Understanding the Relationship Between `docker0` and `eth0`

Docker and containers have become integral parts of modern software development and deployment processes. Networking within Docker containers often confuses many newcomers, particularly regarding `docker0` and `eth0`. This article aims to clarify their roles and relation, using technical explanations and examples.

What is `docker0`?

`docker0` is the default bridge network created by Docker on the host system when Docker is installed. It acts as a virtual network that connects all Docker containers on a given host, enabling communication between them.

• Bridge Networking: In computer networking, a bridge works at the data link layer to connect different networks. The `docker0` bridge connects container traffic on the same host.
• IP Address Assignment: By default, Docker assigns an IP range to the `docker0` network (often `172.17.0.0/16`), which provides IP addresses to containers. This range is configurable.
• Automatic Docker Creation: The `docker0` bridge is automatically created by the Docker service using Linux's network bridging capabilities, bridging between the physical network interface and the virtual interfaces of containers.

What is `eth0`?

`eth0` is typically the default network interface on a Linux-based system. Most computers use this network interface to connect to a network over Ethernet. When the Docker daemon runs, containers may automatically have an `eth0` interface but this `eth0` is different from the host's `eth0`.

• Container Network Interface: Each Docker container is provisioned with an `eth0` interface. This interface connects to the `docker0` bridge, allowing the container to utilize the network connected through `docker0`.
• Separate from Host's `eth0`: While a host's `eth0` represents a real hardware network interface, a container's `eth0` is a virtual network interface.

How `docker0` and `eth0` Work Together

When a container is started, Docker does the following:

1. Creates a Virtual Ethernet Link: Each container connects to `docker0` through a pair of virtual Ethernet devices (veth). One end is placed inside the container (as `eth0`), and the other is attached to the `docker0` bridge.
2. Assigns Network Parameters: Docker assigns an IP address from the `docker0` pool to the container's `eth0` interface, allowing the container to communicate over the network.
3. IP Masquerading: Docker configures the Linux host to perform Network Address Translation (NAT) for any outgoing traffic from containers, making it appear as though it’s coming from the host's IP.

Example

Here's a practical example showing how Docker assigns and bridges network interfaces:

1. Start a container with Docker: