Description
Looks like there is a FIXME regarding this in-code (
|
// FIXME(robmry) - this means a dual-stack gateway is preferred over single-stack |
|
// gateways with higher gateway-priorities. A dual-stack network should probably |
|
// be preferred over two single-stack networks, if they all have equal priorities. |
|
// It'd probably also be better to use a dual-stack endpoint as the gateway for |
|
// a single address family, if there's a higher-priority single-stack gateway for |
|
// the other address family. (But, priority is currently a Sandbox property, not |
|
// an Endpoint property. So, this function doesn't have access to priorities.) |
)
Initial report was done in compose (
docker/compose#13511 (comment))
Reproduce
networks:
maclvanv4:
driver: macvlan
enable_ipv6: false
driver_opts:
parent: br1
ipam:
config:
- subnet: 10.20.30.0/24
gateway: 10.20.30.1
internalv4:
driver: bridge
enable_ipv6: false
services:
bash:
image: bash
command: ip r
networks:
internalv4:
maclvanv4:
ipv4_address: 10.20.30.156
gw_priority: 1000
priority: 1000Gives
bash-1 | default via 10.20.30.1 dev eth0
bash-1 | 10.20.30.0/24 dev eth0 scope link src 10.20.30.156
bash-1 | 172.16.5.0/24 dev eth1 scope link src 172.16.5.2
bash-1 exited with code 0
networks:
maclvanv4:
driver: macvlan
enable_ipv6: false
driver_opts:
parent: br1
ipam:
config:
- subnet: 10.20.30.0/24
gateway: 10.20.30.1
internalv4:
driver: bridge
# enable_ipv6: false
services:
bash:
image: bash
command: ip r
networks:
internalv4:
maclvanv4:
ipv4_address: 10.20.30.156
gw_priority: 1000
priority: 1000Gives
bash-1 | default via 172.16.5.1 dev eth0
bash-1 | 10.20.30.0/24 dev eth1 scope link src 10.20.30.156
bash-1 | 172.16.5.0/24 dev eth0 scope link src 172.16.5.2
bash-1 exited with code 0
Via docker run:
Both IPv4
truenas_admin@prometheus[~]$ sudo docker network create --driver bridge --ipv6=false --ipv4=true internal
9e407d74b51752b4ddeb147ee7eb0de334e26ef1e1d8aee12ced9ef3ff18df70
truenas_admin@prometheus[~]$ sudo docker network create --driver macvlan --subnet=10.20.30.0/24 --gateway=10.20.30.1 -o parent=br1 --ipv6=false --ipv4=true maclvan
7b2dc465e8da616cb0a77fbafc912bdeb180fcbb0e1dc371a1bb6e4c428bd2d5
truenas_admin@prometheus[~]$ sudo docker run --rm \
--network name=maclvan,gw-priority=1000 \
--network internal \
bash ip r
default via 10.20.30.1 dev eth1
10.20.30.0/24 dev eth1 scope link src 10.20.30.2
172.16.5.0/24 dev eth0 scope link src 172.16.5.2
One IPv6
truenas_admin@prometheus[~]$ sudo docker network create --driver bridge --ipv6=true --ipv4=true internal
2c90ee776b0847270b92cb2d77eb69d599afe026e7485c7e53107a03c9677cfc
truenas_admin@prometheus[~]$ sudo docker network create --driver macvlan --subnet=10.20.30.0/24 --gateway=10.20.30.1 -o parent=br1 --ipv6=false --ipv4=true maclvan
8195c1746b73915b2cf93bf35fc2eccf3c5f3e23be4854bbc1c91602aa94c1c3
truenas_admin@prometheus[~]$ sudo docker run --rm \
--network name=maclvan,gw-priority=1000 \
--network internal \
bash ip r
default via 172.16.5.1 dev eth1
10.20.30.0/24 dev eth0 scope link src 10.20.30.2
172.16.5.0/24 dev eth1 scope link src 172.16.5.2
Expected behavior
No response
docker version
Client: Docker Engine - Community
Version: 28.3.1
API version: 1.51
Go version: go1.24.4
Git commit: 38b7060
Built: Wed Jul 2 20:57:06 2025
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 28.3.1
API version: 1.51 (minimum version 1.24)
Go version: go1.24.4
Git commit: 5beb93d
Built: Wed Jul 2 20:57:06 2025
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.7.27
GitCommit: 05044ec0a9a75232cad458027ca83437aae3f4da
runc:
Version: 1.2.5
GitCommit: v1.2.5-0-g59923ef
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker info
Client: Docker Engine - Community
Version: 28.3.1
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.25.0
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.38.1
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 29
Running: 29
Paused: 0
Stopped: 0
Images: 32
Server Version: 28.3.1
Storage Driver: overlay2
Backing Filesystem: zfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
CDI spec directories:
/etc/cdi
/var/run/cdi
Swarm: inactive
Runtimes: runc io.containerd.runc.v2 nvidia
Default Runtime: nvidia
Init Binary: docker-init
containerd version: 05044ec0a9a75232cad458027ca83437aae3f4da
runc version: v1.2.5-0-g59923ef
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.12.33-production+truenas
Operating System: Debian GNU/Linux 12 (bookworm)
OSType: linux
Architecture: x86_64
CPUs: 16
Total Memory: 62.63GiB
Name: truenas
ID: af416a29-e97e-48c4-a294-35253e26efb6
Docker Root Dir: /mnt/.ix-apps/docker
Debug Mode: false
Experimental: false
Insecure Registries:
::1/128
127.0.0.0/8
Live Restore Enabled: false
Default Address Pools:
Base: 172.16.0.0/12, Size: 24Additional Info
No response
Description
Looks like there is a FIXME regarding this in-code (
moby/daemon/libnetwork/default_gateway.go
Lines 196 to 202 in 53390f8
Initial report was done in compose (docker/compose#13511 (comment))
Reproduce
Gives
Gives
Via docker run:
Both IPv4
One IPv6
Expected behavior
No response
docker version
Client: Docker Engine - Community Version: 28.3.1 API version: 1.51 Go version: go1.24.4 Git commit: 38b7060 Built: Wed Jul 2 20:57:06 2025 OS/Arch: linux/amd64 Context: default Server: Docker Engine - Community Engine: Version: 28.3.1 API version: 1.51 (minimum version 1.24) Go version: go1.24.4 Git commit: 5beb93d Built: Wed Jul 2 20:57:06 2025 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.7.27 GitCommit: 05044ec0a9a75232cad458027ca83437aae3f4da runc: Version: 1.2.5 GitCommit: v1.2.5-0-g59923ef docker-init: Version: 0.19.0 GitCommit: de40ad0docker info
Additional Info
No response