Docker Container Networking with --network

Q: Docker Container Networking with --network

## Container Communication with Docker Networks Docker provides built-in networking that allows containers to communicate with each other and the outside world. While the default bridge network works for basic use cases, user-defined bridge networks offer DNS resolution, better isolation, and easier management. ### Default Bridge Network Every Docker installation includes a default bridge network. Containers on this network can communicate by IP address but not by container name: bash docker

Learn how to connect Docker containers using custom networks. Understand bridge networks, DNS-based service discovery, network isolation, and how containers communicate securely.

Networking

Detailed Explanation

Container Communication with Docker Networks

Docker provides built-in networking that allows containers to communicate with each other and the outside world. While the default bridge network works for basic use cases, user-defined bridge networks offer DNS resolution, better isolation, and easier management.

Default Bridge Network

Every Docker installation includes a default bridge network. Containers on this network can communicate by IP address but not by container name:

docker run -d --name web nginx
docker run -d --name app my-app
# 'app' cannot reach 'web' by name on the default bridge

User-Defined Bridge Networks

Creating a custom network enables DNS-based name resolution between containers:

docker network create app-network

docker run -d --name db --network app-network postgres:16
docker run -d --name cache --network app-network redis:7
docker run -d --name api --network app-network my-api-image

Inside the api container, you can connect to PostgreSQL at db:5432 and Redis at cache:6379 -- no IP addresses needed.

Network Isolation

Containers on different networks cannot communicate with each other by default. This provides security isolation:

docker network create frontend-net
docker network create backend-net

docker run -d --name web --network frontend-net nginx
docker run -d --name api --network frontend-net --network backend-net my-api
docker run -d --name db --network backend-net postgres:16

In this setup:

web can reach api (both on frontend-net)
api can reach db (both on backend-net)
web cannot reach db (different networks, no shared network)

Connecting to Multiple Networks

A container can be connected to multiple networks. The docker run command supports one --network flag; additional networks are added after creation:

docker run -d --name api --network frontend-net my-api
docker network connect backend-net api

Network Drivers

Docker supports several network drivers:

Driver	Use Case
`bridge`	Single-host container communication (default)
`host`	Container uses host's network stack directly
`overlay`	Multi-host communication (Docker Swarm)
`macvlan`	Assign a MAC address; container appears as physical device
`none`	No networking at all

Host Network Mode

The host network mode removes network isolation entirely:

docker run -d --network host nginx

Nginx listens directly on the host's port 80. No port mapping is needed, but you lose the isolation benefits.

Best Practices

Always use user-defined networks instead of the default bridge for multi-container applications.
Use network segmentation to limit which containers can communicate.
Avoid --network host in production unless you have a specific performance requirement.
Name your networks descriptively (app-backend, monitoring, data-tier).

Use Case

Architecting a microservices application where a frontend proxy, API server, and database each run in separate containers but need controlled communication channels with proper network isolation.

Try It — Docker Run Command Builder

Open full tool →