Introduction

When you run multiple containers, they need to talk to each other safely and without confusion. Custom networks let you control how containers connect and share data, avoiding conflicts and improving security.

When you want to isolate your app's containers from other containers on the same host.

When you need containers to communicate using easy-to-remember names instead of IP addresses.

When you want to control which containers can talk to each other to improve security.

When you run multiple projects on the same Docker host and want to keep their networks separate.

When you want to connect containers across multiple Docker hosts using overlay networks.

Commands

This command creates a new custom network named 'my-custom-network' so containers can join it and communicate securely.

Terminal

docker network create my-custom-network

Expected OutputExpected

a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6

Runs a container named 'app1' using the nginx image and connects it to the custom network for isolated communication.

Terminal

docker run -d --name app1 --network my-custom-network nginx

Expected OutputExpected

d1e2f3g4h5i6j7k8l9m0n1o2p3q4r5s6t7u8v9w0x1y2z3a4b5c6

→

--network - Connects the container to the specified custom network.

→

-d - Runs the container in detached mode (in the background).

Runs another container named 'app2' on the same custom network so it can communicate with 'app1' by name.

Terminal

docker run -d --name app2 --network my-custom-network nginx

Expected OutputExpected

e2f3g4h5i6j7k8l9m0n1o2p3q4r5s6t7u8v9w0x1y2z3a4b5c6d7

→

--network - Connects the container to the specified custom network.

→

-d - Runs the container in detached mode (in the background).

Shows details about the custom network, including which containers are connected and their IP addresses.

Terminal

docker network inspect my-custom-network

Expected OutputExpected

[ { "Name": "my-custom-network", "Id": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6", "Created": "2024-06-01T12:00:00.000000000Z", "Scope": "local", "Driver": "bridge", "Containers": { "d1e2f3g4h5i6j7k8l9m0n1o2p3q4r5s6t7u8v9w0x1y2z3a4b5c6": { "Name": "app1", "IPv4Address": "172.18.0.2/16" }, "e2f3g4h5i6j7k8l9m0n1o2p3q4r5s6t7u8v9w0x1y2z3a4b5c6d7": { "Name": "app2", "IPv4Address": "172.18.0.3/16" } } } ]

Runs a temporary container on the custom network to ping 'app1' by its container name, showing name-based communication works.

Terminal

docker run --rm --network my-custom-network busybox ping -c 3 app1

Expected OutputExpected

PING app1 (172.18.0.2): 56 data bytes 64 bytes from 172.18.0.2: seq=0 ttl=64 time=0.123 ms 64 bytes from 172.18.0.2: seq=1 ttl=64 time=0.110 ms 64 bytes from 172.18.0.2: seq=2 ttl=64 time=0.105 ms --- app1 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0.105/0.112/0.123 ms

→

--rm - Removes the container after it finishes running.

→

--network - Connects the container to the custom network.

Key Concept

If you remember nothing else from this pattern, remember: custom Docker networks let containers talk to each other safely and clearly by controlling who connects where.

Common Mistakes

Not specifying a network when running containers, so they end up on the default network and cannot communicate by name.

Containers on different networks or the default network cannot resolve each other's names, causing communication failures.

Always use the --network flag with your custom network name when running containers that need to talk to each other.

Trying to connect containers from different projects on the same default network, causing IP conflicts or accidental access.

The default network is shared and unmanaged, leading to conflicts and security risks.

Create separate custom networks for different projects to isolate their containers.

Summary

Create a custom Docker network to isolate and control container communication.

Run containers with the --network flag to connect them to the custom network.

Use docker network inspect to verify which containers are connected and their IPs.

Test container communication by pinging container names within the custom network.