πŸŽ“
DevOpsPath
Day 47intermediateMar 19, 2026

Bridge vs Host Networking in Docker

Choosing the wrong network mode can either break container isolation or add unnecessary latency.

dockernetworkingsecurity
Share:

What

Bridge networking is Docker's default mode that creates an isolated virtual network for containers, requiring explicit port mapping with -p to expose services. Host networking removes network isolation entirely and lets the container share the host's network stack directly, so the container's ports are the host's ports. Note: host networking works as described on Linux. On Docker Desktop (Mac/Windows), it behaves differently due to the Linux VM layer.

Why It Matters

Bridge mode gives you security through isolation β€” containers can only communicate through defined channels. Host mode eliminates the NAT overhead, giving you bare-metal network performance. Choosing the right mode depends on whether you prioritize isolation or performance for your specific workload.

Example

# Bridge networking (default) β€” isolated, requires port mapping
docker run -d -p 8080:80 --name web-bridge nginx
# Access via http://localhost:8080

# Host networking β€” shares host network, no port mapping needed
docker run -d --network host --name web-host nginx
# Access via http://localhost:80 (uses host port directly)

# Create a custom bridge network for container-to-container DNS
docker network create my-app
docker run -d --network my-app --name api my-api
docker run -d --network my-app --name db postgres
# 'api' container can reach 'db' by name: postgres://db:5432

# Inspect a container's network settings
docker inspect --format='{{.NetworkSettings.Networks}}' web-bridge
dockerfile

Common Mistake

Using host networking when bridge mode would provide better isolation and security. Host networking exposes all container ports to the host without any mapping control, which is a security risk for multi-tenant environments or internet-facing services.

Quick Fix

Default to bridge networking for most workloads. Use custom bridge networks for multi-container apps (you get DNS-based service discovery for free). Only use host networking when you need maximum network performance and understand the security tradeoffs.

Key Takeaways

  • 1Bridge (default): isolated network, needs -p port mapping
  • 2Host: shares host network, no isolation, no NAT overhead
  • 3Custom bridge: container-to-container DNS resolution
  • 4Bridge for security, host for raw performance
  • 5docker network create my-app for multi-container apps

Was this tip helpful?

Help us improve the DevOpsPath daily collection

Share:

Related Tips

Day 41β€’beginner

Reclaim Disk Space with Docker System Prune

dockermaintenance
Day 35β€’advanced

Hot-Reload Containers in Dev with Docker Compose Watch

dockerdocker-compose
Day 29β€’intermediate

ARG vs ENV in Dockerfiles β€” The Key Difference

dockerdockerfile

Related Lessons

docker15 min

101 β€” Your First Container

docker20 min

102 β€” Understanding Docker Images

Previous

Day 46: Read Existing Infrastructure with Terraform Data Sources