docker-network

List all available and configured networks on Docker daemon

$ docker network ls

$ docker network create [[-d|--driver]] [driver_name] [network_name]

$ docker network inspect [network_name1 network_name2 ...]

$ docker network connect [network_name] [container_name|ID]

$ docker network disconnect [network_name] [container_name|ID]

$ docker network prune

$ docker network rm [network_name1 network_name2 ...]

docker network <subcommand> [OPTIONS]

Common Subcommands:
  docker network connect [OPTIONS] NETWORK CONTAINER
  docker network create [OPTIONS] NETWORK
  docker network disconnect [OPTIONS] NETWORK CONTAINER
  docker network inspect [OPTIONS] NETWORK [NETWORK...]
  docker network ls [OPTIONS]
  docker network prune [OPTIONS]
  docker network rm [OPTIONS] NETWORK [NETWORK...]

connect
    Connect a container to a network.

create
    Create a new network.

disconnect
    Disconnect a container from a network.

inspect
    Display detailed information on one or more networks.

ls
    List networks.

prune
    Remove all unused networks.

rm
    Remove one or more networks.

NETWORK
    The name or ID of the network.

CONTAINER
    The name or ID of the container.

-d, --driver string
    Driver to use for the network (e.g., 'bridge', 'overlay'). (create)

--attachable
    Enable manual container attachment to the network. (create)

--internal
    Restrict external access to the network. (create)

--subnet strings
    Subnet in CIDR format for the network segment. (create)

--gateway strings
    IPv4 or IPv6 gateway for the master subnet. (create)

--ip-range strings
    Allocate container IP from a sub-range. (create)

-o, --opt map
    Set driver specific options. (create)

--alias strings
    Add network-scoped alias for the container. (connect)

--ip string
    Static IPv4 address for the container on this network. (connect)

-f, --filter filter
    Filter output based on conditions provided. (inspect, ls)

--format string
    Pretty-print networks using a Go template. (inspect, ls)

--no-trunc
    Don't truncate output. (ls)

-q, --quiet
    Only show network IDs. (ls)

-f, --force
    Do not prompt for confirmation when pruning. (prune)

The `docker network` command is a crucial tool for managing Docker container networks. It allows users to create, inspect, connect, disconnect, and remove networks, defining how containers communicate with each other and with the outside world. Docker provides several built-in network drivers (like bridge, host, none, overlay, and macvlan) and supports custom network plugins, enabling flexible network topologies. This command is fundamental for isolating applications, securing communication pathways, and building robust distributed systems with Docker. It manages the entire lifecycle of networks, from initial setup to cleanup.

Different network drivers (e.g., bridge, overlay, macvlan) have distinct capabilities and use cases. The bridge driver is suitable for single-host container communication, while overlay is essential for multi-host Docker Swarm clusters. Removing a network will disconnect all containers attached to it. Networks created with the --internal flag will restrict external access to their connected containers, enhancing security.

Docker provides several built-in network drivers:
    bridge: The default network driver. Containers on the same bridge network can communicate, and it provides NAT for external access.
    host: Removes network isolation between the container and the Docker host. The container shares the host's network stack.
    none: Disables all networking for the container.
    overlay: Used for multi-host communication in Docker Swarm mode. Creates a distributed network segment across multiple Docker daemons.
    macvlan: Allows assigning a MAC address to a container, making it appear as a physical device on your network. Useful for legacy applications.

By default, Docker creates three networks when installed:
    bridge: The default network for new containers if no other network is specified.
    host: A special network mode that uses the host's network stack.
    none: A special network mode that provides no networking for the container.

Docker's networking capabilities have significantly evolved since its early days. Initially, basic host-only and linked container communication was prevalent. The introduction of libnetwork in Docker 1.9 (October 2015) revolutionized Docker networking by standardizing network drivers and providing a robust framework for pluggable network backends. This paved the way for advanced features like multi-host networking with the overlay driver, critical for Docker Swarm mode and distributed applications. This evolution aimed to provide more flexible, scalable, and secure networking solutions for containerized environments.

docker run(1), docker ps(1), docker inspect(1), ip(8), brctl(8)