From 7ac28ecb2cf14a89320d759d4f6ac4a91341d3b6 Mon Sep 17 00:00:00 2001 From: Ankush Agarwal Date: Sat, 28 Mar 2015 18:32:00 -0700 Subject: [PATCH] Explain --net=host option usage Fixes #11630 Signed-off-by: Ankush Agarwal --- docs/sources/reference/run.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index b1d0e92bd1..3fed51a189 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -279,6 +279,13 @@ container. The container's hostname will match the hostname on the host system. Publishing ports and linking to other containers will not work when sharing the host's network stack. +Compared to the default `bridge` mode, the `host` mode gives *significantly* +better networking performance since it uses the host's native networking stack +wheras the bridge has to go through one level of virtualizaion through the +docker daemon. It is recommended to run containers in this mode when their +networking performance is critical, for example, a production Load Balancer +or a High Performance Web Server. + > **Note**: `--net="host"` gives the container full access to local system > services such as D-bus and is therefore considered insecure.