Use bridge networks
In terms of networking, a bridge network is a Link Layer device which forwards traffic between network segments. A bridge can be a hardware device or a software device running within a host machine’s kernel.
In terms of Docker, a bridge network uses a software bridge which allows containers connected to the same bridge network to communicate, while providing isolation from containers which are not connected to that bridge network. The Docker bridge driver automatically installs rules in the host machine so that containers on different bridge networks cannot communicate directly with each other.
Bridge networks apply to containers running on the same Docker daemon host. For communication among containers running on different Docker daemon hosts, you can either manage routing at the OS level, or you can use an overlay network .
When you start Docker, a default bridge network (also called bridge ) is created automatically, and newly-started containers connect to it unless otherwise specified. You can also create user-defined custom bridge networks. User-defined bridge networks are superior to the default bridge network.
- Differences between user-defined bridges and the default bridge
User-defined bridges provide automatic DNS resolution between containers .
Containers on the default bridge network can only access each other by IP addresses, unless you use the --link option , which is considered legacy. On a user-defined bridge network, containers can resolve each other by name or alias.
Imagine an application with a web front-end and a database back-end. If you call your containers web and db , the web container can connect to the db container at db , no matter which Docker host the application stack is running on.
If you run the same application stack on the default bridge network, you need to manually create links between the containers (using the legacy --link flag). These links need to be created in both directions, so you can see this gets complex with more than two containers which need to communicate. Alternatively, you can manipulate the /etc/hosts files within the containers, but this creates problems that are difficult to debug.
User-defined bridges provide better isolation .
All containers without a --network specified, are attached to the default bridge network. This can be a risk, as unrelated stacks/services/containers are then able to communicate.
Using a user-defined network provides a scoped network in which only containers attached to that network are able to communicate.
Containers can be attached and detached from user-defined networks on the fly .
During a container’s lifetime, you can connect or disconnect it from user-defined networks on the fly. To remove a container from the default bridge network, you need to stop the container and recreate it with different network options.
Each user-defined network creates a configurable bridge .
If your containers use the default bridge network, you can configure it, but all the containers use the same settings, such as MTU and iptables rules. In addition, configuring the default bridge network happens outside of Docker itself, and requires a restart of Docker.
User-defined bridge networks are created and configured using docker network create . If different groups of applications have different network requirements, you can configure each user-defined bridge separately, as you create it.
Linked containers on the default bridge network share environment variables .
Originally, the only way to share environment variables between two containers was to link them using the --link flag . This type of variable sharing is not possible with user-defined networks. However, there are superior ways to share environment variables. A few ideas:
Multiple containers can mount a file or directory containing the shared information, using a Docker volume.
Multiple containers can be started together using docker-compose and the compose file can define the shared variables.
You can use swarm services instead of standalone containers, and take advantage of shared secrets and configs .
Containers connected to the same user-defined bridge network effectively expose all ports to each other. For a port to be accessible to containers or non-Docker hosts on different networks, that port must be published using the -p or --publish flag.
- Manage a user-defined bridge
Use the docker network create command to create a user-defined bridge network.
You can specify the subnet, the IP address range, the gateway, and other options. See the docker network create reference or the output of docker network create --help for details.
Use the docker network rm command to remove a user-defined bridge network. If containers are currently connected to the network, disconnect them first.
What’s really happening? When you create or remove a user-defined bridge or connect or disconnect a container from a user-defined bridge, Docker uses tools specific to the operating system to manage the underlying network infrastructure (such as adding or removing bridge devices or configuring iptables rules on Linux). These details should be considered implementation details. Let Docker manage your user-defined networks for you.
- Connect a container to a user-defined bridge
When you create a new container, you can specify one or more --network flags. This example connects a Nginx container to the my-net network. It also publishes port 80 in the container to port 8080 on the Docker host, so external clients can access that port. Any other container connected to the my-net network has access to all ports on the my-nginx container, and vice versa.
To connect a running container to an existing user-defined bridge, use the docker network connect command. The following command connects an already-running my-nginx container to an already-existing my-net network:
- Disconnect a container from a user-defined bridge
To disconnect a running container from a user-defined bridge, use the docker network disconnect command. The following command disconnects the my-nginx container from the my-net network.
If you need IPv6 support for Docker containers, you need to enable the option on the Docker daemon and reload its configuration, before creating any IPv6 networks or assigning containers IPv6 addresses.
When you create your network, you can specify the --ipv6 flag to enable IPv6. You can’t selectively disable IPv6 support on the default bridge network.
- Enable forwarding from Docker containers to the outside world
By default, traffic from containers connected to the default bridge network is not forwarded to the outside world. To enable forwarding, you need to change two settings. These are not Docker commands and they affect the Docker host’s kernel.
Configure the Linux kernel to allow IP forwarding.
Change the policy for the iptables FORWARD policy from DROP to ACCEPT .
These settings do not persist across a reboot, so you may need to add them to a start-up script.
Use the default bridge network
The default bridge network is considered a legacy detail of Docker and is not recommended for production use. Configuring it is a manual operation, and it has technical shortcomings .
- Connect a container to the default bridge network
If you do not specify a network using the --network flag, and you do specify a network driver, your container is connected to the default bridge network by default. Containers connected to the default bridge network can communicate, but only by IP address, unless they are linked using the legacy --link flag .
- Configure the default bridge network
To configure the default bridge network, you specify options in daemon.json . Here is an example daemon.json with several options specified. Only specify the settings you need to customize.
Restart Docker for the changes to take effect.
- Use IPv6 with the default bridge network
If you configure Docker for IPv6 support (see Use IPv6 ), the default bridge network is also configured for IPv6 automatically. Unlike user-defined bridges, you can’t selectively disable IPv6 on the default bridge.
- Go through the standalone networking tutorial
- Learn about networking from the container’s point of view
- Learn about overlay networks
- Learn about Macvlan networks
- 8 minute read
- Edit this page
- Request changes
- Buying Guides
Complete Guides by How-To Geek
Our Latest Product Roundups
Reader favorites, more from how-to geek, latest geek news.
Across lifesavvy media.
Join 425,000 subscribers and get a daily digest of news, geek trivia, and our feature articles.
How to Assign a Static IP to a Docker Container
Anthony Heddings is the resident cloud engineer for LifeSavvy Media, a technical writer, programmer, and an expert at Amazon's AWS platform. He's written hundreds of articles for How-To Geek and CloudSavvy IT that have been read millions of times. Read more...
Static IP addresses don’t change when containers or services are stopped and started, making them useful for permanent networking. Assigning Docker containers static IP addresses is an easy way to make them more accessible.
Why Use a Static IP?
There are two kinds of “static IP”; private IP addresses used for internal networking inside a server, and public IP addresses used to connect outside the server, often over the internet.
If you need to set up a public IP address for a container, you’ll want to use port bindings. You can “publish” ports on the Docker container to be accessible from the host. While there are more advanced networking setups, this is by far the easiest and most common. For example, binding port 80 (HTTP) on the host to point to an NGINX container:
If you want to make a static private IP address, you should consider if you need to use one at all. Most of the time, you’ll want a static IP to talk to one container from another, or from the host. In most cases, Docker’s built in networking can handle this.
Docker comes with a default network, but if you make your own, you can give containers aliases when launched in that network. This alias will resolve to the container’s private IP automatically. For example, the NGINX container here can access the MongoDB instance with the connection string mongodb://mongohost:27017 .
To learn more, you can read Docker’s documentation on user-defined bridge networks .
However, there are still plenty of times when you’ll want to manually specify a private IP address, such as accessing containers directly from the host. You’ll still need to use a custom Docker network to do so, but it’s easy to set up.
Setting Up Static IPs
First, you’ll need to set up a Docker network, and since we care about the IP address, you’ll need to specify a fixed subnet:
RELATED: What are Subnets, and How Do They Affect My Network?
Then, you can run a container, specifying the network with the --net flag, and specifying the IP with the -ip flag:
You caan verify the address is correct by checking it in container with exec -t bin/bash , or by inspecting the Docker container list:
Using Docker Compose
Docker Compose is a tool used to launch multiple containers with predefined settings. This includes setting up networks with specific subnets, and you can attach containers to networks with fixed IPs using the ipv4_address config block shown here:
- › What It’s Like Using a Gaming Laptop as Your ONLY Gaming PC
- › 5 Google Maps Scams (And How to Avoid Them)
- › 10 Google Translate Features You Should Be Using
- › How Long Do SD Cards Last?
- › Can ChatGPT Write Essays: Is Using AI to Write Essays a Good Idea?
- › The Best DDR4 RAM of 2023
Docker Community Forums
Share and learn in the Docker community.
- Primary Action
- Another Action
Docker. Assign IP from the same range as Host
I am playing with docker. Now I want to assign IP to container from the same IPs range as my host OS has.
My Host has IP address 192.168.1.50 (192.168.1.0/24 network). And I want to use for example 192.168.1.51 from the same network for Docker container.
For this I`ve installed bridge-utils (I am using Ubuntu 14.04) and reconfigured my interfaces:
Now I have such configuration:
How to create every new dockers with IPs from the same IP-range 192.168.1.0/24 as Host machine? How to specify for every new docker container to use br0 interface?
Tried this doc https://docs.docker.com/articles/networking/#bridge-building but w/o success. My host vm interfaces after trying this https://docs.docker.com/articles/networking/#bridge-building (I`ve renamed br0 to bridge0):
Docker default settings:
Settings in docker container:
Thank you in advance.
I just successfully ran through/tested the steps for creating a custom bridge on a new Ubuntu install: https://docs.docker.com/articles/networking/#bridge-building
As far as specifying an IP when you launch a container, there is a current Github request open that you’ll want to keep an eye on: https://github.com/docker/docker/issues/6743
Do you use the same ip range as host machine?
But anyway there is no benefits to use such schemes in cases when you cant set direct Ip to container.
I am very new to docker, so sorry for newbie questions. OS is centos7 and im running docker for this one https://hub.docker.com/r/telegrammessenger/proxy/ I need to run different proxy containers with different ips
If I boot up the same project on a different machine (Same project, same docker version, same OS 10.13.6) it gets assigned a 172.* IP. Also other projects on the same machine work as expected and do not have this problem
We want to assign static ip to docker container image which is IBM planning analytics however unable to create network
Hello guys, I'm trying to assign static IP addresses to my docker containers in my macvlan network because every time I restart the docker instance (e.g for an update) o I restart the containers in that network
Assigning Docker containers static IP addresses is an easy way to make them more accessible. First, you'll need to set up a Docker network, and since we care about the IP address, you'll need to specify a fixed subnet
Learn how Docker manages IP allocation and how to add a static address to a container. When we run a Docker container, it connects with a virtual network using an IP address. Docker first assigns an IP to each container
Now I want to assign IP to container from the same IPs range as my host OS has. My Host has IP address 192.168.1.50 (192.168.1.0/24 network)
I'm now trying to assign a static IP 172.17.0.1 when a Docker container be started up. This command will run a Docker container with a random IP like 172.17.0.5, but I need to assign a specific IP to the container