Make a container's gateway network configurable #48868
Description
Description
When a container is connected to multiple networks, one of them (or, from 28.0, one per address family) will be selected as the gateway endpoint (the container's default route).
At the moment, there's no way to control selection of the gateway endpoint - it should be possible (although far from ideal) to control it by adjusting network names (see below). But, in docker/compose#12170 there are reports of that not working.
From docker/compose#12170, use-cases are around containers with bridge and ipvlan endpoints, and wanting to control which network gets the default route for Internet traffic.
From docker/compose#12170 (comment):
Every time a container is connected to a network, Docker Engine looks at the container's whole set of endpoints and picks one to use as the gateway. (And, the same after a network disconnect.)
The gateway endpoint it picks is the first in this ordering.
I don't think that function's comment is quite right... but, endpoints are sorted by priority, then the dedicated docker_gwbridge network is preferred (for swarm), then non-internal networks, then dual-stack over IPv4-only. Finally, if the networks are equal according to those criteria, they're sorted lexicographically by network name.
That means the order in which networks are connected shouldn't make any difference to the end result:
- Compose's priority only affects the order in which networks are added, the value isn't passed to the engine.
- The epPriority used in the engine's ordering of endpoints is unrelated and, weirdly, there's no way to configure it via the engine's API. (So, it's completely useless.)
But, in the two examples in docker/compose#12170 - the networks are all equal (user-defined, non-internal, and IPv4-only). So, they should be sorted by network name ... I've tried to repro the problem, but haven't been able to. For me, the selected gateway is always based on the network name - including with dockerd 24.0, I don't think this logic has changed since before that release anyway.