Module Review: Networking
[!NOTE] This module explores the core principles of Module Review: Networking, deriving solutions from first principles and hardware constraints to build world-class, production-ready expertise.
1. Key Takeaways
- Bridge is Default: Containers get a private IP on a NAT’d subnet. Ideal for single-host isolation.
- Host is Fastest: Removes isolation for maximum performance but risks port conflicts.
- Overlay for Clusters: Connects containers across multiple physical hosts using VXLAN encapsulation.
- DNS is Built-in:
127.0.0.11resolves container names to IPs automatically.
2. Flashcards
What is the default network driver for a container?
Bridge
Which mode offers the best network performance?
Host Mode (`--net=host`) because it bypasses NAT.
What technology powers the Overlay network?
VXLAN (Virtual Extensible LAN) encapsulation over UDP.
What is the IP address of the embedded DNS server?
127.0.0.11
How do you expose a container port in Bridge mode?
Using `-p host_port:container_port` (e.g., `-p 8080:80`).
3. Cheat Sheet
| Mode | Isolation | Connectivity | Use Case |
|---|---|---|---|
| Bridge | High | NAT (Port Mapping required) | Default, Microservices on single host |
| Host | None | Direct Host Interface | High Performance, Monitoring Agents |
| None | Total | Loopback Only | Batch jobs, High Security |
| Overlay | Medium | Multi-Host VXLAN | Swarm Clusters, Kubernetes |
| Macvlan | Low | Direct L2 Access | Legacy Apps requiring physical IP |
4. Next Steps
Now that you’ve mastered Networking, it’s time to learn where to store your data.
[!TIP] Check out the Docker Glossary for definitions of VETH, NAT, and VXLAN.