Description
Multiple networks sharing a subnet can be created with overlapping IP ranges, unless the ranges are identical.
Reproduce
docker network create --driver ipvlan --subnet 10.123.0.0/16 --ip-range 10.123.0.0/17 overlap1
-> Successdocker network create --driver ipvlan --subnet 10.123.0.0/16 --ip-range 10.123.0.0/17 overlap2
-> Error response from daemon: Pool overlaps with other one on this address spacedocker network create --driver ipvlan --subnet 10.123.0.0/16 --ip-range 10.123.0.0/18 overlap3
-> Success?!
The bridge driver has its own overlap checks: no bridge network can be created with a subnet that overlaps the subnet of any existing bridge network, irrespective of ip-range. But e.g. two ipvlan networks can share a subnet, as can a bridge and an ipvlan.
Expected behavior
The rules of when networks can have overlapping IPAM pools should be applied consistently: either both overlap2 and overlap3 can be created successfully, or neither.
docker version
Confirmed on v20.10.24, v23.0.6, v24.0.6
docker info
Additional Info
Duplicate addresses will not be allocated even if pools overlap. All IPAM pools for the same subnet share the same allocation bitmap so an address allocated from one pool is implicitly reserved in all the other pools.
Description
Multiple networks sharing a subnet can be created with overlapping IP ranges, unless the ranges are identical.
Reproduce
docker network create --driver ipvlan --subnet 10.123.0.0/16 --ip-range 10.123.0.0/17 overlap1-> Success
docker network create --driver ipvlan --subnet 10.123.0.0/16 --ip-range 10.123.0.0/17 overlap2-> Error response from daemon: Pool overlaps with other one on this address space
docker network create --driver ipvlan --subnet 10.123.0.0/16 --ip-range 10.123.0.0/18 overlap3-> Success?!
The bridge driver has its own overlap checks: no bridge network can be created with a subnet that overlaps the subnet of any existing bridge network, irrespective of ip-range. But e.g. two ipvlan networks can share a subnet, as can a bridge and an ipvlan.
Expected behavior
The rules of when networks can have overlapping IPAM pools should be applied consistently: either both
overlap2andoverlap3can be created successfully, or neither.docker version
docker info
Additional Info
Duplicate addresses will not be allocated even if pools overlap. All IPAM pools for the same subnet share the same allocation bitmap so an address allocated from one pool is implicitly reserved in all the other pools.