github.com/pwn-term/docker@v0.0.0-20210616085119-6e977cce2565/cli/man/src/network/create.md (about)

     1  Creates a new network. The `DRIVER` accepts `bridge` or `overlay` which are the
     2  built-in network drivers. If you have installed a third party or your own custom
     3  network driver you can specify that `DRIVER` here also. If you don't specify the
     4  `--driver` option, the command automatically creates a `bridge` network for you.
     5  When you install Docker Engine it creates a `bridge` network automatically. This
     6  network corresponds to the `docker0` bridge that Engine has traditionally relied
     7  on. When you launch a new container with  `docker run` it automatically connects to
     8  this bridge network. You cannot remove this default bridge network but you can
     9  create new ones using the `network create` command.
    10  
    11  ```bash
    12  $ docker network create -d bridge my-bridge-network
    13  ```
    14  
    15  Bridge networks are isolated networks on a single Engine installation. If you
    16  want to create a network that spans multiple Docker hosts each running an
    17  Engine, you must create an `overlay` network. Unlike `bridge` networks overlay
    18  networks require some pre-existing conditions before you can create one. These
    19  conditions are:
    20  
    21  * Access to a key-value store. Engine supports Consul, Etcd, and Zookeeper (Distributed store) key-value stores.
    22  * A cluster of hosts with connectivity to the key-value store.
    23  * A properly configured Engine `daemon` on each host in the cluster.
    24  
    25  The `dockerd` options that support the `overlay` network are:
    26  
    27  * `--cluster-store`
    28  * `--cluster-store-opt`
    29  * `--cluster-advertise`
    30  
    31  To read more about these options and how to configure them, see ["*Get started
    32  with multi-host
    33  network*"](https://docs.docker.com/engine/userguide/networking/get-started-overlay/).
    34  
    35  It is also a good idea, though not required, that you install Docker Swarm on to
    36  manage the cluster that makes up your network. Swarm provides sophisticated
    37  discovery and server management that can assist your implementation.
    38  
    39  Once you have prepared the `overlay` network prerequisites you simply choose a
    40  Docker host in the cluster and issue the following to create the network:
    41  
    42  ```bash
    43  $ docker network create -d overlay my-multihost-network
    44  ```
    45  
    46  Network names must be unique. The Docker daemon attempts to identify naming
    47  conflicts but this is not guaranteed. It is the user's responsibility to avoid
    48  name conflicts.
    49  
    50  ## Connect containers
    51  
    52  When you start a container use the `--network` flag to connect it to a network.
    53  This adds the `busybox` container to the `mynet` network.
    54  
    55  ```bash
    56  $ docker run -itd --network=mynet busybox
    57  ```
    58  
    59  If you want to add a container to a network after the container is already
    60  running use the `docker network connect` subcommand.
    61  
    62  You can connect multiple containers to the same network. Once connected, the
    63  containers can communicate using only another container's IP address or name.
    64  For `overlay` networks or custom plugins that support multi-host connectivity,
    65  containers connected to the same multi-host network but launched from different
    66  Engines can also communicate in this way.
    67  
    68  You can disconnect a container from a network using the `docker network
    69  disconnect` command.
    70  
    71  ## Specifying advanced options
    72  
    73  When you create a network, Engine creates a non-overlapping subnetwork for the
    74  network by default. This subnetwork is not a subdivision of an existing network.
    75  It is purely for ip-addressing purposes. You can override this default and
    76  specify subnetwork values directly using the `--subnet` option. On a
    77  `bridge` network you can only create a single subnet:
    78  
    79  ```bash
    80  $ docker network create -d bridge --subnet=192.168.0.0/16 br0
    81  ```
    82  
    83  Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address`
    84  options.
    85  
    86  ```bash
    87  $ docker network create \
    88    --driver=bridge \
    89    --subnet=172.28.0.0/16 \
    90    --ip-range=172.28.5.0/24 \
    91    --gateway=172.28.5.254 \
    92    br0
    93  ```
    94  
    95  If you omit the `--gateway` flag the Engine selects one for you from inside a
    96  preferred pool. For `overlay` networks and for network driver plugins that
    97  support it you can create multiple subnetworks.
    98  
    99  ```bash
   100  $ docker network create -d overlay \
   101    --subnet=192.168.0.0/16 \
   102    --subnet=192.170.0.0/16 \
   103    --gateway=192.168.0.100 \ 
   104    --gateway=192.170.0.100 \
   105    --ip-range=192.168.1.0/24 \
   106    --aux-address="my-router=192.168.1.5" --aux-address="my-switch=192.168.1.6" \
   107    --aux-address="my-printer=192.170.1.5" --aux-address="my-nas=192.170.1.6" \
   108    my-multihost-network
   109  ```
   110  
   111  Be sure that your subnetworks do not overlap. If they do, the network create
   112  fails and Engine returns an error.
   113  
   114  ### Network internal mode
   115  
   116  By default, when you connect a container to an `overlay` network, Docker also
   117  connects a bridge network to it to provide external connectivity. If you want
   118  to create an externally isolated `overlay` network, you can specify the
   119  `--internal` option.
   120  
   121  ### Network ingress mode
   122  
   123  You can create the network which will be used to provide the routing-mesh in the
   124  swarm cluster. You do so by specifying `--ingress` when creating the network. Only
   125  one ingress network can be created at the time. The network can be removed only
   126  if no services depend on it. Any option available when creating an overlay network
   127  is also available when creating the ingress network, besides the `--attachable` option.
   128  
   129  ```bash
   130  $ docker network create -d overlay \
   131    --subnet=10.11.0.0/16 \
   132    --ingress \
   133    --opt com.docker.network.mtu=9216 \
   134    --opt encrypted=true \
   135    my-ingress-network
   136  ```
   137  
   138  ### Run services on predefined networks
   139  
   140  You can create services on the predefined docker networks `bridge` and `host`.
   141  
   142  ```bash
   143  $ docker service create --name my-service \
   144    --network host \
   145    --replicas 2 \
   146    busybox top
   147  ```
   148  
   149  ### Swarm networks with local scope drivers
   150  
   151  You can create a swarm network with local scope network drivers. You do so
   152  by promoting the network scope to `swarm` during the creation of the network. 
   153  You will then be able to use this network when creating services. 
   154  
   155  ```bash
   156  $ docker network create -d bridge \
   157    --scope swarm \
   158    --attachable \
   159    swarm-network
   160  ```
   161  
   162  For network drivers which provide connectivity across hosts (ex. macvlan), if
   163  node specific configurations are needed in order to plumb the network on each
   164  host, you will supply that configuration via a configuration only network.
   165  When you create the swarm scoped network, you will then specify the name of the 
   166  network which contains the configuration.
   167  
   168  
   169  ```bash
   170  node1$ docker network create --config-only --subnet 192.168.100.0/24 --gateway 192.168.100.115 mv-config
   171  node2$ docker network create --config-only --subnet 192.168.200.0/24 --gateway 192.168.200.202 mv-config
   172  node1$ docker network create -d macvlan --scope swarm --config-from mv-config --attachable swarm-network
   173  ```
   174  
   175  
   176  
   177