#
User-defined Bridge vs Default Bridge networking
This tutorial explains the differences between a user-defined bridge and a default bridge in Docker.
- User-defined bridges provide automatic DNS resolution between containers
Containers on the default bridge network can only access each other by IP addresses, unless you use the
--link option, which is considered legacy. On a user-defined bridge network,
containers can resolve each other by name or alias.
- User-defined bridges provide better isolation
All containers without a --network specified, are attached to the default bridge network.
This can be a risk, as unrelated stacks/services/containers are then able to communicate.
Using a user-defined network provides a scoped network in which only containers attached to that
network are able to communicate.
- Containers can be attached and detached from user-defined networks on the fly
During a container’s lifetime, you can connect or disconnect it from user-defined networks on the fly. To remove a container from the default bridge network, you need to stop the container and recreate it with different network options.
- Each user-defined network creates a configurable bridge
If your containers use the default bridge network, you can configure it, but all the containers use the same settings. In addition, configuring the default bridge network happens outside of Docker itself, and requires a restart of Docker.
Create a user-defined bridge:
docker network create my-bridged-netList the networks on Docker host:
docker network lsand the result is like this:
NETWORK ID NAME DRIVER SCOPE
db8e765f1473 bridge bridge local
ddd7c07f5878 host host local
b9a7e3793d41 my-bridged-net bridge local
9b6e685952f6 none null localList only the bridged networks on Docker host:
docker network ls --filter driver=bridgeRemove a user-defined network from Docker host:
docker network rm my-bridged-net