When Docker containers are started, they are assigned a private IP address. This avoids conflicts with addresses that may already be in use on the network and allows containers on the same host to talk to each other. It is a nice system except that containers running on different hosts cannot talk to each other unless they are exposed on the hosts. To solve this problem, various projects, including Docker, developed overlay networks.

An overlay network is a private network that is layered on top of an existing IP network to allow containers on multiple hosts to talk to each other. Containers connected to an overlay network are still assigned private addresses and are not accessible from outside the network. ...