Skip to content
dockmesh

Networks

dockmesh lists and manages Docker networks per host. Most users don’t think about networks — Compose creates them automatically per stack. But when you need cross-stack communication or explicit network isolation, this is where it happens.

Default networks

Section titled “Default networks”

Every Docker host has three built-in networks:

NetworkScopeUse
bridgeHost-localDefault for docker run without --network
hostHost-localShares the host’s network namespace — no isolation
noneHost-localNo network at all

dockmesh shows them for completeness but you rarely touch them directly.

Compose-created networks

Section titled “Compose-created networks”

When you deploy a stack, Compose creates a network named <project>_default unless you declare networks explicitly. Containers in the same stack can reach each other by service name (postgres, redis, etc.) via built-in DNS.

Custom networks

Section titled “Custom networks”

Declared in compose.yaml:

networks:
  frontend:
    driver: bridge
  backend:
    driver: bridge
    internal: true  # no internet access

Use cases:

  • internal: true — database networks with no outbound internet
  • Shared networks across stacks — use external: true to reference a network defined elsewhere
  • IPAM — custom subnets, gateways (ipam.config)

Cross-stack communication

Section titled “Cross-stack communication”

Two stacks that need to talk to each other:

  1. Create a shared network first: 
    # One-time setup stack or via UI
    networks:
      shared-bus:
        driver: bridge
  2. Both stacks reference it: 
    services:
      api:
        networks: [default, shared-bus]
    networks:
      shared-bus:
        external: true

Containers on shared-bus reach each other by service name across stacks.

Creating networks in the UI

Section titled “Creating networks in the UI”

Networks → New network:

  • Name
  • Host
  • Driver (bridge, overlay for Swarm, macvlan, ipvlan, or third-party plugin)
  • Subnet / Gateway / IP range (advanced)
  • Options: internal, attachable, ingress
  • Labels

Pruning

Section titled “Pruning”

Actions → Prune removes networks with no connected containers. Safe — doesn’t touch data.

Why no topology graph?

Section titled “Why no topology graph?”

Earlier dockmesh versions had an interactive network topology view. It was removed because:

  • It was slow on fleets with many containers
  • It didn’t tell users anything actionable
  • The list view with filters is faster for real work

If you want a visualization, point any standard network-scanning tool at your host.

See also

Section titled “See also”
  • Reverse Proxy — exposing containers via Caddy
  • Agent mTLS — how dockmesh talks between hosts (not over container networks)
  • Hardening — network isolation best practices