7.1 Network Concepts
A focused guide to Network Concepts, connecting core concepts with practical Docker and container operations.
Network concepts foundational to Docker networking include the network namespace each container receives, the virtual interfaces connecting that namespace to a Docker network, and the IP addressing scheme used to allow containers to communicate with each other and the outside world.
The Container's Own Network Namespace
Each container gets its own isolated network namespace by default, complete with its own network interfaces, routing table, and IP address, distinct from the host's own networking and from every other container's namespace.
docker run -d --name myapp alpine sleep 1000
docker exec myapp ip addr
This reveals the container's own network interfaces, entirely separate from the host's.
Virtual Ethernet Pairs Connecting Containers to a Network
Behind the scenes, a virtual ethernet (veth) pair connects a container's network namespace to the bridge network it's attached to, functioning conceptually like a virtual cable between the container and the broader network.
docker network inspect bridge
This reveals the network's configuration, including the range of IP addresses available for containers attached to it.
IP Address Assignment
Containers are typically assigned an IP address automatically from the network's configured address range when they connect to it.
docker inspect myapp --format '{{.NetworkSettings.IPAddress}}'
Why These Underlying Concepts Matter for Practical Use
While most everyday Docker usage doesn't require manipulating these underlying primitives directly, understanding that each container has its own genuinely isolated network namespace, connected through virtual interfaces, clarifies why containers behave the way they do — why they have their own IP addresses, why their own internal ports don't conflict with each other, and why explicit networking configuration is needed for them to communicate.
docker exec myapp ip route
Why Network Concepts Matter
A basic understanding of these foundational networking concepts — namespaces, virtual interfaces, IP assignment — provides the conceptual grounding needed to correctly reason about more advanced Docker networking topics, such as user-defined networks, port publishing, and multi-container communication patterns.