CloudShell Academy LogoCloudShell Academy
Log InSign Up
AcademyContainment Breach: The Architect's ShipZone 4: Subterranean Networks

Lesson 1: The Bridge Builder (Docker Networking)

Containers are isolated by default — they can't talk to each other or the outside world without networking. Docker provides several network drivers to connect containers, like building bridges between islands.

Default Docker Networks

When you install Docker, three networks are created automatically:

docker network ls

NETWORK ID     NAME      DRIVER    SCOPE
abc123         bridge    bridge    local
def456         host      host      local
ghi789         none      null      local

| Network | Purpose | |---------|---------| | bridge | Default. Containers get private IPs. Isolated from host. | | host | Container shares the host's network stack. No isolation. | | none | No networking at all. Complete isolation. |

The Bridge Network

┌──────────── Docker Host ────────────┐
│                                      │
│   ┌──────────────────────────────┐   │
│   │     Docker Bridge (docker0)  │   │
│   │      172.17.0.1              │   │
│   └──┬──────────────┬───────────┘   │
│      │              │                │
│  ┌───▼───┐     ┌───▼───┐           │
│  │ web   │     │  db   │           │
│  │.17.0.2│     │.17.0.3│           │
│  └───────┘     └───────┘           │
│                                      │
└──────────────────────────────────────┘

Containers on the same bridge can communicate using IP addresses. But there's a better way...

Custom Networks (Recommended)

Create your own network for automatic DNS resolution — containers can find each other by name:

# Create a custom network
docker network create app-network

# Run containers on it
docker run -d --name web --network app-network nginx
docker run -d --name db --network app-network postgres

# Now 'web' can reach 'db' by name!
docker exec web ping db    # Works!

Why Custom Networks?

| Feature | Default Bridge | Custom Network | |---------|---------------|----------------| | DNS resolution | ❌ No | ✅ Yes (by container name) | | Isolation | ⚠️ All containers share it | ✅ Only your containers | | Hot connect/disconnect | ❌ No | ✅ Yes |

Network Management Commands

docker network create mynet           # Create
docker network ls                      # List all
docker network inspect mynet           # View details
docker network connect mynet web       # Connect a container
docker network disconnect mynet web    # Disconnect
docker network rm mynet                # Remove
docker network prune                   # Clean up unused
booting...

Mission Objective

Build your first container network:

  1. Survey: Run docker network ls to see existing networks.
  2. Build a bridge: Create a network with docker network create app-network.
  3. Connect: Run docker run -d --name app --network app-network nginx.

Mission Control

List all Docker networks

Expected Command

docker network ls

Create a custom network

Run a container on the custom network

Previous: The Black Box: Logging & InspectionNext: The Port Authority: Mapping Ports