Bridge vs Host vs Overlay Network in Docker: Key Differences and Usage
bridge network connects containers on the same host with isolated networking, host network shares the host's network stack for high performance, and overlay network enables container communication across multiple Docker hosts in a cluster.Quick Comparison
Here is a quick comparison of the three Docker network types based on key factors.
| Factor | Bridge Network | Host Network | Overlay Network |
|---|---|---|---|
| Scope | Single Docker host | Single Docker host | Multiple Docker hosts (cluster) |
| Isolation | Isolated network namespace | No isolation, shares host network | Isolated across hosts with VXLAN |
| Use Case | Default for container communication on one host | High performance, no network isolation | Multi-host container communication in swarm or Kubernetes |
| Performance | Moderate, uses NAT | High, no NAT or routing overhead | Moderate, encapsulates traffic across hosts |
| IP Addressing | Docker-assigned private IPs | Uses host IP and ports | Docker-assigned IPs across hosts |
| Setup Complexity | Simple, default network | Simple, no extra setup | Complex, requires cluster setup |
Key Differences
The bridge network is Docker's default network type. It creates a private internal network on a single host where containers get their own IP addresses and communicate through a virtual bridge. This network isolates container traffic from the host and other networks, using NAT (Network Address Translation) to route traffic outside.
The host network mode removes network isolation between the container and the Docker host. Containers share the host's network stack directly, meaning they use the host's IP address and ports. This mode offers better performance but sacrifices container network isolation, so port conflicts can occur.
The overlay network is designed for multi-host container communication. It creates a virtual network that spans multiple Docker hosts, allowing containers on different machines to communicate securely. Overlay networks use VXLAN encapsulation to tunnel traffic between hosts, commonly used in Docker Swarm or Kubernetes clusters.
Code Comparison
Here is how to run a simple container attached to a bridge network and check its IP address.
docker network create my-bridge-network
docker run -d --name bridge-container --network my-bridge-network nginx
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' bridge-containerHost Network Equivalent
Here is how to run the same container using the host network mode and check its IP address.
docker run -d --name host-container --network host nginx
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' host-containerWhen to Use Which
Choose bridge network when you want isolated container communication on a single host with default settings and easy setup.
Choose host network when you need maximum network performance and can manage port conflicts, typically for trusted containers or network-intensive apps.
Choose overlay network when running containers across multiple hosts in a cluster and need secure, scalable multi-host networking.