Article Categories
- All Categories
-
Data Structure
-
Networking
-
RDBMS
-
Operating System
-
Java
-
MS Excel
-
iOS
-
HTML
-
CSS
-
Android
-
Python
-
C Programming
-
C++
-
C#
-
MongoDB
-
MySQL
-
Javascript
-
PHP
-
Economics & Finance
Docker host network vs bridge network
Docker provides two primary single-host networking modes: host and bridge networks. Single-host networks operate locally on each individual Docker host, providing different levels of network isolation and connectivity options.
In host networking, Docker containers share the host's network stack directly, eliminating network isolation between container and host. With bridge networking, containers run in an isolated network namespace and require explicit port mapping to communicate with external systems.
Host Network Mode
Host networking allows containers to use the host's network interface directly. This mode provides maximum performance but sacrifices network isolation.
Creating a Container with Host Network
First, list all available Docker networks:
sudo docker network ls
You'll see a network named "host" with driver "host" and local scope. Inspect this network:
sudo docker network inspect host
Create an nginx container using host networking:
sudo docker container run -d --network host --name nginx01 nginx:alpine
Notice that no port mapping (-p flag) is specified. Host network containers automatically use the host's network interface (eth0 on Linux systems).
Verify the container is accessible by checking its details:
sudo docker container ls
The PORTS column will be empty because host network containers don't use port mapping. The nginx service is directly accessible on the host's IP address at port 80.
Bridge Network Mode
Bridge networking creates an isolated network namespace for containers. External access requires explicit port mapping.
Container Without Port Mapping
Create an nginx container using bridge network without port mapping:
sudo docker run -d --network bridge --name nginx02 nginx:alpine
List containers to see the port configuration:
sudo docker container ls
The container shows "80/tcp" in the PORTS column but no external mapping. Get the container's internal IP:
sudo docker inspect nginx02
This internal IP is only accessible from within the Docker host's network, not externally.
Container With Port Mapping
Remove the previous container and create a new one with proper port mapping:
sudo docker stop nginx02 sudo docker container rm nginx02
Create the container with port mapping:
sudo docker container run -d --network bridge --name nginx02 -p 80:80 nginx:alpine
Now the container is accessible externally through the host's IP address on port 80. Verify the port mapping:
sudo docker container ls
The PORTS column now shows "0.0.0.0:80->80/tcp", indicating external port 80 maps to container port 80.
Comparison
| Feature | Host Network | Bridge Network |
|---|---|---|
| Network Isolation | None (shares host network) | Full isolation from host |
| Port Mapping | Not required | Required for external access |
| Performance | Maximum (no overhead) | Slight overhead due to NAT |
| Security | Lower (direct host access) | Higher (network isolation) |
| Port Conflicts | Possible with host services | Avoided through mapping |
Key Points
Host networking provides maximum performance but eliminates network isolation between container and host
Bridge networking offers better security through isolation but requires explicit port mapping for external access
Host network containers can conflict with host services running on the same ports
Bridge networks allow multiple containers to run the same internal port without conflicts
Conclusion
Host networking offers maximum performance by sharing the host's network stack directly, while bridge networking provides better isolation and security through separate network namespaces. Choose host networking for performance-critical applications and bridge networking for better security and port management.
6K+ Views
