Bird
Raised Fist0
Microservicessystem_design~7 mins

Container networking in Microservices - System Design Guide

Choose your learning style10 modes available
LearnWhyDeepArchPracticeChallengeDesignRecallScale

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Problem Statement
When multiple containers run on the same or different hosts, they need to communicate reliably. Without proper networking, containers cannot discover each other or exchange data, causing service failures and poor scalability.
Solution
Container networking creates virtual networks that connect containers across hosts. It assigns IP addresses and manages routing so containers can find and talk to each other securely and efficiently, as if they were on the same local network.
Architecture
Container A
Virtual Net
Host 1 NIC
Overlay Net

This diagram shows containers on different hosts connected via virtual and overlay networks, enabling cross-host container communication.

Trade-offs
✓ Pros
Enables seamless communication between containers across hosts.
Supports service discovery and dynamic scaling of microservices.
Isolates container traffic for security and performance.
Works with orchestration tools like Kubernetes for automated network management.
✗ Cons
Adds network complexity and overhead compared to host networking.
May introduce latency due to encapsulation in overlay networks.
Requires careful configuration to avoid IP conflicts and ensure security.
Use container networking when running multiple containers that must communicate across hosts, especially in microservices architectures with dynamic scaling and orchestration.
Avoid complex container networking if all containers run on a single host with simple communication needs or when network overhead impacts latency-sensitive applications.
Real World Examples
Netflix
Uses container networking with overlay networks to connect microservices deployed across multiple hosts for reliable streaming service delivery.
Uber
Employs container networking to enable communication between microservices in their dynamic ride-hailing platform, ensuring scalability and fault isolation.
Google
Kubernetes, developed by Google, uses container networking to manage pod communication across clusters with network plugins like Calico and Flannel.
Alternatives
Host networking
Containers share the host's network stack directly without virtual networks.
Use when: Use when containers require very low latency and run on the same host.
Service mesh
Adds a dedicated infrastructure layer for service-to-service communication with advanced features like retries and telemetry.
Use when: Choose when you need fine-grained control over microservice communication beyond basic networking.
Summary
Container networking connects containers across hosts using virtual networks for reliable communication.
It supports dynamic microservices architectures by enabling service discovery and isolation.
Choosing the right networking approach depends on scale, latency needs, and security requirements.

Practice

(1/5)
1. What is the main purpose of container networking in microservices?
easy
A. To allow containers to communicate with each other
B. To store container data persistently
C. To build user interfaces for containers
D. To monitor container CPU usage

Solution

  1. Step 1: Understand container networking role

    Container networking connects containers so they can send data and messages to each other.

  2. Step 2: Compare with other options

    Storing data, building interfaces, and monitoring CPU are not related to networking.

  3. Final Answer:

    To allow containers to communicate with each other -> Option A

  4. Quick Check:

    Container networking = communication [OK]
Hint: Networking means communication between containers [OK]
Common Mistakes:
  • Confusing networking with storage
  • Thinking networking builds UI
  • Mixing monitoring with networking
2. Which Docker command creates a user-defined network named mynet?
easy
A. docker create network mynet
B. docker network create mynet
C. docker network new mynet
D. docker net create mynet

Solution

  1. Step 1: Recall Docker network creation syntax

    The correct command is docker network create <name>.

  2. Step 2: Match options with syntax

    Only docker network create mynet matches the correct syntax exactly.

  3. Final Answer:

    docker network create mynet -> Option B

  4. Quick Check:

    docker network create = correct syntax [OK]
Hint: Remember: 'docker network create' is the right command [OK]
Common Mistakes:
  • Swapping 'create' and 'network' order
  • Using 'new' instead of 'create'
  • Shortening 'network' to 'net' incorrectly
3. Given two containers web and db connected on a user-defined network mynet, what happens when web tries to ping db by container name?
medium
A. Ping succeeds because containers can resolve names on the same user-defined network
B. Ping fails because container names are not resolvable
C. Ping succeeds only if IP addresses are used, not names
D. Ping fails because containers cannot communicate on user-defined networks

Solution

  1. Step 1: Understand user-defined network DNS resolution

    User-defined Docker networks provide automatic DNS resolution of container names.

  2. Step 2: Apply to ping scenario

    Since both containers are on mynet, web can ping db by name successfully.

  3. Final Answer:

    Ping succeeds because containers can resolve names on the same user-defined network -> Option A

  4. Quick Check:

    User-defined network = name resolution works [OK]
Hint: User-defined networks enable container name resolution [OK]
Common Mistakes:
  • Assuming container names are never resolvable
  • Thinking IP addresses are always required
  • Believing user-defined networks block communication
4. You created two containers on the default bridge network but they cannot communicate by container name. What is the likely cause?
medium
A. Container names must be IP addresses on default bridge
B. Containers must be on different networks to communicate
C. Default bridge network does not support automatic container name resolution
D. Docker daemon is not running

Solution

  1. Step 1: Recall default bridge network limitations

    The default bridge network does not provide automatic DNS for container names.

  2. Step 2: Analyze communication failure

    Without name resolution, containers cannot reach each other by name on default bridge.

  3. Final Answer:

    Default bridge network does not support automatic container name resolution -> Option C

  4. Quick Check:

    Default bridge = no name resolution [OK]
Hint: Default bridge lacks container name DNS [OK]
Common Mistakes:
  • Thinking containers must be on different networks to communicate
  • Confusing container names with IP addresses
  • Assuming Docker daemon is stopped without checking
5. You want to isolate microservices into separate networks for security but allow only the api service to communicate with db. Which design best achieves this?
hard
A. Create separate networks but connect all containers to all networks.
B. Connect all services to a single network and use firewall rules inside containers.
C. Use the default bridge network for all containers and rely on container names.
D. Create two networks: api-net and db-net. Connect api to both networks, db only to db-net.

Solution

  1. Step 1: Understand network isolation and selective communication

    Separating services into different networks isolates traffic. Connecting api to both networks allows it to talk to db while others cannot.

  2. Step 2: Evaluate options for security and communication

    Create two networks: api-net and db-net. Connect api to both networks, db only to db-net. isolates db and allows only api access. Other options either lack isolation or allow unwanted access.

  3. Final Answer:

    Create two networks: api-net and db-net. Connect api to both networks, db only to db-net. -> Option D

  4. Quick Check:

    Separate networks + selective connection = secure communication [OK]
Hint: Use multiple networks and connect only needed containers [OK]
Common Mistakes:
  • Putting all containers on one network without isolation
  • Connecting all containers to all networks
  • Relying on default bridge network for security