Description
When configuring manually a gateway IP address on a subnet, if the subnet is large enough, IP address actually used is not the expected one despite docker inspect displaying it.
Reproduce
- Create the following
compose.yaml and run docker compose up
services:
nginx:
image: nginx
networks:
n1:
n2:
networks:
n1:
name: n1
enable_ipv6: true
driver: bridge
driver_opts:
com.docker.network.bridge.name: br-n1
ipam:
driver: default
config:
- subnet: fd32:f7ff:393f::/48
ip_range: fd32:f7ff:393f::/64
gateway: fd32:f7ff:393f:1::1
n2:
name: n2
enable_ipv6: true
driver: bridge
driver_opts:
com.docker.network.bridge.name: br-n2
ipam:
driver: default
config:
- subnet: fd83:b442:5c7e::/64
ip_range: fd83:b442:5c7e:0:8000::/65
gateway: fd83:b442:5c7e:0:8000::1
- Check gateway configuration using docker inspect:
2.1. docker inspect n1 (gateway IP address is correct)
[
{
"Name": "n1",
"Id": "b2669ae9d9da74363ca976e19b61bd526223eded5fcef02158d9aa88cf107ad1",
"Created": "2024-09-18T15:10:44.338593812+02:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": true,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "fd32:f7ff:393f::/48",
"IPRange": "fd32:f7ff:393f::/64",
"Gateway": "fd32:f7ff:393f:1::1"
},
{
"Subnet": "10.0.1.0/24",
"Gateway": "10.0.1.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"d598e5148c48b37a297440b7b0158b74848e0f3b1f7db11c1a9237b68e1e4b87": {
"Name": "test-docker-nginx-1",
"EndpointID": "48766a6ec42faf995f7ef385a98127a23920eed1236d0a4bd0cb6254bede4314",
"MacAddress": "02:42:0a:00:01:02",
"IPv4Address": "10.0.1.2/24",
"IPv6Address": "fd32:f7ff:393f::2/48"
}
},
"Options": {
"com.docker.network.bridge.name": "br-n1"
},
"Labels": {
"com.docker.compose.network": "n1",
"com.docker.compose.project": "test-docker",
"com.docker.compose.version": "2.29.2"
}
}
]
2.2. docker inspect n2 (gateway IP address is correct)
[
{
"Name": "n2",
"Id": "642a85683be7976a3c0d4f8382d97cd5b4cedf74580ac7067b8e442312ca4f8c",
"Created": "2024-09-18T15:10:44.669753347+02:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": true,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "fd83:b442:5c7e::/64",
"IPRange": "fd83:b442:5c7e:0:8000::/65",
"Gateway": "fd83:b442:5c7e:0:8000::1"
},
{
"Subnet": "10.0.2.0/24",
"Gateway": "10.0.2.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"d598e5148c48b37a297440b7b0158b74848e0f3b1f7db11c1a9237b68e1e4b87": {
"Name": "test-docker-nginx-1",
"EndpointID": "fbcef6fec5dc32aebd7222f8d5ba95278d8a4492d5070b81982390f6e303173d",
"MacAddress": "02:42:0a:00:02:02",
"IPv4Address": "10.0.2.2/24",
"IPv6Address": "fd83:b442:5c7e:0:8000::/64"
}
},
"Options": {
"com.docker.network.bridge.name": "br-n2"
},
"Labels": {
"com.docker.compose.network": "n2",
"com.docker.compose.project": "test-docker",
"com.docker.compose.version": "2.29.2"
}
}
]
- Check actual gateway ip using iproute2:
3.1. ip a show br-n1 (here gateway IP address is not correct)
6031: br-n1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:d8:26:28:16 brd ff:ff:ff:ff:ff:ff
inet 10.0.1.1/24 brd 10.0.1.255 scope global br-n1
valid_lft forever preferred_lft forever
inet6 fd32:f7ff:393f::1/48 scope global
valid_lft forever preferred_lft forever
inet6 fe80::42:d8ff:fe26:2816/64 scope link
valid_lft forever preferred_lft forever
3.2. ip a show br-n2 (here gateway IP address is correct)
6032: br-n2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:8a:47:88:dc brd ff:ff:ff:ff:ff:ff
inet 10.0.2.1/24 brd 10.0.2.255 scope global br-n2
valid_lft forever preferred_lft forever
inet6 fd83:b442:5c7e:0:8000::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::42:8aff:fe47:88dc/64 scope link
valid_lft forever preferred_lft forever
Expected behavior
Step 3.1. (ip a show br-n1) should show fd32:f7ff:393f:1::1/48 instead of fd32:f7ff:393f::1/48
6031: br-n1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:d8:26:28:16 brd ff:ff:ff:ff:ff:ff
inet 10.0.1.1/24 brd 10.0.1.255 scope global br-n1
valid_lft forever preferred_lft forever
- inet6 fd32:f7ff:393f::1/48 scope global
+ inet6 fd32:f7ff:393f:1::1/48 scope global
valid_lft forever preferred_lft forever
inet6 fe80::42:d8ff:fe26:2816/64 scope link
valid_lft forever preferred_lft foreverdocker version
Client: Docker Engine - Community
Version: 27.2.1
API version: 1.47
Go version: go1.22.7
Git commit: 9e34c9b
Built: Fri Sep 6 12:08:06 2024
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 27.2.1
API version: 1.47 (minimum version 1.24)
Go version: go1.22.7
Git commit: 8b539b8
Built: Fri Sep 6 12:08:06 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.7.21
GitCommit: 472731909fa34bd7bc9c087e4c27943f9835f111
runc:
Version: 1.1.13
GitCommit: v1.1.13-0-g58aa920
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker info
Client: Docker Engine - Community
Version: 27.2.1
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.16.2
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.29.2
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 31
Server Version: 27.2.1
Storage Driver: btrfs
Btrfs:
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 472731909fa34bd7bc9c087e4c27943f9835f111
runc version: v1.1.13-0-g58aa920
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.1.0-25-amd64
Operating System: Debian GNU/Linux 12 (bookworm)
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 15.29GiB
Name: CometTail
ID: b72da995-0839-4c58-afc5-a42b17d9b1ae
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Default Address Pools:
Base: 10.0.0.0/8, Size: 24
Base: fd3f:f9ac:f32b::/48, Size: 64Additional Info
No response
Description
When configuring manually a gateway IP address on a subnet, if the subnet is large enough, IP address actually used is not the expected one despite
docker inspectdisplaying it.Reproduce
compose.yamland rundocker compose up2.1.
docker inspect n1(gateway IP address is correct)2.2.
docker inspect n2(gateway IP address is correct)3.1.
ip a show br-n1(here gateway IP address is not correct)3.2.
ip a show br-n2(here gateway IP address is correct)Expected behavior
Step 3.1. (
ip a show br-n1) should showfd32:f7ff:393f:1::1/48instead offd32:f7ff:393f::1/486031: br-n1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:d8:26:28:16 brd ff:ff:ff:ff:ff:ff inet 10.0.1.1/24 brd 10.0.1.255 scope global br-n1 valid_lft forever preferred_lft forever - inet6 fd32:f7ff:393f::1/48 scope global + inet6 fd32:f7ff:393f:1::1/48 scope global valid_lft forever preferred_lft forever inet6 fe80::42:d8ff:fe26:2816/64 scope link valid_lft forever preferred_lft foreverdocker version
Client: Docker Engine - Community Version: 27.2.1 API version: 1.47 Go version: go1.22.7 Git commit: 9e34c9b Built: Fri Sep 6 12:08:06 2024 OS/Arch: linux/amd64 Context: default Server: Docker Engine - Community Engine: Version: 27.2.1 API version: 1.47 (minimum version 1.24) Go version: go1.22.7 Git commit: 8b539b8 Built: Fri Sep 6 12:08:06 2024 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.7.21 GitCommit: 472731909fa34bd7bc9c087e4c27943f9835f111 runc: Version: 1.1.13 GitCommit: v1.1.13-0-g58aa920 docker-init: Version: 0.19.0 GitCommit: de40ad0docker info
Additional Info
No response