Description
Goal: To have an internal bridge network where all containers route their traffic through a designated gateway container, which is then connected to other networks and performs routing.
Docker does not seem to allow us to use our own gateway, however.
Reproduce
# docker network create testnet \
--internal --ipv6=false --attachable=true \
--gateway '123.123.123.123' --ip-range=123.123.123.0/24 --subnet 123.123.123.0/24 \
-o com.docker.network.bridge.gateway_mode_ipv4=routed \
-o com.docker.network.bridge.enable_ip_masquerade=false \
-o com.docker.network.bridge.inhibit_ipv4=true
# docker run --rm -it --network=testnet --ip 123.123.123.123 alpine:3.20 sh -c 'ip addr'
docker: Error response from daemon: Address already in use.
# docker network inspect testnet
[
{
"Name": "testnet",
"Id": "62cc9ea78cf96808338155a7d4ab7a8f43e8ae869ce5628c13161422afb26999",
"Created": "2024-07-19T17:21:11.812101657+09:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "123.123.123.0/24",
"IPRange": "123.123.123.0/24",
"Gateway": "123.123.123.123"
}
]
},
"Internal": true,
"Attachable": true,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.enable_ip_masquerade": "false",
"com.docker.network.bridge.gateway_mode_ipv4": "routed",
"com.docker.network.bridge.inhibit_ipv4": "true"
},
"Labels": {}
}
]
Expected behavior
Expecting some mechanism to disable the reservation of the gateway IP of the host, andor afford a way to completely disable the gateway.
docker version
Client: Docker Engine - Community
Version: 27.0.3
API version: 1.46
Go version: go1.21.11
Git commit: 7d4bcd8
Built: Sat Jun 29 00:04:00 2024
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 27.0.3
API version: 1.46 (minimum version 1.24)
Go version: go1.21.11
Git commit: 662f78c
Built: Sat Jun 29 00:02:20 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.7.18
GitCommit: ae71819c4f5e67bb4d5ae76a6b735f29cc25774e
runc:
Version: 1.7.18
GitCommit: v1.1.13-0-g58aa920
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker info
Client: Docker Engine - Community
Version: 27.0.3
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.15.1
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.28.1
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 1
Server Version: 27.0.3
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: ae71819c4f5e67bb4d5ae76a6b735f29cc25774e
runc version: v1.1.13-0-g58aa920
init version: de40ad0
Security Options:
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.1
Operating System: Fedora Linux
OSType: linux
Architecture: x86_64
Debug Mode: false
Experimental: false
Live Restore Enabled: falseAdditional Info
I don't have evidence right now but I believe to have been able to do this in the past.
Description
Goal: To have an internal
bridgenetwork where all containers route their traffic through a designated gateway container, which is then connected to other networks and performs routing.Docker does not seem to allow us to use our own gateway, however.
Reproduce
Expected behavior
Expecting some mechanism to disable the reservation of the
gatewayIP of the host, andor afford a way to completely disable the gateway.docker version
Client: Docker Engine - Community Version: 27.0.3 API version: 1.46 Go version: go1.21.11 Git commit: 7d4bcd8 Built: Sat Jun 29 00:04:00 2024 OS/Arch: linux/amd64 Context: default Server: Docker Engine - Community Engine: Version: 27.0.3 API version: 1.46 (minimum version 1.24) Go version: go1.21.11 Git commit: 662f78c Built: Sat Jun 29 00:02:20 2024 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.7.18 GitCommit: ae71819c4f5e67bb4d5ae76a6b735f29cc25774e runc: Version: 1.7.18 GitCommit: v1.1.13-0-g58aa920 docker-init: Version: 0.19.0 GitCommit: de40ad0docker info
Additional Info
I don't have evidence right now but I believe to have been able to do this in the past.