Relationship between bridge and veth for Docker network

On my Ubuntu 22.04 host, I've created a Docker network with the bridge driver and started up a container within that network. Running ip addr on my host, I see these two interfaces:

5: br-fc7599764562:  mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:d4:4f:b9:39 brd ff:ff:ff:ff:ff:ff
    inet 172.21.0.1/16 brd 172.21.255.255 scope global br-fc7599764562
        valid_lft forever preferred_lft forever
    inet6 fe80::42:d4ff:fe4f:b939/64 scope link
        valid_lftforever preferred_lft forever
6: vethe6879a0@if14:  mtu 1500 qdisc noqueue master br-fc7599764562 state UP group default
    link/ether e2:e8:0f:5b:37:a0 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::e0e8:fff:fe5b:37a0/64 scope link
        valid_lft forever preferred_lft forever

Clearly, these two interfaces are related as the second lists the first as "master". What is the relationship? Some context for the question: I actually have two Docker networks with one container inside each. Using iptables, I've [set up NAT between them](https://unix.stackexchange.com/questions/744165/set-up-nat-between-docker-networks) (or, at least, I think I have) and am trying to ping one container from the other. Running Wireshark on the host, I see the ICMP packet come in on the bridge interface and going out on the veth interface (instead of the other bridge).