This is exactly how Docker containers access the Internet. To access the Internet from red, first we add a default routing rule which sends non-local traffic to the host machine. Access the Internet from a network namespace
Actually the switch is usually a virtual bridge managed by software instead of a physical switch. In Home network configuration, I said that a typical home router has a switch built-in. It’s crucial to understand the “double roles” of a virtual bridge. When we add an IP address to bridge0 using ip addr add 192.168.15.1/24 dev bridge0, we are actually adding an IP address to the interface. In other words, it’s a bridge from the perspective of the network namespaces, but it’s an interface from the perspective of the host machine. The name bridge0 appears twice: It’s not only the bridge connecting red, blue, and the host machine together, but also the interface that connects to the bridge on the host machine. The setup above is equivalent to the following physical network setup. The word “bridge” is just a synonym for “switch”, but a Linux virtual bridge is more than a switch. You might wonder what a bridge is and why a bridge is added by the ip link command, which is normally used to manage network interfaces. The configuration becomes the following after IP addresses are added. To learn about other namespaces, you can find resources in Containers Deep Dive. However, for this article, we only care about network namespaces. In addition to network namespaces, they use PID namespaces, mount namespaces, UTS namespaces, etc.
Notice that Docker (and other container tools) use several namespaces in combination. In other words, network namespaces are like separate machines to the host. Moreover, other networking configurations, like route table (shown by ip route) and iptables are also separated. Run ip link and then ip -n red link, we see that network interfaces are separated. What are separated by network namespaces?
This is exactly how Docker enables container-to-host communication for bridge networks.