What is None network driver

Source: Dev.to

What is the none network driver?

The none network driver in Docker is a special type of network that provides complete isolation for a container from any external network. When you attach a container to the none network, it has no network connectivity whatsoever. Only the loopback device (lo) is created inside the container.

You can achieve this isolation by using the --network none flag when starting a container.

Possible Use Cases

The none network driver is suitable for scenarios where network connectivity is not required or should be restricted:

• Highly Sensitive Applications – Add an extra layer of security for applications handling sensitive data.
• Isolation from Malware or Attacks – Reduce the attack surface by preventing any external communication.
• Network Debugging – Eliminate external network interference when troubleshooting container networking.
• Simulating Network Outages – Test how applications behave when connectivity is lost.
• Stand‑Alone Containers – Run containers that do not depend on external services.
• Resource Isolation – Prevent network‑related performance impacts for resource‑intensive workloads.
• Transient Containers – Use with short‑lived containers (--rm) to minimize exposure.

Example

Running an Alpine container with the none network

docker run -it --name app1 --network=none alpine sh

Inside the container’s shell, display the network interfaces:

ip link show

Typical output:

1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0@if2:  mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0

Explanation of the output

• lo: Loopback interface, always present.
• eth0@if2: Virtual Ethernet interface created by Docker, even when using the none driver. It has a MAC address (02:42:ac:11:00:02) but cannot communicate outside the container.