[{"data":1,"prerenderedAt":1583},["ShallowReactive",2],{"blog-ja-docker-networking-deep-dive":3,"blog-ja-docker-networking-deep-dive-alt":199},{"id":4,"title":5,"author":6,"body":7,"date":1570,"description":1571,"extension":1572,"image":167,"locale":1573,"meta":1574,"navigation":199,"path":1575,"seo":1576,"stem":1577,"tags":1578,"__hash__":1582},"blog\u002Fblog\u002Fja\u002Fdocker-networking-deep-dive.md","Docker ネットワーキング完全解説: bridge\u002Fhost\u002Foverlay の使い分け","Kubo Team",{"type":8,"value":9,"toc":1545},"minimark",[10,14,24,29,43,161,220,228,232,239,243,254,332,336,343,418,421,453,461,465,647,653,657,664,706,709,717,766,770,796,799,831,857,867,871,878,882,889,967,970,978,1028,1032,1035,1122,1126,1129,1172,1181,1184,1187,1268,1271,1422,1430,1434,1437,1490,1498,1502,1505,1522,1532,1541],[11,12,13],"p",{},"Docker コンテナのネットワーキングは、コンテナ間通信、ホストとの通信、外部ネットワークとの接続を制御する中核的な仕組みです。bridge・host・overlay という 3 つの主要ネットワークドライバーはそれぞれ異なる特性を持ち、ユースケースに応じた適切な選択がアプリケーションのパフォーマンスとセキュリティを左右します。",[11,15,16,23],{},[17,18,22],"a",{"href":19,"rel":20},"https:\u002F\u002Fkubo.hexabase.io\u002F",[21],"nofollow","Kubo"," では、Kubernetes 上でのコンテナネットワーキングを提供していますが、Docker レベルのネットワーク理解は Kubernetes ネットワーキングの土台となります。本記事では、各ネットワークモードの仕組みから実践的な使い分けまで、深く掘り下げて解説します。",[25,26,28],"h2",{"id":27},"docker-ネットワークの基本アーキテクチャ","Docker ネットワークの基本アーキテクチャ",[11,30,31,32,36,37,42],{},"Docker のネットワーキングは ",[33,34,35],"strong",{},"libnetwork"," ライブラリを通じて実装され、プラガブルなドライバーモデルを採用しています。",[17,38,41],{"href":39,"rel":40},"https:\u002F\u002Fdocs.docker.com\u002Fengine\u002Fnetwork\u002Fdrivers\u002Foverlay\u002F",[21],"Docker 公式ドキュメント","では、5 つのネットワークドライバーが紹介されています。",[44,45,46,68],"table",{},[47,48,49],"thead",{},[50,51,52,56,59,62,65],"tr",{},[53,54,55],"th",{},"ドライバー",[53,57,58],{},"スコープ",[53,60,61],{},"分離性",[53,63,64],{},"パフォーマンス",[53,66,67],{},"主な用途",[69,70,71,91,109,127,143],"tbody",{},[50,72,73,79,82,85,88],{},[74,75,76],"td",{},[33,77,78],{},"bridge",[74,80,81],{},"単一ホスト",[74,83,84],{},"高",[74,86,87],{},"中",[74,89,90],{},"デフォルト、一般的なコンテナ間通信",[50,92,93,98,100,103,106],{},[74,94,95],{},[33,96,97],{},"host",[74,99,81],{},[74,101,102],{},"なし",[74,104,105],{},"最高",[74,107,108],{},"高パフォーマンスが必要な場面",[50,110,111,116,119,121,124],{},[74,112,113],{},[33,114,115],{},"overlay",[74,117,118],{},"マルチホスト",[74,120,84],{},[74,122,123],{},"中〜低",[74,125,126],{},"Docker Swarm \u002F クラスタ間通信",[50,128,129,134,136,138,140],{},[74,130,131],{},[33,132,133],{},"macvlan",[74,135,81],{},[74,137,84],{},[74,139,84],{},[74,141,142],{},"物理ネットワーク直接接続",[50,144,145,150,153,156,158],{},[74,146,147],{},[33,148,149],{},"none",[74,151,152],{},"-",[74,154,155],{},"完全分離",[74,157,152],{},[74,159,160],{},"セキュリティ重視のコンテナ",[162,163,168],"pre",{"className":164,"code":165,"language":166,"meta":167,"style":167},"language-bash shiki shiki-themes tokyo-night","# 利用可能なネットワークの一覧\ndocker network ls\n\n# ネットワークの詳細情報\ndocker network inspect bridge\n","bash","",[169,170,171,180,194,201,207],"code",{"__ignoreMap":167},[172,173,176],"span",{"class":174,"line":175},"line",1,[172,177,179],{"class":178},"sbD-w","# 利用可能なネットワークの一覧\n",[172,181,183,187,191],{"class":174,"line":182},2,[172,184,186],{"class":185},"sE3pS","docker",[172,188,190],{"class":189},"sPY7s"," network",[172,192,193],{"class":189}," ls\n",[172,195,197],{"class":174,"line":196},3,[172,198,200],{"emptyLinePlaceholder":199},true,"\n",[172,202,204],{"class":174,"line":203},4,[172,205,206],{"class":178},"# ネットワークの詳細情報\n",[172,208,210,212,214,217],{"class":174,"line":209},5,[172,211,186],{"class":185},[172,213,190],{"class":189},[172,215,216],{"class":189}," inspect",[172,218,219],{"class":189}," bridge\n",[11,221,222,227],{},[17,223,226],{"href":224,"rel":225},"https:\u002F\u002Fwww.hexabase.com\u002Fproduct\u002Fcaptain-ai\u002F",[21],"Captain.AI"," は、アプリケーションの要件を分析し、最適なネットワーク構成を自動提案します。",[25,229,231],{"id":230},"bridge-ネットワーク-デフォルトの選択","Bridge ネットワーク: デフォルトの選択",[11,233,234,235,238],{},"Bridge は Docker のデフォルトネットワークドライバーで、",[33,236,237],{},"単一ホスト上のコンテナ間通信","に最も広く使用されています。",[240,241,242],"h3",{"id":242},"仕組み",[11,244,245,246,249,250,253],{},"Docker は ",[169,247,248],{},"docker0"," という仮想ブリッジインターフェースを作成し、コンテナはこのブリッジを通じて通信します。各コンテナは ",[169,251,252],{},"172.17.0.0\u002F16"," サブネットからプライベート IP アドレスが割り当てられます。",[162,255,257],{"className":164,"code":256,"language":166,"meta":167,"style":167},"# デフォルト bridge ネットワークでコンテナを起動\ndocker run -d --name web nginx\ndocker run -d --name api node:20-alpine\n\n# IP アドレスの確認\ndocker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' web\n",[169,258,259,264,284,300,304,309],{"__ignoreMap":167},[172,260,261],{"class":174,"line":175},[172,262,263],{"class":178},"# デフォルト bridge ネットワークでコンテナを起動\n",[172,265,266,268,271,275,278,281],{"class":174,"line":182},[172,267,186],{"class":185},[172,269,270],{"class":189}," run",[172,272,274],{"class":273},"sT800"," -d",[172,276,277],{"class":273}," --name",[172,279,280],{"class":189}," web",[172,282,283],{"class":189}," nginx\n",[172,285,286,288,290,292,294,297],{"class":174,"line":196},[172,287,186],{"class":185},[172,289,270],{"class":189},[172,291,274],{"class":273},[172,293,277],{"class":273},[172,295,296],{"class":189}," api",[172,298,299],{"class":189}," node:20-alpine\n",[172,301,302],{"class":174,"line":203},[172,303,200],{"emptyLinePlaceholder":199},[172,305,306],{"class":174,"line":209},[172,307,308],{"class":178},"# IP アドレスの確認\n",[172,310,312,314,316,319,323,326,329],{"class":174,"line":311},6,[172,313,186],{"class":185},[172,315,216],{"class":189},[172,317,318],{"class":273}," -f",[172,320,322],{"class":321},"sAklC"," '",[172,324,325],{"class":189},"{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}",[172,327,328],{"class":321},"'",[172,330,331],{"class":189}," web\n",[240,333,335],{"id":334},"ユーザー定義-bridge-ネットワーク","ユーザー定義 Bridge ネットワーク",[11,337,338,339,342],{},"デフォルトの bridge ではなく、",[33,340,341],{},"ユーザー定義 bridge ネットワーク","の使用が強く推奨されます。",[162,344,346],{"className":164,"code":345,"language":166,"meta":167,"style":167},"# ユーザー定義ネットワークの作成\ndocker network create --driver bridge myapp-network\n\n# ネットワークに接続してコンテナを起動\ndocker run -d --name web --network myapp-network nginx\ndocker run -d --name api --network myapp-network node:20-alpine\n",[169,347,348,353,371,375,380,400],{"__ignoreMap":167},[172,349,350],{"class":174,"line":175},[172,351,352],{"class":178},"# ユーザー定義ネットワークの作成\n",[172,354,355,357,359,362,365,368],{"class":174,"line":182},[172,356,186],{"class":185},[172,358,190],{"class":189},[172,360,361],{"class":189}," create",[172,363,364],{"class":273}," --driver",[172,366,367],{"class":189}," bridge",[172,369,370],{"class":189}," myapp-network\n",[172,372,373],{"class":174,"line":196},[172,374,200],{"emptyLinePlaceholder":199},[172,376,377],{"class":174,"line":203},[172,378,379],{"class":178},"# ネットワークに接続してコンテナを起動\n",[172,381,382,384,386,388,390,392,395,398],{"class":174,"line":209},[172,383,186],{"class":185},[172,385,270],{"class":189},[172,387,274],{"class":273},[172,389,277],{"class":273},[172,391,280],{"class":189},[172,393,394],{"class":273}," --network",[172,396,397],{"class":189}," myapp-network",[172,399,283],{"class":189},[172,401,402,404,406,408,410,412,414,416],{"class":174,"line":311},[172,403,186],{"class":185},[172,405,270],{"class":189},[172,407,274],{"class":273},[172,409,277],{"class":273},[172,411,296],{"class":189},[172,413,394],{"class":273},[172,415,397],{"class":189},[172,417,299],{"class":189},[11,419,420],{},"ユーザー定義 bridge の利点:",[422,423,424,435,441,447],"ul",{},[425,426,427,430,431,434],"li",{},[33,428,429],{},"dns によるサービスディスカバリ",": コンテナ名で通信可能（",[169,432,433],{},"http:--api:3000","）",[425,436,437,440],{},[33,438,439],{},"自動 DNS 解決",": デフォルト bridge では IP アドレスでの通信が必要",[425,442,443,446],{},[33,444,445],{},"ネットワーク分離",": 異なるネットワークのコンテナ間通信を遮断",[425,448,449,452],{},[33,450,451],{},"動的接続・切断",": 実行中のコンテナのネットワーク変更が可能",[11,454,455,460],{},[17,456,459],{"href":457,"rel":458},"https:\u002F\u002Fdev.to\u002Fcaffinecoder54\u002Fdocker-networking-deep-dive-understanding-bridge-host-and-overlay-networks-1kac",[21],"DEV Community の Docker ネットワーク解説","では、ユーザー定義 bridge をすべてのプロジェクトの標準として推奨しています。",[240,462,464],{"id":463},"docker-compose-での-bridge-ネットワーク","Docker Compose での Bridge ネットワーク",[162,466,470],{"className":467,"code":468,"language":469,"meta":167,"style":167},"language-yaml shiki shiki-themes tokyo-night","services:\n  web:\n    image: nginx\n    networks:\n      - frontend\n  api:\n    image: node:20-alpine\n    networks:\n      - frontend\n      - backend\n  db:\n    image: postgres:16\n    networks:\n      - backend\n\nnetworks:\n  frontend:\n    driver: bridge\n  backend:\n    driver: bridge\n    internal: true  # 外部アクセスを遮断\n","yaml",[169,471,472,481,488,498,505,514,521,530,537,544,552,560,570,577,584,589,597,605,615,623,632],{"__ignoreMap":167},[172,473,474,478],{"class":174,"line":175},[172,475,477],{"class":476},"s0U2E","services",[172,479,480],{"class":321},":\n",[172,482,483,486],{"class":174,"line":182},[172,484,485],{"class":476},"  web",[172,487,480],{"class":321},[172,489,490,493,496],{"class":174,"line":196},[172,491,492],{"class":476},"    image",[172,494,495],{"class":321},":",[172,497,283],{"class":189},[172,499,500,503],{"class":174,"line":203},[172,501,502],{"class":476},"    networks",[172,504,480],{"class":321},[172,506,507,511],{"class":174,"line":209},[172,508,510],{"class":509},"sgJMe","      -",[172,512,513],{"class":189}," frontend\n",[172,515,516,519],{"class":174,"line":311},[172,517,518],{"class":476},"  api",[172,520,480],{"class":321},[172,522,524,526,528],{"class":174,"line":523},7,[172,525,492],{"class":476},[172,527,495],{"class":321},[172,529,299],{"class":189},[172,531,533,535],{"class":174,"line":532},8,[172,534,502],{"class":476},[172,536,480],{"class":321},[172,538,540,542],{"class":174,"line":539},9,[172,541,510],{"class":509},[172,543,513],{"class":189},[172,545,547,549],{"class":174,"line":546},10,[172,548,510],{"class":509},[172,550,551],{"class":189}," backend\n",[172,553,555,558],{"class":174,"line":554},11,[172,556,557],{"class":476},"  db",[172,559,480],{"class":321},[172,561,563,565,567],{"class":174,"line":562},12,[172,564,492],{"class":476},[172,566,495],{"class":321},[172,568,569],{"class":189}," postgres:16\n",[172,571,573,575],{"class":174,"line":572},13,[172,574,502],{"class":476},[172,576,480],{"class":321},[172,578,580,582],{"class":174,"line":579},14,[172,581,510],{"class":509},[172,583,551],{"class":189},[172,585,587],{"class":174,"line":586},15,[172,588,200],{"emptyLinePlaceholder":199},[172,590,592,595],{"class":174,"line":591},16,[172,593,594],{"class":476},"networks",[172,596,480],{"class":321},[172,598,600,603],{"class":174,"line":599},17,[172,601,602],{"class":476},"  frontend",[172,604,480],{"class":321},[172,606,608,611,613],{"class":174,"line":607},18,[172,609,610],{"class":476},"    driver",[172,612,495],{"class":321},[172,614,219],{"class":189},[172,616,618,621],{"class":174,"line":617},19,[172,619,620],{"class":476},"  backend",[172,622,480],{"class":321},[172,624,626,628,630],{"class":174,"line":625},20,[172,627,610],{"class":476},[172,629,495],{"class":321},[172,631,219],{"class":189},[172,633,635,638,640,644],{"class":174,"line":634},21,[172,636,637],{"class":476},"    internal",[172,639,495],{"class":321},[172,641,643],{"class":642},"sOJ5S"," true",[172,645,646],{"class":178},"  # 外部アクセスを遮断\n",[11,648,649,652],{},[169,650,651],{},"internal: true"," を設定すると、そのネットワーク内のコンテナは外部ネットワーク（インターネット）にアクセスできなくなります。データベースのような内部サービスに有効です。",[25,654,656],{"id":655},"host-ネットワーク-最大パフォーマンス","Host ネットワーク: 最大パフォーマンス",[11,658,659,660,663],{},"Host モードでは、コンテナはホストマシンのネットワーク名前空間を",[33,661,662],{},"直接共有","します。コンテナ独自の IP アドレスは割り当てられず、ホストのネットワークインターフェースとポートを直接使用します。",[162,665,667],{"className":164,"code":666,"language":166,"meta":167,"style":167},"# Host ネットワークでコンテナを起動\ndocker run -d --network host nginx\n\n# ホストの 80 番ポートに直接バインドされる\ncurl http:\u002F\u002Flocalhost:80\n",[169,668,669,674,689,693,698],{"__ignoreMap":167},[172,670,671],{"class":174,"line":175},[172,672,673],{"class":178},"# Host ネットワークでコンテナを起動\n",[172,675,676,678,680,682,684,687],{"class":174,"line":182},[172,677,186],{"class":185},[172,679,270],{"class":189},[172,681,274],{"class":273},[172,683,394],{"class":273},[172,685,686],{"class":189}," host",[172,688,283],{"class":189},[172,690,691],{"class":174,"line":196},[172,692,200],{"emptyLinePlaceholder":199},[172,694,695],{"class":174,"line":203},[172,696,697],{"class":178},"# ホストの 80 番ポートに直接バインドされる\n",[172,699,700,703],{"class":174,"line":209},[172,701,702],{"class":185},"curl",[172,704,705],{"class":189}," http:\u002F\u002Flocalhost:80\n",[240,707,708],{"id":708},"パフォーマンス特性",[11,710,711,716],{},[17,712,715],{"href":713,"rel":714},"https:\u002F\u002Feastondev.com\u002Fblog\u002Fen\u002Fposts\u002Fdev\u002F20251217-docker-network-modes\u002F",[21],"BetterLink のベンチマーク記事","によると、Host ネットワークは以下のパフォーマンスを達成します:",[44,718,719,732],{},[47,720,721],{},[50,722,723,726,729],{},[53,724,725],{},"メトリクス",[53,727,728],{},"Bridge",[53,730,731],{},"Host",[69,733,734,745,756],{},[50,735,736,739,742],{},[74,737,738],{},"スループット",[74,740,741],{},"~20 Gbps",[74,743,744],{},"~40 Gbps",[50,746,747,750,753],{},[74,748,749],{},"レイテンシ",[74,751,752],{},"~50μs",[74,754,755],{},"~0μs",[50,757,758,761,763],{},[74,759,760],{},"CPU オーバーヘッド",[74,762,87],{},[74,764,765],{},"最小",[240,767,769],{"id":768},"host-モードの適切な用途","Host モードの適切な用途",[422,771,772,778,784,790],{},[425,773,774,777],{},[33,775,776],{},"高頻度ネットワーク i-o",": リアルタイム処理、ストリーミング",[425,779,780,783],{},[33,781,782],{},"モニタリングツール",": Prometheus Node Exporter など",[425,785,786,789],{},[33,787,788],{},"ネットワークパフォーマンステスト",": iperf3 など",[425,791,792,795],{},[33,793,794],{},"レガシーアプリケーション",": 特定ポートへの直接バインドが必要なもの",[240,797,798],{"id":798},"制約と注意点",[162,800,802],{"className":164,"code":801,"language":166,"meta":167,"style":167},"# Host モードではポートマッピングは無効（-p フラグは無視される）\ndocker run --network host -p 8080:80 nginx  # -p は無視される\n",[169,803,804,809],{"__ignoreMap":167},[172,805,806],{"class":174,"line":175},[172,807,808],{"class":178},"# Host モードではポートマッピングは無効（-p フラグは無視される）\n",[172,810,811,813,815,817,819,822,825,828],{"class":174,"line":182},[172,812,186],{"class":185},[172,814,270],{"class":189},[172,816,394],{"class":273},[172,818,686],{"class":189},[172,820,821],{"class":273}," -p",[172,823,824],{"class":189}," 8080:80",[172,826,827],{"class":189}," nginx",[172,829,830],{"class":178},"  # -p は無視される\n",[422,832,833,839,845,851],{},[425,834,835,838],{},[33,836,837],{},"ポート競合",": 複数コンテナが同じポートを使用できない",[425,840,841,844],{},[33,842,843],{},"分離性なし",": コンテナがホストの全ネットワークにアクセス可能",[425,846,847,850],{},[33,848,849],{},"セキュリティリスク",": ネットワーク分離がないため攻撃対象領域が拡大",[425,852,853,856],{},[33,854,855],{},"Linux のみ",": macOS・Windows の Docker Desktop では動作が異なる",[11,858,859,862,863,866],{},[17,860,22],{"href":19,"rel":861},[21]," の Kubernetes 環境では、",[169,864,865],{},"hostNetwork: true"," の使用は特別な理由がない限り非推奨としています。",[25,868,870],{"id":869},"overlay-ネットワーク-マルチホスト通信","Overlay ネットワーク: マルチホスト通信",[11,872,873,874,877],{},"Overlay ネットワークは、",[33,875,876],{},"複数の Docker ホスト間でコンテナが通信","するための分散ネットワークです。Docker Swarm モードで主に使用されます。",[240,879,881],{"id":880},"vxlan-による実装","VXLAN による実装",[11,883,884,885,888],{},"Overlay ネットワークは ",[33,886,887],{},"VXLAN（Virtual Extensible LAN）"," 技術を使用して実装されています。VXLAN はコンテナの Layer 2 フレームをホスト間の IP\u002FUDP パケットにカプセル化し、物理ネットワークの上に仮想的なオーバーレイネットワークを構築します。",[162,890,892],{"className":164,"code":891,"language":166,"meta":167,"style":167},"# Docker Swarm の初期化\ndocker swarm init\n\n# Overlay ネットワークの作成\ndocker network create --driver overlay --attachable myapp-overlay\n\n# 暗号化を有効化（IPsec）\ndocker network create --driver overlay --opt encrypted myapp-secure\n",[169,893,894,899,909,913,918,937,941,946],{"__ignoreMap":167},[172,895,896],{"class":174,"line":175},[172,897,898],{"class":178},"# Docker Swarm の初期化\n",[172,900,901,903,906],{"class":174,"line":182},[172,902,186],{"class":185},[172,904,905],{"class":189}," swarm",[172,907,908],{"class":189}," init\n",[172,910,911],{"class":174,"line":196},[172,912,200],{"emptyLinePlaceholder":199},[172,914,915],{"class":174,"line":203},[172,916,917],{"class":178},"# Overlay ネットワークの作成\n",[172,919,920,922,924,926,928,931,934],{"class":174,"line":209},[172,921,186],{"class":185},[172,923,190],{"class":189},[172,925,361],{"class":189},[172,927,364],{"class":273},[172,929,930],{"class":189}," overlay",[172,932,933],{"class":273}," --attachable",[172,935,936],{"class":189}," myapp-overlay\n",[172,938,939],{"class":174,"line":311},[172,940,200],{"emptyLinePlaceholder":199},[172,942,943],{"class":174,"line":523},[172,944,945],{"class":178},"# 暗号化を有効化（IPsec）\n",[172,947,948,950,952,954,956,958,961,964],{"class":174,"line":532},[172,949,186],{"class":185},[172,951,190],{"class":189},[172,953,361],{"class":189},[172,955,364],{"class":273},[172,957,930],{"class":189},[172,959,960],{"class":273}," --opt",[172,962,963],{"class":189}," encrypted",[172,965,966],{"class":189}," myapp-secure\n",[240,968,969],{"id":969},"必要なポート",[11,971,972,977],{},[17,973,976],{"href":974,"rel":975},"https:\u002F\u002Fdocs.docker.com\u002Fengine\u002Fswarm\u002Fnetworking\u002F",[21],"Docker 公式の Swarm ネットワーク解説","によると、Overlay ネットワークには以下のポートが必要です:",[44,979,980,993],{},[47,981,982],{},[50,983,984,987,990],{},[53,985,986],{},"ポート",[53,988,989],{},"プロトコル",[53,991,992],{},"用途",[69,994,995,1006,1017],{},[50,996,997,1000,1003],{},[74,998,999],{},"2377",[74,1001,1002],{},"TCP",[74,1004,1005],{},"Swarm クラスタ管理",[50,1007,1008,1011,1014],{},[74,1009,1010],{},"7946",[74,1012,1013],{},"TCP\u002FUDP",[74,1015,1016],{},"コンテナネットワークディスカバリ",[50,1018,1019,1022,1025],{},[74,1020,1021],{},"4789",[74,1023,1024],{},"UDP",[74,1026,1027],{},"VXLAN データパス",[240,1029,1031],{"id":1030},"サービスディスカバリと-dns","サービスディスカバリと DNS",[11,1033,1034],{},"Docker Swarm はサービスに**仮想 IP（VIP）**を自動的に割り当て、DNS エントリを登録します。他のサービスはハードコードされた IP アドレスなしで名前で参照できます。",[162,1036,1038],{"className":164,"code":1037,"language":166,"meta":167,"style":167},"# Swarm サービスの作成\ndocker service create --name web --network myapp-overlay \\\n  --replicas 3 nginx\n\ndocker service create --name api --network myapp-overlay \\\n  --replicas 2 myapp:latest\n\n# api サービスから web サービスへのアクセス\n# curl http:\u002F\u002Fweb:80 (VIP による自動ロードバランス)\n",[169,1039,1040,1045,1066,1076,1080,1098,1108,1112,1117],{"__ignoreMap":167},[172,1041,1042],{"class":174,"line":175},[172,1043,1044],{"class":178},"# Swarm サービスの作成\n",[172,1046,1047,1049,1052,1054,1056,1058,1060,1063],{"class":174,"line":182},[172,1048,186],{"class":185},[172,1050,1051],{"class":189}," service",[172,1053,361],{"class":189},[172,1055,277],{"class":273},[172,1057,280],{"class":189},[172,1059,394],{"class":273},[172,1061,1062],{"class":189}," myapp-overlay",[172,1064,1065],{"class":321}," \\\n",[172,1067,1068,1071,1074],{"class":174,"line":196},[172,1069,1070],{"class":273},"  --replicas",[172,1072,1073],{"class":642}," 3",[172,1075,283],{"class":189},[172,1077,1078],{"class":174,"line":203},[172,1079,200],{"emptyLinePlaceholder":199},[172,1081,1082,1084,1086,1088,1090,1092,1094,1096],{"class":174,"line":209},[172,1083,186],{"class":185},[172,1085,1051],{"class":189},[172,1087,361],{"class":189},[172,1089,277],{"class":273},[172,1091,296],{"class":189},[172,1093,394],{"class":273},[172,1095,1062],{"class":189},[172,1097,1065],{"class":321},[172,1099,1100,1102,1105],{"class":174,"line":311},[172,1101,1070],{"class":273},[172,1103,1104],{"class":642}," 2",[172,1106,1107],{"class":189}," myapp:latest\n",[172,1109,1110],{"class":174,"line":523},[172,1111,200],{"emptyLinePlaceholder":199},[172,1113,1114],{"class":174,"line":532},[172,1115,1116],{"class":178},"# api サービスから web サービスへのアクセス\n",[172,1118,1119],{"class":174,"line":539},[172,1120,1121],{"class":178},"# curl http:\u002F\u002Fweb:80 (VIP による自動ロードバランス)\n",[240,1123,1125],{"id":1124},"dns-ラウンドロビンdnsrr","DNS ラウンドロビン（DNSRR）",[11,1127,1128],{},"VIP ベースのロードバランシングに加え、DNS ラウンドロビンモードも選択できます:",[162,1130,1132],{"className":164,"code":1131,"language":166,"meta":167,"style":167},"docker service create --name web \\\n  --endpoint-mode dnsrr \\\n  --network myapp-overlay \\\n  nginx\n",[169,1133,1134,1148,1158,1167],{"__ignoreMap":167},[172,1135,1136,1138,1140,1142,1144,1146],{"class":174,"line":175},[172,1137,186],{"class":185},[172,1139,1051],{"class":189},[172,1141,361],{"class":189},[172,1143,277],{"class":273},[172,1145,280],{"class":189},[172,1147,1065],{"class":321},[172,1149,1150,1153,1156],{"class":174,"line":182},[172,1151,1152],{"class":273},"  --endpoint-mode",[172,1154,1155],{"class":189}," dnsrr",[172,1157,1065],{"class":321},[172,1159,1160,1163,1165],{"class":174,"line":196},[172,1161,1162],{"class":273},"  --network",[172,1164,1062],{"class":189},[172,1166,1065],{"class":321},[172,1168,1169],{"class":174,"line":203},[172,1170,1171],{"class":189},"  nginx\n",[11,1173,1174,1175,1180],{},"DNSRR モードでは、DNS クエリがサービスの全レプリカの IP アドレスリストを返し、クライアントが直接接続先を選択します。",[17,1176,1179],{"href":1177,"rel":1178},"https:\u002F\u002Freintech.io\u002Fblog\u002Fservice-discovery-networking-docker-swarm",[21],"Reintech の Docker Swarm 解説","に詳細があります。",[25,1182,1183],{"id":1183},"ネットワークモードの選択ガイド",[240,1185,1186],{"id":1186},"ユースケース別推奨",[44,1188,1189,1202],{},[47,1190,1191],{},[50,1192,1193,1196,1199],{},[53,1194,1195],{},"シナリオ",[53,1197,1198],{},"推奨ドライバー",[53,1200,1201],{},"理由",[69,1203,1204,1215,1225,1236,1246,1257],{},[50,1205,1206,1209,1212],{},[74,1207,1208],{},"Web アプリ + DB",[74,1210,1211],{},"Bridge（ユーザー定義）",[74,1213,1214],{},"分離性と DNS ディスカバリ",[50,1216,1217,1220,1222],{},[74,1218,1219],{},"マイクロサービス（単一ホスト）",[74,1221,1211],{},[74,1223,1224],{},"サービス間分離",[50,1226,1227,1230,1233],{},[74,1228,1229],{},"マイクロサービス（マルチホスト）",[74,1231,1232],{},"Overlay",[74,1234,1235],{},"クラスタ間通信",[50,1237,1238,1241,1243],{},[74,1239,1240],{},"高性能ネットワーク処理",[74,1242,731],{},[74,1244,1245],{},"NAT オーバーヘッドなし",[50,1247,1248,1251,1254],{},[74,1249,1250],{},"IoT \u002F 物理ネットワーク統合",[74,1252,1253],{},"Macvlan",[74,1255,1256],{},"物理 NIC 直接接続",[50,1258,1259,1262,1265],{},[74,1260,1261],{},"セキュリティ重視のバッチ処理",[74,1263,1264],{},"None",[74,1266,1267],{},"完全なネットワーク分離",[240,1269,1270],{"id":1270},"セキュリティのベストプラクティス",[162,1272,1274],{"className":467,"code":1273,"language":469,"meta":167,"style":167},"# Docker Compose でのネットワーク分離例\nservices:\n  web:\n    networks:\n      - frontend\n  api:\n    networks:\n      - frontend\n      - backend\n  db:\n    networks:\n      - backend\n\nnetworks:\n  frontend:\n    driver: bridge\n  backend:\n    driver: bridge\n    internal: true\n    ipam:\n      config:\n        - subnet: 172.28.0.0-24\n",[169,1275,1276,1281,1287,1293,1299,1305,1311,1317,1323,1329,1335,1341,1347,1351,1357,1363,1371,1377,1385,1394,1401,1408],{"__ignoreMap":167},[172,1277,1278],{"class":174,"line":175},[172,1279,1280],{"class":178},"# Docker Compose でのネットワーク分離例\n",[172,1282,1283,1285],{"class":174,"line":182},[172,1284,477],{"class":476},[172,1286,480],{"class":321},[172,1288,1289,1291],{"class":174,"line":196},[172,1290,485],{"class":476},[172,1292,480],{"class":321},[172,1294,1295,1297],{"class":174,"line":203},[172,1296,502],{"class":476},[172,1298,480],{"class":321},[172,1300,1301,1303],{"class":174,"line":209},[172,1302,510],{"class":509},[172,1304,513],{"class":189},[172,1306,1307,1309],{"class":174,"line":311},[172,1308,518],{"class":476},[172,1310,480],{"class":321},[172,1312,1313,1315],{"class":174,"line":523},[172,1314,502],{"class":476},[172,1316,480],{"class":321},[172,1318,1319,1321],{"class":174,"line":532},[172,1320,510],{"class":509},[172,1322,513],{"class":189},[172,1324,1325,1327],{"class":174,"line":539},[172,1326,510],{"class":509},[172,1328,551],{"class":189},[172,1330,1331,1333],{"class":174,"line":546},[172,1332,557],{"class":476},[172,1334,480],{"class":321},[172,1336,1337,1339],{"class":174,"line":554},[172,1338,502],{"class":476},[172,1340,480],{"class":321},[172,1342,1343,1345],{"class":174,"line":562},[172,1344,510],{"class":509},[172,1346,551],{"class":189},[172,1348,1349],{"class":174,"line":572},[172,1350,200],{"emptyLinePlaceholder":199},[172,1352,1353,1355],{"class":174,"line":579},[172,1354,594],{"class":476},[172,1356,480],{"class":321},[172,1358,1359,1361],{"class":174,"line":586},[172,1360,602],{"class":476},[172,1362,480],{"class":321},[172,1364,1365,1367,1369],{"class":174,"line":591},[172,1366,610],{"class":476},[172,1368,495],{"class":321},[172,1370,219],{"class":189},[172,1372,1373,1375],{"class":174,"line":599},[172,1374,620],{"class":476},[172,1376,480],{"class":321},[172,1378,1379,1381,1383],{"class":174,"line":607},[172,1380,610],{"class":476},[172,1382,495],{"class":321},[172,1384,219],{"class":189},[172,1386,1387,1389,1391],{"class":174,"line":617},[172,1388,637],{"class":476},[172,1390,495],{"class":321},[172,1392,1393],{"class":642}," true\n",[172,1395,1396,1399],{"class":174,"line":625},[172,1397,1398],{"class":476},"    ipam",[172,1400,480],{"class":321},[172,1402,1403,1406],{"class":174,"line":634},[172,1404,1405],{"class":476},"      config",[172,1407,480],{"class":321},[172,1409,1411,1414,1417,1419],{"class":174,"line":1410},22,[172,1412,1413],{"class":509},"        -",[172,1415,1416],{"class":476}," subnet",[172,1418,495],{"class":321},[172,1420,1421],{"class":189}," 172.28.0.0-24\n",[11,1423,1424,1429],{},[17,1425,1428],{"href":1426,"rel":1427},"https:\u002F\u002Fenv.dev\u002Fguides\u002Fdocker-networking",[21],"env.dev の Docker ネットワーキングガイド","では、本番環境でのネットワークセグメンテーションの重要性が強調されています。",[240,1431,1433],{"id":1432},"kubernetes-との関係","Kubernetes との関係",[11,1435,1436],{},"Docker のネットワーキングモデルは Kubernetes の CNI（Container Network Interface）の基盤です:",[44,1438,1439,1449],{},[47,1440,1441],{},[50,1442,1443,1446],{},[53,1444,1445],{},"Docker",[53,1447,1448],{},"Kubernetes",[69,1450,1451,1459,1467,1475,1482],{},[50,1452,1453,1456],{},[74,1454,1455],{},"Bridge ネットワーク",[74,1457,1458],{},"Pod ネットワーク（CNI プラグイン）",[50,1460,1461,1464],{},[74,1462,1463],{},"Service（DNS）",[74,1465,1466],{},"Kubernetes Service",[50,1468,1469,1472],{},[74,1470,1471],{},"ポートマッピング",[74,1473,1474],{},"NodePort \u002F LoadBalancer",[50,1476,1477,1479],{},[74,1478,1232],{},[74,1480,1481],{},"Pod 間通信（Flannel, Calico 等）",[50,1483,1484,1487],{},[74,1485,1486],{},"NetworkPolicy なし",[74,1488,1489],{},"NetworkPolicy でトラフィック制御",[11,1491,1492,1497],{},[17,1493,1496],{"href":1494,"rel":1495},"https:\u002F\u002Fmoldstud.com\u002Farticles\u002Fp-docker-networking-modes-explained-bridge-host-and-overlay-comprehensive-guide",[21],"moldstud の包括的ガイド","では、Docker から Kubernetes へのネットワーキング移行についても詳しく解説されています。",[25,1499,1501],{"id":1500},"まとめ-適材適所のネットワーク設計","まとめ: 適材適所のネットワーク設計",[11,1503,1504],{},"Docker ネットワーキングの 3 つの主要ドライバーを理解し、適切に使い分けることが、コンテナアプリケーションのパフォーマンスとセキュリティの両立に不可欠です。",[422,1506,1507,1512,1517],{},[425,1508,1509,1511],{},[33,1510,728],{},": ほとんどのユースケースの第一選択。ユーザー定義ネットワークを常に使用",[425,1513,1514,1516],{},[33,1515,731],{},": パフォーマンスが最優先で、分離性を犠牲にできる場合のみ",[425,1518,1519,1521],{},[33,1520,1232],{},": マルチホスト環境での Docker Swarm サービス間通信",[11,1523,1524,1527,1528,1531],{},[17,1525,22],{"href":19,"rel":1526},[21]," は、Docker レベルのネットワーク知識を土台に、Kubernetes の高度なネットワーキング機能（Service Mesh、NetworkPolicy、Ingress）を提供するコンテナ基盤です。",[17,1529,226],{"href":224,"rel":1530},[21]," と組み合わせることで、ネットワーク設計から運用監視までを AI が支援します。",[11,1533,1534,1535,1540],{},"Docker ネットワーキングや Kubernetes ネットワーク設計のご相談は、",[17,1536,1539],{"href":1537,"rel":1538},"https:\u002F\u002Fwww.hexabase.com\u002Fcontact-us\u002F",[21],"お問い合わせ","よりお気軽にどうぞ。",[1542,1543,1544],"style",{},"html pre.shiki code .sbD-w, html code.shiki .sbD-w{--shiki-default:#51597D;--shiki-default-font-style:italic}html pre.shiki code .sE3pS, html code.shiki .sE3pS{--shiki-default:#C0CAF5}html pre.shiki code .sPY7s, html code.shiki .sPY7s{--shiki-default:#9ECE6A}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html pre.shiki code .sT800, html code.shiki .sT800{--shiki-default:#E0AF68}html pre.shiki code .sAklC, html code.shiki .sAklC{--shiki-default:#89DDFF}html pre.shiki code .s0U2E, html code.shiki .s0U2E{--shiki-default:#F7768E}html pre.shiki code .sgJMe, html code.shiki .sgJMe{--shiki-default:#9ABDF5}html pre.shiki code .sOJ5S, html code.shiki .sOJ5S{--shiki-default:#FF9E64}",{"title":167,"searchDepth":182,"depth":182,"links":1546},[1547,1548,1553,1558,1564,1569],{"id":27,"depth":182,"text":28},{"id":230,"depth":182,"text":231,"children":1549},[1550,1551,1552],{"id":242,"depth":196,"text":242},{"id":334,"depth":196,"text":335},{"id":463,"depth":196,"text":464},{"id":655,"depth":182,"text":656,"children":1554},[1555,1556,1557],{"id":708,"depth":196,"text":708},{"id":768,"depth":196,"text":769},{"id":798,"depth":196,"text":798},{"id":869,"depth":182,"text":870,"children":1559},[1560,1561,1562,1563],{"id":880,"depth":196,"text":881},{"id":969,"depth":196,"text":969},{"id":1030,"depth":196,"text":1031},{"id":1124,"depth":196,"text":1125},{"id":1183,"depth":182,"text":1183,"children":1565},[1566,1567,1568],{"id":1186,"depth":196,"text":1186},{"id":1270,"depth":196,"text":1270},{"id":1432,"depth":196,"text":1433},{"id":1500,"depth":182,"text":1501},"2026-05-27","Docker のネットワークドライバー bridge・host・overlay を徹底比較。仕組み、パフォーマンス、セキュリティ、ユースケース別の選択指針を実践的なコード例とともに解説します。","md","ja",{},"\u002Fblog\u002Fja\u002Fdocker-networking-deep-dive",{"title":5,"description":1571},"blog\u002Fja\u002Fdocker-networking-deep-dive",[1445,1579,78,115,97,1580,1581],"ネットワーキング","コンテナ","Docker Swarm","TcMvh6EDK0I-giWTRZfJ4xaWyp-0mB3ZiO8YrsoPtXI",1779964617052]