Docker Host Networking
Host networking removes network isolation between container and host.
When to Use Host Networking
| Use Case |
Reason |
| Performance-critical apps |
Zero network overhead |
| Network monitoring tools |
Access all host interfaces |
| Legacy applications |
Expect specific ports |
| Development/debugging |
Simplify network access |
Basic Usage
# Run with host networking
docker run --network host nginx
# Container sees host's network interfaces
docker run --network host alpine ip addr
Implications
What Changes
# Port mapping is ignored with host network
docker run --network host -p 8080:80 nginx # -p is ignored
# Container uses host's localhost
docker run --network host alpine curl localhost:80
Security Considerations
- Container can access all host network interfaces
- No port isolation
- Container can bind to any port
- Not recommended for untrusted workloads
Docker Compose
version: '3.8'
services:
app:
image: myapp
network_mode: host
# ports: ignored with host mode
| Mode |
Latency |
Throughput |
Isolation |
| Host |
Lowest |
Highest |
None |
| Bridge |
Low |
High |
Full |
| Overlay |
Medium |
Medium |
Full |
Limitations
# Host networking only works on Linux
# On macOS/Windows, containers run in a VM
# so "host" refers to the VM, not your machine
Monitoring with Host Mode
# Perfect for network monitoring tools
docker run --network host \
-v /var/run/docker.sock:/var/run/docker.sock \
nicolaka/netshoot
# Access Prometheus node exporter
docker run --network host prom/node-exporter
Best Practices
| Practice |
Recommendation |
| Use sparingly |
Only when isolation not needed |
| Document ports |
Container uses host ports directly |
| Security review |
Understand exposure implications |
| Linux only |
Behavior differs on macOS/Windows |
intermediate | Networking | Updated 2025-01-15
- docker
- host network
- networking
- performance
- containers