DevToolbox

Docker Networking: Default CIDR Blocks and Configuration

Understand Docker's default network CIDR ranges. Learn about bridge networks, overlay networks, and how to customize Docker subnet allocations safely.

172.17.0.0/16Cloud

Detailed Explanation

Docker Networking CIDR

Docker automatically creates networks with CIDR blocks from the private IP ranges. Understanding these defaults is essential for avoiding conflicts with your existing infrastructure.

Docker Default Networks

When Docker is installed, it creates three default networks:

Network Driver CIDR
bridge bridge 172.17.0.0/16
host host (uses host IP)
none null (no networking)

The default bridge network uses 172.17.0.0/16, with the Docker host at 172.17.0.1 and containers receiving sequential addresses starting at 172.17.0.2.

Custom Bridge Networks

When you create custom networks with docker network create, Docker allocates subnets from its address pool. By default, this pool covers:

172.17.0.0/16 through 172.31.0.0/16  (bridge networks)
10.0.0.0/8                            (overlay networks)

Each new bridge network typically gets a /20 subnet (4,094 usable addresses) by default.

Customizing the CIDR

You can specify a custom subnet when creating a network:

docker network create --subnet=192.168.100.0/24 my-network

Or configure the default address pool globally in /etc/docker/daemon.json:

{
  "default-address-pools": [
    {"base": "10.10.0.0/16", "size": 24}
  ]
}

Common Conflicts

Docker's default 172.17.0.0/16 range can conflict with:

  • Corporate networks using the 172.16.0.0/12 private range
  • VPN connections that assign addresses from the same range
  • Other container runtimes (Kubernetes, Podman) on the same host

Docker Compose Networks

In Docker Compose, each project creates its own bridge network. Without explicit configuration, these consume subnets from the default pool. In production, always specify subnets explicitly:

networks:
  backend:
    ipam:
      config:
        - subnet: 10.100.0.0/24

Best Practices

  1. Audit your address space before deploying Docker in enterprise environments
  2. Customize the address pool to avoid overlaps with existing networks
  3. Use explicit subnets in production Docker Compose files
  4. Document allocations so network and container teams do not collide

Use Case

A developer customizes Docker's default address pool to 10.10.0.0/16 to avoid conflicts with the corporate VPN that uses the 172.16.0.0/12 range.

Try It — Subnet Calculator

Open full tool

Related Topics

Private IP Ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16

10.0.0.0/8 · IPv4

AWS VPC CIDR Blocks: Choosing the Right Subnet Size

10.0.0.0/16 · Cloud

/8 Subnet (255.0.0.0)

10.0.0.0/8 · IPv4

NAT and Subnets: How Network Address Translation Works

192.168.0.0/16 · Concept

/16 Subnet (255.255.0.0)

172.16.0.0/16 · IPv4

CIDR Notation Explained: How IP Addressing Works

10.0.0.0/16 · Concept