Since the overlay network could make multiple isolated docker deamon host commuciate with each other, why we need bridge network in docker swarm? Thanks!
The overlay network driver creates a distributed network among multiple Docker daemon hosts. This network sits on top of (overlays) the host-specific networks, allowing containers connected to it (including swarm service containers) to communicate securely when encryption is enabled.
Docker includes support for networking containers through the use of network drivers. By default, Docker provides two network drivers for you, the bridge and the overlay drivers. You can also write a network driver plugin so that you can create your own drivers but that is an advanced task.
User-defined bridge networks are best when you need multiple containers to communicate on the same Docker host. Host networks are best when the network stack should not be isolated from the Docker host, but you want other aspects of the container to be isolated.
This provides better isolation and interoperability between containers, and custom bridge networks have better security and features than the default bridge. All containers in a custom bridge can communicate with the ports of other containers on that bridge.
Check this thread for understanding conceptually.
Bridge network: Bridge is the default network in docker which is also called as docker0. It is the default network that bridges through the NAT firewall to the physical that your host is connected to. But, we don't care about it as all the containers will attach to this network and worked.
If you have any containers running, you could inspect the bridge network as,
$ docker network inspect bridge
"Containers": {
"145a2716d018c6fe8e9f93a81d88afd5a7437f0084ddb170c40761818e6d2f67": {
"Name": "nginx",
"EndpointID": "ea6cfa433f41e21e572f17473c8e5f5e5d82e9f19646e66fe23abda20a3836b8",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
Note: You can see that automatic IP address assigned to the container which is from the IPAM config subnet.
Consider, you have multiple docker host running containers in which each docker host has its own internal private bridge network allowing the containers to communicate with each other however, containers across the host has no way to communicate with each other unless you publish the ports on those containers and set up some kind of routing yourself. This is where overlay network comes into play. With docker swarm you can create an overlay network which will create an internal private network that spans across all the nodes participating in the swarm network we could attach a container or service to this network using the network option while creating a service. So, the containers across the nodes can communicate over this overlay network.
$ docker network create --driver overlay --subnet 10.0.9.0/24 overlay_network
$ docker service create --replicas 3 --network overlay_network nginx
Hope this helps.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With