Docker default networks

The following are some of Docker's default networks:

• Bridge network: In a nonswarm scenario, Docker will use the bridge network driver (called bridge) to allow standalone containers to speak to each other. You can think of the bridge as a link layer device that forwards network traffic between segments. If containers are connected to the same bridge network, they can communicate; if they're not connected, they can't. The bridged network is the default choice unless otherwise specified. In this mode, the container has its own networking namespace and is then bridged via virtual interfaces to the host (or node, in the case of K8s) network. In the bridged network, two containers can use the same IP range because they are completely isolated. Therefore, service communication requires some additional port mapping through the host side of network interfaces.
• Host based: Docker also offers host-based networking for standalone containers, which creates a virtual bridge called docker0 that allocates private IP address space for the containers using that bridge. Each container gets a virtual Ethernet (veth) device that you can see in the container as eth0. Performance is greatly benefited since it removes a level of network virtualization; however, you lose the security of having an isolated network namespace. Additionally, port usage must be managed more carefully since all containers share an IP.

There's also a none network, which creates a container with no external interface. Only a loopback device is shown if you inspect the network interfaces.

In all of these scenarios, we are still on a single machine, and outside of  host mode, the container IP space is not available outside that machine. Connecting containers across two machines requires NAT and port mapping for communication.