Docker's networking capabilities rely on Linux kernel virtualization technologies, particularly network namespaces, virtual Ethernet devices, bridges, and iptables.
Network Namespace Isolation
Linux network namespaces provide isolated network protocol stacks, enabling different network environments on a single host. Each namespace maintains its own network devices, IP routing tables, firewall rules, and port bindings.
# Create isolated network namespaces
sudo ip netns add ns1
sudo ip netns add ns2
sudo ip netns list
# Remove a namespace
sudo ip netns del ns1
Virtual Ethernet Device Pairs
Veth pairs create point-to-point connections between network namespaces, fnuctioning like connected Ethernet interfaces.
# Enter first namespace and create veth pair
sudo ip netns exec ns1 bash
sudo ip link add veth1 type veth peer name veth2
# View created interfaces
ip link show
Connecting Network Namespaces
Configure Veth Interface Assignment
# Move second interface to target namespace
sudo ip link set veth2 netns ns2
# Configure IP addresses in respective namespaces
sudo ip netns exec ns1 ip addr add 192.168.1.10/24 dev veth1
sudo ip netns exec ns2 ip addr add 192.168.1.20/24 dev veth2
# Activate interfaces
sudo ip netns exec ns1 ip link set veth1 up
sudo ip netns exec ns2 ip link set veth2 up
Verify Connectivity
# Test connection between namespaces
sudo ip netns exec ns1 ping 192.168.1.20
Linux Bridge Implementation
Network bridges function as virtual switches, connecting multiple network interfaces and forwarding traffic based on MAC addresses.
Docker Bridge Management
# List available Docker networks
docker network ls
# Create custom bridge network
docker network create mybridge
# Connect container to network
docker network connect mybridge mycontainer
# Inspect network configuration
docker network inspect mybridge
# Remove unused networks
docker network prune
Docker Network Models
| Network Mode | Command Flag | Description |
|---|---|---|
| Host | --network=host | Shares host's network namespace |
| Container | --network=container:ID | Shares network with specified container |
| None | --network=none | No network configuration |
| Bridge | --network=bridge | Default bridge network (docker0) |
Host Mode Characteristics
Containers using host mode utilize the host's network stack directly, sharing IP addresses and ports without isolation.
Container Mode Networking
Multiple containers share the same network namespace, enablign direct communication through localhost.
Bridge Mode Operation
Docker's default bridge mode creates virtual interfaces connected to the docker0 bridge, with NAT handling external communication.
Network Component Functions
| Component | Function |
|---|---|
| Network Namespace | Isolates network resources and protocol stacks |
| Linux Bridge | Forwards data frames between connected interfaces |
| iptables | Provides NAT and network security rules |
| Veth Pair | Connects network namespaces with virtual interfaces |