When the Docker service starts, it will first automatically create a docker0 virtual bridge on the host, which is actually a Linux bridge. The bridge can be understood as a software switch, responsible for packet forwarding between the interfaces mounted on it.
At the same time, Docker randomly assigns an address in a locally unoccupied private network segment (defined in RFC1918) to the docker0 interface. For example, the typical network segment 172.17.0.0/16, the mask is 255.255.0.0. The network port in the container that is started afterwards will also be automatically assigned an address for that network segment.
When creating a Docker container, a pair of veth pair interconnection interfaces will be created at the same time. When sending a packet to any interface, the other interface automatically receives the same packet. One end of the interconnection interface is located in the container, namely eth0; the other end is locally mounted on the docker0 bridge, and the name starts with veth (for example, vethAQI2QT). In this way, the host can communicate with the container, and the containers can also communicate with each other. In this way, Docker creates a virtual shared network between the host and all containers.
As shown below:
