Docker Engine Networking updates for style, clarity

content/manuals/engine/network/_index.md

@@ -1,20 +1,20 @@
 ---
-title: Networking overview
+title: Networking
 linkTitle: Networking
 weight: 30
 description: Learn how networking works from the container's point of view
 keywords: networking, container, standalone, IP address, DNS resolution
 aliases:
-- /articles/networking/
-- /config/containers/container-networking/
-- /engine/tutorials/networkingcontainers/
-- /engine/userguide/networking/
-- /engine/userguide/networking/configure-dns/
-- /engine/userguide/networking/default_network/binding/
-- /engine/userguide/networking/default_network/configure-dns/
-- /engine/userguide/networking/default_network/container-communication/
-- /engine/userguide/networking/dockernetworks/
-- /network/
+  - /articles/networking/
+  - /config/containers/container-networking/
+  - /engine/tutorials/networkingcontainers/
+  - /engine/userguide/networking/
+  - /engine/userguide/networking/configure-dns/
+  - /engine/userguide/networking/default_network/binding/
+  - /engine/userguide/networking/default_network/configure-dns/
+  - /engine/userguide/networking/default_network/container-communication/
+  - /engine/userguide/networking/dockernetworks/
+  - /network/
 ---
 
 Container networking refers to the ability for containers to connect to and
@@ -29,18 +29,18 @@ routing table, DNS services, and other networking details.
 This page describes networking from the point of view of the container,
 and the concepts around container networking.
 
-When Docker Engine on Linux starts for the first time, it has a single
-built-in network called the "default bridge" network. When you run a
-container without the `--network` option, it is connected to the default
-bridge.
+## Default network
 
-Containers attached to the default bridge have access to network services
-outside the Docker host. They use "masquerading" which means, if the
-Docker host has Internet access, no additional configuration is needed
-for the container to have Internet access.
+When Docker Engine starts, it creates the default bridge network. New containers
+attach to it unless you choose another network. Traffic between containers on the
+same bridge stays on the bridge.
 
-For example, to run a container on the default bridge network, and have
-it ping an Internet host:
+- By default, outbound traffic from the bridge is masqueraded. The Docker host
+  replaces the container's source address with its own before forwarding to
+  external networks.
+- Return traffic is mapped back to the correct container.
+
+To verify connectivity from a container:
 
 ```console
 $ docker run --rm -ti busybox ping -c1 docker.com
@@ -79,7 +79,7 @@ Docker Engine has a number of network drivers, as well as the default "bridge".
 On Linux, the following built-in network drivers are available:
 
 | Driver                          | Description                                                         |
-|:--------------------------------|:--------------------------------------------------------------------|
+| :------------------------------ | :------------------------------------------------------------------ |
 | [bridge](./drivers/bridge.md)   | The default network driver.                                         |
 | [host](./drivers/host.md)       | Remove network isolation between the container and the Docker host. |
 | [none](./drivers/none.md)       | Completely isolate a container from the host and other containers.  |
@@ -113,7 +113,7 @@ Containers can also share networking stacks, see [Container networks](#container
 
 When sending packets, if the destination is an address in a directly connected
 network, packets are sent to that network. Otherwise, packets are sent to
-a default gateway for routing to their destination. In the example above,
+a default gateway for routing to their destination. In the previous example,
 the `ipvlan` network's gateway must be the default gateway.
 
 The default gateway is selected by Docker, and may change whenever a
@@ -159,7 +159,7 @@ $ docker network create --ipv6 --ipv4=false v6net
 
 By default, the container gets an IP address for every Docker network it attaches to.
 A container receives an IP address out of the IP subnet of the network.
-The Docker daemon performs dynamic subnetting and IP address allocation for containers.
+The Docker daemon allocates subnets and IP addresses for containers.
 Each network also has a default subnet mask and gateway.
 
 You can connect a running container to multiple networks,
@@ -192,21 +192,21 @@ These pools can be configured in `/etc/docker/daemon.json`. Docker's built-in de
 ```json
 {
   "default-address-pools": [
-    {"base":"172.17.0.0/16","size":16},
-    {"base":"172.18.0.0/16","size":16},
-    {"base":"172.19.0.0/16","size":16},
-    {"base":"172.20.0.0/14","size":16},
-    {"base":"172.24.0.0/14","size":16},
-    {"base":"172.28.0.0/14","size":16},
-    {"base":"192.168.0.0/16","size":20}
+    { "base": "172.17.0.0/16", "size": 16 },
+    { "base": "172.18.0.0/16", "size": 16 },
+    { "base": "172.19.0.0/16", "size": 16 },
+    { "base": "172.20.0.0/14", "size": 16 },
+    { "base": "172.24.0.0/14", "size": 16 },
+    { "base": "172.28.0.0/14", "size": 16 },
+    { "base": "192.168.0.0/16", "size": 20 }
   ]
 }
 ```
 
 - `base`: The subnet that can be allocated from.
 - `size`: The prefix length used for each allocated subnet.
 
-When an IPv6 subnet is required and there are no IPv6 addresses in  `default-address-pools`, Docker allocates
+When an IPv6 subnet is required and there are no IPv6 addresses in `default-address-pools`, Docker allocates
 subnets from a Unique Local Address (ULA) prefix. To use specific IPv6 subnets instead, add them to your
 `default-address-pools`. See [Dynamic IPv6 subnet allocation](../daemon/ipv6.md#dynamic-ipv6-subnet-allocation)
 for more information.
@@ -222,9 +222,7 @@ Docker will allocate subnets `172.17.0.0/24`, `172.17.1.0/24`, and so on, up to
 
 ```json
 {
-  "default-address-pools": [
-    {"base": "172.17.0.0/16", "size": 24}
-  ]
+  "default-address-pools": [{ "base": "172.17.0.0/16", "size": 24 }]
 }
 ```
 
@@ -272,7 +270,7 @@ The following table describes the available `docker run` flags related to DNS
 configuration.
 
 | Flag           | Description                                                                                                                                                                                                                                           |
-| -------------- |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | `--dns`        | The IP address of a DNS server. To specify multiple DNS servers, use multiple `--dns` flags. DNS requests will be forwarded from the container's network namespace so, for example, `--dns=127.0.0.1` refers to the container's own loopback address. |
 | `--dns-search` | A DNS search domain to search non-fully qualified hostnames. To specify multiple DNS search prefixes, use multiple `--dns-search` flags.                                                                                                              |
 | `--dns-opt`    | A key-value pair representing a DNS option and its value. See your operating system's documentation for `resolv.conf` for valid options.                                                                                                              |