent network namespace, but share a network namespace with the host. The container will not virtualize its own network card, configure its own IP, etc., but use the IP and port of the host.

For example, on the machine, we use the host mode to start a docker container containing web applications and listen to the tcp80 port. When we execute any ifconfig like command in the container to view the network environment, we see the information on the host. For external access to applications in the container, you can directly use without any NAT conversion, just like running directly in the host. However, other aspects of the container, such as file system, process list, etc., are still isolated from the host.

1.2 container mode

After understanding the host pattern, this pattern is easy to understand. This pattern specifies that the newly created container shares a network namespace with an existing container, rather than with the host. The newly created container will not create its own network card and configure its own IP, but share IP and port range with a specified container. Similarly, in addition to the network, the two containers are isolated from each other, such as file system and process list. The processes of the two containers can communicate through Lo network card devices.

1.3 none mode

This pattern is different from the first two. In this mode, the docker container has its own network namespace, but no network configuration is performed for the docker container. In other words, the docker container has no network card, IP, routing and other information. We need to add network card and configure IP for docker container.

1.4 bridge mode

Bridge mode is the default network setting of docker. This mode will assign network namespace, set IP, etc. to each container, and connect the docker container on a host to a virtual bridge. This mode is highlighted below.