github.com/pwn-term/docker@v0.0.0-20210616085119-6e977cce2565/cli/docs/reference/commandline/network_create.md (about)

     1  ---
     2  title: "network create"
     3  description: "The network create command description and usage"
     4  keywords: "network, create"
     5  ---
     6  
     7  # network create
     8  
     9  ```markdown
    10  Usage:  docker network create [OPTIONS] NETWORK
    11  
    12  Create a network
    13  
    14  Options:
    15        --attachable           Enable manual container attachment
    16        --ingress              Specify the network provides the routing-mesh
    17        --aux-address value    Auxiliary IPv4 or IPv6 addresses used by Network
    18                               driver (default map[])
    19    -d, --driver string        Driver to manage the Network (default "bridge")
    20        --gateway value        IPv4 or IPv6 Gateway for the master subnet (default [])
    21        --help                 Print usage
    22        --internal             Restrict external access to the network
    23        --ip-range value       Allocate container ip from a sub-range (default [])
    24        --ipam-driver string   IP Address Management Driver (default "default")
    25        --ipam-opt value       Set IPAM driver specific options (default map[])
    26        --ipv6                 Enable IPv6 networking
    27        --label value          Set metadata on a network (default [])
    28    -o, --opt value            Set driver specific options (default map[])
    29        --subnet value         Subnet in CIDR format that represents a
    30                               network segment (default [])
    31        --scope value          Promote a network to swarm scope (value = [ local | swarm ])
    32        --config-only          Creates a configuration only network
    33        --config-from          The name of the network from which to copy the configuration
    34  ```
    35  
    36  ## Description
    37  
    38  Creates a new network. The `DRIVER` accepts `bridge` or `overlay` which are the
    39  built-in network drivers. If you have installed a third party or your own custom
    40  network driver you can specify that `DRIVER` here also. If you don't specify the
    41  `--driver` option, the command automatically creates a `bridge` network for you.
    42  When you install Docker Engine it creates a `bridge` network automatically. This
    43  network corresponds to the `docker0` bridge that Engine has traditionally relied
    44  on. When you launch a new container with  `docker run` it automatically connects to
    45  this bridge network. You cannot remove this default bridge network, but you can
    46  create new ones using the `network create` command.
    47  
    48  ```bash
    49  $ docker network create -d bridge my-bridge-network
    50  ```
    51  
    52  Bridge networks are isolated networks on a single Engine installation. If you
    53  want to create a network that spans multiple Docker hosts each running an
    54  Engine, you must create an `overlay` network. Unlike `bridge` networks, overlay
    55  networks require some pre-existing conditions before you can create one. These
    56  conditions are:
    57  
    58  * Access to a key-value store. Engine supports Consul, Etcd, and ZooKeeper (Distributed store) key-value stores.
    59  * A cluster of hosts with connectivity to the key-value store.
    60  * A properly configured Engine `daemon` on each host in the cluster.
    61  
    62  The `dockerd` options that support the `overlay` network are:
    63  
    64  * `--cluster-store`
    65  * `--cluster-store-opt`
    66  * `--cluster-advertise`
    67  
    68  To read more about these options and how to configure them, see ["*Get started
    69  with multi-host network*"](https://docs.docker.com/engine/userguide/networking/get-started-overlay).
    70  
    71  While not required, it is a good idea to install Docker Swarm to
    72  manage the cluster that makes up your network. Swarm provides sophisticated
    73  discovery and server management tools that can assist your implementation.
    74  
    75  Once you have prepared the `overlay` network prerequisites you simply choose a
    76  Docker host in the cluster and issue the following to create the network:
    77  
    78  ```bash
    79  $ docker network create -d overlay my-multihost-network
    80  ```
    81  
    82  Network names must be unique. The Docker daemon attempts to identify naming
    83  conflicts but this is not guaranteed. It is the user's responsibility to avoid
    84  name conflicts.
    85  
    86  ### Overlay network limitations
    87  
    88  You should create overlay networks with `/24` blocks (the default), which limits
    89  you to 256 IP addresses, when you create networks using the default VIP-based
    90  endpoint-mode. This recommendation addresses
    91  [limitations with swarm mode](https://github.com/moby/moby/issues/30820). If you
    92  need more than 256 IP addresses, do not increase the IP block size. You can
    93  either use `dnsrr` endpoint mode with an external load balancer, or use multiple
    94  smaller overlay networks. See
    95  [Configure service discovery](https://docs.docker.com/engine/swarm/networking/#configure-service-discovery)
    96  for more information about different endpoint modes.
    97  
    98  ## Examples
    99  
   100  ### Connect containers
   101  
   102  When you start a container, use the `--network` flag to connect it to a network.
   103  This example adds the `busybox` container to the `mynet` network:
   104  
   105  ```bash
   106  $ docker run -itd --network=mynet busybox
   107  ```
   108  
   109  If you want to add a container to a network after the container is already
   110  running, use the `docker network connect` subcommand.
   111  
   112  You can connect multiple containers to the same network. Once connected, the
   113  containers can communicate using only another container's IP address or name.
   114  For `overlay` networks or custom plugins that support multi-host connectivity,
   115  containers connected to the same multi-host network but launched from different
   116  Engines can also communicate in this way.
   117  
   118  You can disconnect a container from a network using the `docker network
   119  disconnect` command.
   120  
   121  ### Specify advanced options
   122  
   123  When you create a network, Engine creates a non-overlapping subnetwork for the
   124  network by default. This subnetwork is not a subdivision of an existing
   125  network. It is purely for ip-addressing purposes. You can override this default
   126  and specify subnetwork values directly using the `--subnet` option. On a
   127  `bridge` network you can only create a single subnet:
   128  
   129  ```bash
   130  $ docker network create --driver=bridge --subnet=192.168.0.0/16 br0
   131  ```
   132  
   133  Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address`
   134  options.
   135  
   136  ```bash
   137  $ docker network create \
   138    --driver=bridge \
   139    --subnet=172.28.0.0/16 \
   140    --ip-range=172.28.5.0/24 \
   141    --gateway=172.28.5.254 \
   142    br0
   143  ```
   144  
   145  If you omit the `--gateway` flag the Engine selects one for you from inside a
   146  preferred pool. For `overlay` networks and for network driver plugins that
   147  support it you can create multiple subnetworks. This example uses two `/25`
   148  subnet mask to adhere to the current guidance of not having more than 256 IPs in
   149  a single overlay network. Each of the subnetworks has 126 usable addresses.
   150  
   151  ```bash
   152  $ docker network create -d overlay \
   153    --subnet=192.168.10.0/25 \
   154    --subnet=192.168.20.0/25 \
   155    --gateway=192.168.10.100 \
   156    --gateway=192.168.20.100 \
   157    --aux-address="my-router=192.168.10.5" --aux-address="my-switch=192.168.10.6" \
   158    --aux-address="my-printer=192.168.20.5" --aux-address="my-nas=192.168.20.6" \
   159    my-multihost-network
   160  ```
   161  
   162  Be sure that your subnetworks do not overlap. If they do, the network create
   163  fails and Engine returns an error.
   164  
   165  ### Bridge driver options
   166  
   167  When creating a custom network, the default network driver (i.e. `bridge`) has
   168  additional options that can be passed. The following are those options and the
   169  equivalent docker daemon flags used for docker0 bridge:
   170  
   171  | Option                                           | Equivalent  | Description                                           |
   172  |--------------------------------------------------|-------------|-------------------------------------------------------|
   173  | `com.docker.network.bridge.name`                 | -           | Bridge name to be used when creating the Linux bridge |
   174  | `com.docker.network.bridge.enable_ip_masquerade` | `--ip-masq` | Enable IP masquerading                                |
   175  | `com.docker.network.bridge.enable_icc`           | `--icc`     | Enable or Disable Inter Container Connectivity        |
   176  | `com.docker.network.bridge.host_binding_ipv4`    | `--ip`      | Default IP when binding container ports               |
   177  | `com.docker.network.driver.mtu`                  | `--mtu`     | Set the containers network MTU                        |
   178  | `com.docker.network.container_interface_prefix`  | -           | Set a custom prefix for container interfaces          |
   179  
   180  The following arguments can be passed to `docker network create` for any
   181  network driver, again with their approximate equivalents to `docker daemon`.
   182  
   183  | Argument     | Equivalent     | Description                                |
   184  |--------------|----------------|--------------------------------------------|
   185  | `--gateway`  | -              | IPv4 or IPv6 Gateway for the master subnet |
   186  | `--ip-range` | `--fixed-cidr` | Allocate IPs from a range                  |
   187  | `--internal` | -              | Restrict external access to the network   |
   188  | `--ipv6`     | `--ipv6`       | Enable IPv6 networking                     |
   189  | `--subnet`   | `--bip`        | Subnet for network                         |
   190  
   191  For example, let's use `-o` or `--opt` options to specify an IP address binding
   192  when publishing ports:
   193  
   194  ```bash
   195  $ docker network create \
   196      -o "com.docker.network.bridge.host_binding_ipv4"="172.19.0.1" \
   197      simple-network
   198  ```
   199  
   200  ### Network internal mode
   201  
   202  By default, when you connect a container to an `overlay` network, Docker also
   203  connects a bridge network to it to provide external connectivity. If you want
   204  to create an externally isolated `overlay` network, you can specify the
   205  `--internal` option.
   206  
   207  ### Network ingress mode
   208  
   209  You can create the network which will be used to provide the routing-mesh in the
   210  swarm cluster. You do so by specifying `--ingress` when creating the network. Only
   211  one ingress network can be created at the time. The network can be removed only
   212  if no services depend on it. Any option available when creating an overlay network
   213  is also available when creating the ingress network, besides the `--attachable` option.
   214  
   215  ```bash
   216  $ docker network create -d overlay \
   217    --subnet=10.11.0.0/16 \
   218    --ingress \
   219    --opt com.docker.network.driver.mtu=9216 \
   220    --opt encrypted=true \
   221    my-ingress-network
   222  ```
   223  
   224  ## Related commands
   225  
   226  * [network inspect](network_inspect.md)
   227  * [network connect](network_connect.md)
   228  * [network disconnect](network_disconnect.md)
   229  * [network ls](network_ls.md)
   230  * [network rm](network_rm.md)
   231  * [network prune](network_prune.md)
   232  * [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/)