24

Since the overlay network could make multiple isolated docker deamon host commuciate with each other, why we need bridge network in docker swarm? Thanks!

leo
  • 1,045
  • 3
  • 15
  • 27

2 Answers2

15

Check this thread for understanding conceptually.

Bridge network: Bridge is the default network in docker which is also called as docker0. It is the default network that bridges through the NAT firewall to the physical that your host is connected to. But, we don't care about it as all the containers will attach to this network and worked.

If you have any containers running, you could inspect the bridge network as,

$ docker network inspect bridge

"Containers": {
        "145a2716d018c6fe8e9f93a81d88afd5a7437f0084ddb170c40761818e6d2f67": {
            "Name": "nginx",
            "EndpointID":   "ea6cfa433f41e21e572f17473c8e5f5e5d82e9f19646e66fe23abda20a3836b8",
            "MacAddress": "02:42:ac:11:00:02",
            "IPv4Address": "172.17.0.2/16",
            "IPv6Address": ""
        }
    },

Note: You can see that automatic IP address assigned to the container which is from the IPAM config subnet.

Consider, you have multiple docker host running containers in which each docker host has its own internal private bridge network allowing the containers to communicate with each other however, containers across the host has no way to communicate with each other unless you publish the ports on those containers and set up some kind of routing yourself. This is where overlay network comes into play. With docker swarm you can create an overlay network which will create an internal private network that spans across all the nodes participating in the swarm network we could attach a container or service to this network using the network option while creating a service. So, the containers across the nodes can communicate over this overlay network.

$ docker network create --driver overlay --subnet 10.0.9.0/24 overlay_network
$ docker service create --replicas 3 --network overlay_network nginx

Hope this helps.

wanderbild
  • 43
  • 5
mohan08p
  • 5,002
  • 1
  • 28
  • 36
3

The overlay page lays it out:

When you initialize a swarm or join a Docker host to an existing swarm, two new networks are created on that Docker host:

  • an overlay network called ingress, which handles control and data traffic related to swarm services. When you create a swarm service and do not connect it to a user-defined overlay network, it connects to the ingress network by default.
  • a bridge network called docker_gwbridge, which connects the individual Docker daemon to the other daemons participating in the swarm.

See "How does it work? Docker! Part 2: Swarm networking", by Sebastian Caceres:

  • The overlay bridge is the ingress/egress point to the overlay network that the VXLAN encapsulates.
    It also extends the overlay across all the hosts that participate in this particular overlay.
    There is one per overlay subnet on each host, with the same name as the overlay network.
  • The docker_gwbridge is the egress bridge for all the traffic that leaves the cluster.
    There is only one docker_gwbridge per host. Container-to-container traffic flows do not go through this bridge.
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250