Networking

Comprehensive Podman networking configuration, custom networks, connectivity options, and network troubleshooting.

Network Basics

Default Networking

# Default bridge network
podman run -d nginx                    # Uses default bridge
podman run -d --network=bridge nginx  # Explicit bridge network

# List networks
podman network ls
podman network ls --format table

# Inspect default network
podman network inspect podman

Network Types

# Bridge network (default)
podman run -d --network=bridge nginx

# Host network (share host networking)
podman run -d --network=host nginx

# No networking
podman run -d --network=none alpine

# Container network (share with another container)
podman run -d --name web nginx
podman run -d --network=container:web alpine

Custom Networks

Creating Networks

# Create bridge network
podman network create mynet

# Create with specific subnet
podman network create --subnet=192.168.100.0/24 customnet

# Create with gateway
podman network create \
  --subnet=192.168.100.0/24 \
  --gateway=192.168.100.1 \
  gatewaynet

# Create with DNS
podman network create \
  --subnet=10.0.0.0/24 \
  --dns=8.8.8.8 \
  --dns=8.8.4.4 \
  dnsnet

# Create internal network (no external access)
podman network create --internal privatenet

Network Configuration Options

# Create network with custom options
podman network create \
  --subnet=172.20.0.0/16 \
  --gateway=172.20.0.1 \
  --ip-range=172.20.240.0/20 \
  --driver=bridge \
  --opt com.docker.network.bridge.name=custom-bridge \
  --opt com.docker.network.driver.mtu=1500 \
  production-net

# Create network with IPv6
podman network create \
  --subnet=fd00::/64 \
  --ipv6 \
  ipv6net

# Create macvlan network
podman network create \
  --driver=macvlan \
  --subnet=192.168.1.0/24 \
  --gateway=192.168.1.1 \
  --opt parent=eth0 \
  macvlan-net

Container Networking

Basic Network Usage

# Run container on custom network
podman run -d --network=mynet nginx

# Connect container to multiple networks
podman run -d --name web nginx
podman network connect mynet web
podman network connect privatenet web

# Disconnect from network
podman network disconnect mynet web

# Run with specific IP
podman run -d --network=mynet --ip=192.168.100.10 nginx

Port Publishing

# Publish single port
podman run -d -p 8080:80 nginx

# Publish to specific interface
podman run -d -p 127.0.0.1:8080:80 nginx
podman run -d -p 192.168.1.100:8080:80 nginx

# Publish multiple ports
podman run -d -p 80:80 -p 443:443 nginx

# Publish all exposed ports
podman run -d -P nginx

# Publish UDP port
podman run -d -p 53:53/udp dnsmasq

# Port ranges
podman run -d -p 8080-8090:8080-8090 myapp

Network Aliases

# Set hostname
podman run -d --hostname=webserver nginx

# Network aliases
podman run -d --network=mynet --network-alias=web nginx
podman run -d --network=mynet --network-alias=api node-app

# Multiple aliases
podman run -d --network=mynet \
  --network-alias=web \
  --network-alias=frontend \
  --network-alias=nginx \
  nginx

Pod Networking

# Create pod with port mapping
podman pod create --name webapp -p 8080:80

# Containers in pod share network
podman run -d --pod webapp --name web nginx
podman run -d --pod webapp --name api node-app

# Internal communication via localhost
podman exec web curl localhost:3000  # Reaches api container

Pod Custom Networks

# Create pod on custom network
podman pod create --name services --network=mynet

# Pod with multiple networks
podman pod create --name multi-net
podman pod create --network=frontend-net --name multi-net
podman pod create --network=backend-net --name multi-net

DNS and Service Discovery

DNS Configuration

# Custom DNS servers
podman run -d --dns=8.8.8.8 --dns=8.8.4.4 alpine

# DNS search domains
podman run -d --dns-search=company.com alpine

# DNS options
podman run -d --dns-opt=ndots:2 alpine

# Custom hosts
podman run -d --add-host=api:192.168.1.100 alpine

Service Discovery

# Containers can resolve each other by name on custom networks
podman network create appnet

# Start database with name
podman run -d --network=appnet --name database postgres

# App can connect to 'database' by name
podman run -d --network=appnet \
  -e DATABASE_HOST=database \
  myapp

# Test connectivity
podman run --rm --network=appnet alpine \
  nslookup database

Advanced Networking

Network Drivers

# Bridge driver (default)
podman network create --driver=bridge bridgenet

# Macvlan driver
podman network create \
  --driver=macvlan \
  --opt parent=eth0 \
  macvlannet

# None driver
podman network create --driver=null nullnet

# Host driver
podman run --network=host nginx

Network Namespaces

# Create container with custom namespace
podman run -d --userns=keep-id nginx

# Share network namespace with host
podman run -d --network=host nginx

# Share with another container
podman run -d --name primary nginx
podman run -d --network=container:primary alpine

Firewall and Security

# Create isolated network
podman network create --internal secure-net

# No external connectivity
podman run -d --network=secure-net alpine

# Custom iptables rules (advanced)
podman network create \
  --opt com.docker.network.bridge.enable_icc=false \
  isolated-bridge

Network Troubleshooting

Connectivity Testing

# Test container connectivity
podman exec container_name ping google.com
podman exec container_name curl http://example.com

# Test internal connectivity
podman exec web ping database
podman exec web telnet database 5432

# Check listening ports
podman exec container_name netstat -tulpn
podman exec container_name ss -tulpn

Network Inspection

# Inspect network
podman network inspect mynet
podman network inspect bridge

# Container network info
podman inspect container_name | grep -A 20 NetworkSettings

# Check container IP
podman inspect --format '{{.NetworkSettings.IPAddress}}' container_name

# List container networks
podman inspect --format '{{.NetworkSettings.Networks}}' container_name

Debugging Tools

# Network debugging container
podman run --rm -it --network=mynet nicolaka/netshoot

# Inside debugging container:
# nslookup service_name
# ping container_name
# curl http://container_name:port
# tcpdump -i eth0

# Quick network test
podman run --rm --network=mynet alpine \
  sh -c 'ping -c 3 8.8.8.8 && nslookup google.com'

Performance and Optimization

Network Performance

# Set MTU for better performance
podman network create \
  --opt com.docker.network.driver.mtu=9000 \
  jumbo-net

# Disable userland proxy for better performance
echo '{"userland-proxy": false}' | sudo tee /etc/containers/daemon.json

# Test network performance
podman run --rm -it --network=mynet \
  nicolaka/netshoot iperf3 -c target_host

Network Monitoring

# Monitor network traffic
podman run --rm -it --network=host \
  nicolaka/netshoot tcpdump -i any

# Container network stats
podman stats --format "table {{.Container}}\t{{.NetIO}}"

# Real-time network monitoring
podman run --rm -it --pid=host --network=host \
  nicolaka/netshoot iftop

Production Networking

Multi-tier Architecture

# Frontend network
podman network create frontend-net

# Backend network
podman network create backend-net

# Database network
podman network create database-net

# Web tier (public + frontend)
podman run -d --network=frontend-net -p 80:80 --name web nginx

# App tier (frontend + backend)
podman run -d --network=frontend-net --name app myapp
podman network connect backend-net app

# Database tier (backend only)
podman run -d --network=backend-net --name db postgres

Load Balancing Setup

# Create load balancer network
podman network create lb-net

# Backend application network
podman network create app-net

# Load balancer
podman run -d --network=lb-net -p 80:80 --name lb nginx

# Backend applications
for i in {1..3}; do
  podman run -d --network=app-net --name app$i myapp
done

# Connect load balancer to backend network
podman network connect app-net lb

Secure Network Configuration

# Create secure internal network
podman network create \
  --internal \
  --subnet=10.0.0.0/24 \
  secure-internal

# DMZ network
podman network create \
  --subnet=172.16.0.0/24 \
  dmz-net

# Web server in DMZ
podman run -d --network=dmz-net -p 80:80 nginx

# Database in secure internal network
podman run -d --network=secure-internal postgres

Network Automation

Network Scripting

#!/bin/bash
# setup-networks.sh

# Create application networks
podman network create --subnet=10.1.0.0/24 frontend
podman network create --subnet=10.2.0.0/24 backend
podman network create --subnet=10.3.0.0/24 database

# Deploy services
podman run -d --network=frontend --name web nginx
podman run -d --network=backend --name api myapi
podman run -d --network=database --name db postgres

# Connect services across networks
podman network connect backend web
podman network connect database api

echo "Network setup complete"
podman network ls

Network Cleanup

#!/bin/bash
# cleanup-networks.sh

# Stop all containers
podman stop $(podman ps -q)

# Remove all containers
podman rm $(podman ps -aq)

# Remove custom networks
podman network prune -f

# Remove unused networks
podman network ls --filter type=custom -q | xargs podman network rm

IPv6 Networking

IPv6 Configuration

# Enable IPv6 in daemon
echo '{"ipv6": true, "fixed-cidr-v6": "2001:db8:1::/64"}' | \
  sudo tee /etc/containers/daemon.json

# Create IPv6 network
podman network create \
  --ipv6 \
  --subnet=2001:db8::/64 \
  ipv6-net

# Run container with IPv6
podman run -d --network=ipv6-net nginx

# Test IPv6 connectivity
podman exec container_name ping6 2001:4860:4860::8888

Quick Reference

Essential Network Commands

# Network management
podman network ls
podman network create mynet
podman network rm mynet
podman network inspect mynet

# Container networking
podman run -d --network=mynet nginx
podman network connect mynet container
podman network disconnect mynet container

# Port publishing
podman run -d -p 8080:80 nginx
podman run -d --network=host nginx

Common Network Patterns

# Isolated application stack
podman network create appnet
podman run -d --network=appnet --name db postgres
podman run -d --network=appnet --name web nginx

# Multi-tier with port publishing
podman network create --internal backend
podman run -d --network=backend --name db postgres
podman run -d --network=backend -p 80:80 --name web nginx

# Service discovery
podman run -d --network=mynet --name api myapi
podman run -d --network=mynet \
  -e API_URL=http://api:3000 \
  frontend

Network Basics​

Default Networking​

Network Types​

Custom Networks​

Creating Networks​

Network Configuration Options​

Container Networking​

Basic Network Usage​

Port Publishing​

Network Aliases​

Pod Networking​

Pod Network Sharing​

Pod Custom Networks​

DNS and Service Discovery​

DNS Configuration​

Service Discovery​

Advanced Networking​

Network Drivers​

Network Namespaces​

Firewall and Security​

Network Troubleshooting​

Connectivity Testing​

Network Inspection​

Debugging Tools​

Performance and Optimization​

Network Performance​

Network Monitoring​

Production Networking​

Multi-tier Architecture​

Load Balancing Setup​

Secure Network Configuration​

Network Automation​

Network Scripting​

Network Cleanup​

IPv6 Networking​

IPv6 Configuration​

Quick Reference​

Essential Network Commands​

Common Network Patterns​

Network Basics

Default Networking

Network Types

Custom Networks

Creating Networks

Network Configuration Options

Container Networking

Basic Network Usage

Port Publishing

Network Aliases

Pod Networking

Pod Network Sharing

Pod Custom Networks

DNS and Service Discovery

DNS Configuration

Service Discovery

Advanced Networking

Network Drivers

Network Namespaces

Firewall and Security

Network Troubleshooting

Connectivity Testing

Network Inspection

Debugging Tools

Performance and Optimization

Network Performance

Network Monitoring

Production Networking

Multi-tier Architecture

Load Balancing Setup

Secure Network Configuration

Network Automation

Network Scripting

Network Cleanup

IPv6 Networking

IPv6 Configuration

Quick Reference

Essential Network Commands

Common Network Patterns