Container Networking Vocabulary
5 exercises — Master the English vocabulary of container networking: network drivers, port binding, DNS service discovery, VXLAN overlays, and network isolation.
0 / 5 completed
Quick reference: Container networking vocabulary
- Bridge — single-host; host — shares host stack; overlay — multi-host Swarm; macvlan — direct LAN attachment
- -p HOST:CONTAINER — port binding; left = host port you connect to, right = container's listening port
- Embedded DNS (127.0.0.11) — resolves service names to IPs within the same Docker network
- VXLAN — tunnels L2 Ethernet frames over UDP for cross-host overlay networking
- Network isolation — separate networks block cross-service traffic without firewall rules
1 / 5
A developer asks: "I need the containers in my app — a web server, an API, and a cache — to communicate with each other on the same Docker host but be isolated from external network traffic unless I explicitly publish a port. Which Docker network driver should I use?"
Which driver is correct for this single-host, internal communication requirement?
The bridge driver is the correct choice for single-host container-to-container networking with isolation.
Docker's built-in network drivers serve different purposes:
• bridge (default) — software bridge on the host; containers on the same bridge network communicate; isolated from host network unless ports are published via
• host — removes network namespace isolation; the container shares the host's network stack; better performance but zero network isolation
• overlay — multi-host networking across a Docker Swarm cluster; uses VXLAN encapsulation
• macvlan — containers appear as physical NICs on the LAN; used for apps needing direct L2 access (e.g., network appliances)
• none — no networking at all; used for maximum isolation or custom network setups
Key vocabulary:
• bridge network — a virtual network connecting containers on a single Docker host
• network driver — the software plugin that implements a specific networking topology in Docker
• published port — a host:container port mapping created with
• network namespace — the kernel isolation boundary that gives each container its own network stack
Docker's built-in network drivers serve different purposes:
• bridge (default) — software bridge on the host; containers on the same bridge network communicate; isolated from host network unless ports are published via
-p• host — removes network namespace isolation; the container shares the host's network stack; better performance but zero network isolation
• overlay — multi-host networking across a Docker Swarm cluster; uses VXLAN encapsulation
• macvlan — containers appear as physical NICs on the LAN; used for apps needing direct L2 access (e.g., network appliances)
• none — no networking at all; used for maximum isolation or custom network setups
Key vocabulary:
• bridge network — a virtual network connecting containers on a single Docker host
• network driver — the software plugin that implements a specific networking topology in Docker
• published port — a host:container port mapping created with
-p that exposes a container port to external traffic• network namespace — the kernel isolation boundary that gives each container its own network stack