How to make docker NOT to use a subnet as a bridge network or add a routing exception
I have a docker host (CentOs7) where I am running multiple dockerized applications and will be having even more in the future.
The problem that I have an external service which I need to access from the host, which uses an 172.18.100.101 address.
Docker automatically assigns subnets for the bridge networks it creates, 172.18.x, 172.19.x, etc:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.x.x.x 0.0.0.0 UG 0 0 0 eth0
172.17.1.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-0a7f3df38b5c
172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-636432c82f83
The options I see:
1. Tell Docker NOT to use the 172.18.0.0 subnet for the bridges. I don't think this is possible in docker.
2. For each docker container I could start specifying a subnet - but this becomes very problematic, as you need to ensure they don't clash, plus docker-compose.yml files are shared across hosts, so this is a management nightmare.
3. Try to route the required ip (172.18.100.101) differently on the host - while the 172.18.0.0 subnet is still there. I am not sure whether this is possible. I have tried it with adding routes, but no help, probably because it gets added after the 172.18.0.0 rule and not before it.
$ sudo route add -host 172.18.100.101 dev eth0
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.x.x.x 0.0.0.0 UG 0 0 0 eth0
172.17.1.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-0a7f3dfsudo ip route show to match 172.18.198.12038b5c
172.18.100.101 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-636432c82f83
Any ideas? I guess the question is how to add an "exception" routing for a select ip (or subnet) and make sure that it is applied before the main rule.
EDIT (2018-06-21):
The issue is not about trying to connect t a service in a Docker container. My problem is that on my network there is a service (on a different server, not owned/controlled by me) with ip 172.18.100.101, but I cannot connect to this service from this host, as on this host Docker automatically assigns the 172.18.0.0 range to a bridge network it creates, so any connection attempts to 172.18.100.101 gets sent to bridge Docker created and not to that external host.
routing docker
edited Dec 15 at 22:22
Rui F Ribeiro
38.9k1479129
asked Jun 20 at 16:40
Zoltan Fedor
1116
add a comment |
I have a docker host (CentOs7) where I am running multiple dockerized applications and will be having even more in the future.
The problem that I have an external service which I need to access from the host, which uses an 172.18.100.101 address.
Docker automatically assigns subnets for the bridge networks it creates, 172.18.x, 172.19.x, etc:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.x.x.x 0.0.0.0 UG 0 0 0 eth0
172.17.1.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-0a7f3df38b5c
172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-636432c82f83
The options I see:
1. Tell Docker NOT to use the 172.18.0.0 subnet for the bridges. I don't think this is possible in docker.
2. For each docker container I could start specifying a subnet - but this becomes very problematic, as you need to ensure they don't clash, plus docker-compose.yml files are shared across hosts, so this is a management nightmare.
3. Try to route the required ip (172.18.100.101) differently on the host - while the 172.18.0.0 subnet is still there. I am not sure whether this is possible. I have tried it with adding routes, but no help, probably because it gets added after the 172.18.0.0 rule and not before it.
$ sudo route add -host 172.18.100.101 dev eth0
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.x.x.x 0.0.0.0 UG 0 0 0 eth0
172.17.1.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-0a7f3dfsudo ip route show to match 172.18.198.12038b5c
172.18.100.101 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-636432c82f83
Any ideas? I guess the question is how to add an "exception" routing for a select ip (or subnet) and make sure that it is applied before the main rule.
EDIT (2018-06-21):
The issue is not about trying to connect t a service in a Docker container. My problem is that on my network there is a service (on a different server, not owned/controlled by me) with ip 172.18.100.101, but I cannot connect to this service from this host, as on this host Docker automatically assigns the 172.18.0.0 range to a bridge network it creates, so any connection attempts to 172.18.100.101 gets sent to bridge Docker created and not to that external host.
routing docker
edited Dec 15 at 22:22
Rui F Ribeiro
38.9k1479129
asked Jun 20 at 16:40
Zoltan Fedor
1116
I know that by adjusting the Metric I could achieve priority between the routing rules, but the problem is that the lowest Metric is the one with highest priority and I don't think I can set a non-zero priority for those bridges created by docker automatically.
– Zoltan Fedor
Jun 20 at 20:52
add a comment |
I have a docker host (CentOs7) where I am running multiple dockerized applications and will be having even more in the future.
The problem that I have an external service which I need to access from the host, which uses an 172.18.100.101 address.
Docker automatically assigns subnets for the bridge networks it creates, 172.18.x, 172.19.x, etc:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.x.x.x 0.0.0.0 UG 0 0 0 eth0
172.17.1.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-0a7f3df38b5c
172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-636432c82f83
The options I see:
1. Tell Docker NOT to use the 172.18.0.0 subnet for the bridges. I don't think this is possible in docker.
2. For each docker container I could start specifying a subnet - but this becomes very problematic, as you need to ensure they don't clash, plus docker-compose.yml files are shared across hosts, so this is a management nightmare.
3. Try to route the required ip (172.18.100.101) differently on the host - while the 172.18.0.0 subnet is still there. I am not sure whether this is possible. I have tried it with adding routes, but no help, probably because it gets added after the 172.18.0.0 rule and not before it.
$ sudo route add -host 172.18.100.101 dev eth0
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.x.x.x 0.0.0.0 UG 0 0 0 eth0
172.17.1.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-0a7f3dfsudo ip route show to match 172.18.198.12038b5c
172.18.100.101 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-636432c82f83
Any ideas? I guess the question is how to add an "exception" routing for a select ip (or subnet) and make sure that it is applied before the main rule.
EDIT (2018-06-21):
The issue is not about trying to connect t a service in a Docker container. My problem is that on my network there is a service (on a different server, not owned/controlled by me) with ip 172.18.100.101, but I cannot connect to this service from this host, as on this host Docker automatically assigns the 172.18.0.0 range to a bridge network it creates, so any connection attempts to 172.18.100.101 gets sent to bridge Docker created and not to that external host.
routing docker
edited Dec 15 at 22:22
Rui F Ribeiro
38.9k1479129
asked Jun 20 at 16:40
Zoltan Fedor
1116
I have a docker host (CentOs7) where I am running multiple dockerized applications and will be having even more in the future.
The problem that I have an external service which I need to access from the host, which uses an 172.18.100.101 address.
Docker automatically assigns subnets for the bridge networks it creates, 172.18.x, 172.19.x, etc:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.x.x.x 0.0.0.0 UG 0 0 0 eth0
172.17.1.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-0a7f3df38b5c
172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-636432c82f83
The options I see:
1. Tell Docker NOT to use the 172.18.0.0 subnet for the bridges. I don't think this is possible in docker.
2. For each docker container I could start specifying a subnet - but this becomes very problematic, as you need to ensure they don't clash, plus docker-compose.yml files are shared across hosts, so this is a management nightmare.
3. Try to route the required ip (172.18.100.101) differently on the host - while the 172.18.0.0 subnet is still there. I am not sure whether this is possible. I have tried it with adding routes, but no help, probably because it gets added after the 172.18.0.0 rule and not before it.
$ sudo route add -host 172.18.100.101 dev eth0
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.x.x.x 0.0.0.0 UG 0 0 0 eth0
172.17.1.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-0a7f3dfsudo ip route show to match 172.18.198.12038b5c
172.18.100.101 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-636432c82f83
Any ideas? I guess the question is how to add an "exception" routing for a select ip (or subnet) and make sure that it is applied before the main rule.
EDIT (2018-06-21):
The issue is not about trying to connect t a service in a Docker container. My problem is that on my network there is a service (on a different server, not owned/controlled by me) with ip 172.18.100.101, but I cannot connect to this service from this host, as on this host Docker automatically assigns the 172.18.0.0 range to a bridge network it creates, so any connection attempts to 172.18.100.101 gets sent to bridge Docker created and not to that external host.
routing docker
routing docker
edited Dec 15 at 22:22
Rui F Ribeiro
38.9k1479129
asked Jun 20 at 16:40
Zoltan Fedor
1116
edited Dec 15 at 22:22
Rui F Ribeiro
38.9k1479129
asked Jun 20 at 16:40
Zoltan Fedor
1116
edited Dec 15 at 22:22
Rui F Ribeiro
38.9k1479129
edited Dec 15 at 22:22
Rui F Ribeiro
38.9k1479129
edited Dec 15 at 22:22
Rui F Ribeiro
38.9k1479129
38.9k1479129
asked Jun 20 at 16:40
Zoltan Fedor
1116
asked Jun 20 at 16:40
Zoltan Fedor
1116
asked Jun 20 at 16:40
Zoltan Fedor
1116
1116
I know that by adjusting the Metric I could achieve priority between the routing rules, but the problem is that the lowest Metric is the one with highest priority and I don't think I can set a non-zero priority for those bridges created by docker automatically.
– Zoltan Fedor
Jun 20 at 20:52
add a comment |
I know that by adjusting the Metric I could achieve priority between the routing rules, but the problem is that the lowest Metric is the one with highest priority and I don't think I can set a non-zero priority for those bridges created by docker automatically.
– Zoltan Fedor
Jun 20 at 20:52
I know that by adjusting the Metric I could achieve priority between the routing rules, but the problem is that the lowest Metric is the one with highest priority and I don't think I can set a non-zero priority for those bridges created by docker automatically.
– Zoltan Fedor
Jun 20 at 20:52
I know that by adjusting the Metric I could achieve priority between the routing rules, but the problem is that the lowest Metric is the one with highest priority and I don't think I can set a non-zero priority for those bridges created by docker automatically.
– Zoltan Fedor
Jun 20 at 20:52
add a comment |
2 Answers
2
active
oldest
votes
The Docker bridge network is just one of many options for configuring the networking. The Docker network documentation lists many different network plugins you can use for communications with containers.
If you just need to connect to a service in a Docker container, messing with the network is a bit overkill as you are able to open a service port on the host attached to port in Docker. Docker calls this "publishing ports" and is used in the docker run command with the flag --publish or -p. There should be no need to connect to a Docker container directly.
Though, if you do want to connect directly to the container, Docker will certainly let you configure that.
EDIT: I misunderstood the original question was about host routing.
Regarding host routing, Docker does let you change the network ranges it uses. If you are using docker to create your networks, you can configure the docker0 interface to whatever range you want, make sure to pick one not currently in use on your network.
If you use docker-compose to create the networks, then you need to configure the network ranges in the docker-compose.yml file for that project.
answered Jun 21 at 0:06
GracefulRestart
1,09427
1
I am sorry, probably my description wasn't clear. The issue is not about trying to connect a service in a Docker container. My problem is that on my network there is a service (on a different server, not owned/controlled by me) with ip 172.18.100.101, but I cannot connect to this service, as Docker automatically assigns the 172.18.0.0 range to a bridge network it creates.
– Zoltan Fedor
Jun 21 at 14:29
1
ok, now I see the routes with overlapping subnets on172.18.0.0/255.255.0.0and understand the issue better. I have made an edit with some info that might help.
– GracefulRestart
Jun 21 at 22:20
Thanks. Yes, we use docker-compose, which is why I was hoping to find something better than hardcoding into each project's docker-compose.yml file the network range to be used as with multiple projects deployed on multiple nodes that is a maintenance nightmare (to make sure that they never clash with each other). This is why I was hoping to find a more elegant solution.
– Zoltan Fedor
Jun 27 at 18:39
add a comment |
Routes with larger prefixes (like your 172.18.100.101 host route) will have higher priority than routes with a smaller prefix (like the /16 routes added by docker). So, your initial approach should work. However, unless 172.18.100.101 is directly reachable on eth0, you will need to specify a gateway for it as well.
e.g:
ip route add 172.18.100.101/32 via 10.x.x.x dev eth0
answered Dec 15 at 23:06
user234931
33115
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f450924%2fhow-to-make-docker-not-to-use-a-subnet-as-a-bridge-network-or-add-a-routing-exce%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
The Docker bridge network is just one of many options for configuring the networking. The Docker network documentation lists many different network plugins you can use for communications with containers.
If you just need to connect to a service in a Docker container, messing with the network is a bit overkill as you are able to open a service port on the host attached to port in Docker. Docker calls this "publishing ports" and is used in the docker run command with the flag --publish or -p. There should be no need to connect to a Docker container directly.
Though, if you do want to connect directly to the container, Docker will certainly let you configure that.
EDIT: I misunderstood the original question was about host routing.
Regarding host routing, Docker does let you change the network ranges it uses. If you are using docker to create your networks, you can configure the docker0 interface to whatever range you want, make sure to pick one not currently in use on your network.
If you use docker-compose to create the networks, then you need to configure the network ranges in the docker-compose.yml file for that project.
answered Jun 21 at 0:06
GracefulRestart
1,09427
1
I am sorry, probably my description wasn't clear. The issue is not about trying to connect a service in a Docker container. My problem is that on my network there is a service (on a different server, not owned/controlled by me) with ip 172.18.100.101, but I cannot connect to this service, as Docker automatically assigns the 172.18.0.0 range to a bridge network it creates.
– Zoltan Fedor
Jun 21 at 14:29
1
ok, now I see the routes with overlapping subnets on172.18.0.0/255.255.0.0and understand the issue better. I have made an edit with some info that might help.
– GracefulRestart
Jun 21 at 22:20
Thanks. Yes, we use docker-compose, which is why I was hoping to find something better than hardcoding into each project's docker-compose.yml file the network range to be used as with multiple projects deployed on multiple nodes that is a maintenance nightmare (to make sure that they never clash with each other). This is why I was hoping to find a more elegant solution.
– Zoltan Fedor
Jun 27 at 18:39
add a comment |
The Docker bridge network is just one of many options for configuring the networking. The Docker network documentation lists many different network plugins you can use for communications with containers.
If you just need to connect to a service in a Docker container, messing with the network is a bit overkill as you are able to open a service port on the host attached to port in Docker. Docker calls this "publishing ports" and is used in the docker run command with the flag --publish or -p. There should be no need to connect to a Docker container directly.
Though, if you do want to connect directly to the container, Docker will certainly let you configure that.
EDIT: I misunderstood the original question was about host routing.
Regarding host routing, Docker does let you change the network ranges it uses. If you are using docker to create your networks, you can configure the docker0 interface to whatever range you want, make sure to pick one not currently in use on your network.
If you use docker-compose to create the networks, then you need to configure the network ranges in the docker-compose.yml file for that project.
answered Jun 21 at 0:06
GracefulRestart
1,09427
1
I am sorry, probably my description wasn't clear. The issue is not about trying to connect a service in a Docker container. My problem is that on my network there is a service (on a different server, not owned/controlled by me) with ip 172.18.100.101, but I cannot connect to this service, as Docker automatically assigns the 172.18.0.0 range to a bridge network it creates.
– Zoltan Fedor
Jun 21 at 14:29
1
ok, now I see the routes with overlapping subnets on172.18.0.0/255.255.0.0and understand the issue better. I have made an edit with some info that might help.
– GracefulRestart
Jun 21 at 22:20
Thanks. Yes, we use docker-compose, which is why I was hoping to find something better than hardcoding into each project's docker-compose.yml file the network range to be used as with multiple projects deployed on multiple nodes that is a maintenance nightmare (to make sure that they never clash with each other). This is why I was hoping to find a more elegant solution.
– Zoltan Fedor
Jun 27 at 18:39
add a comment |
The Docker bridge network is just one of many options for configuring the networking. The Docker network documentation lists many different network plugins you can use for communications with containers.
If you just need to connect to a service in a Docker container, messing with the network is a bit overkill as you are able to open a service port on the host attached to port in Docker. Docker calls this "publishing ports" and is used in the docker run command with the flag --publish or -p. There should be no need to connect to a Docker container directly.
Though, if you do want to connect directly to the container, Docker will certainly let you configure that.
EDIT: I misunderstood the original question was about host routing.
Regarding host routing, Docker does let you change the network ranges it uses. If you are using docker to create your networks, you can configure the docker0 interface to whatever range you want, make sure to pick one not currently in use on your network.
If you use docker-compose to create the networks, then you need to configure the network ranges in the docker-compose.yml file for that project.
answered Jun 21 at 0:06
GracefulRestart
1,09427
The Docker bridge network is just one of many options for configuring the networking. The Docker network documentation lists many different network plugins you can use for communications with containers.
If you just need to connect to a service in a Docker container, messing with the network is a bit overkill as you are able to open a service port on the host attached to port in Docker. Docker calls this "publishing ports" and is used in the docker run command with the flag --publish or -p. There should be no need to connect to a Docker container directly.
Though, if you do want to connect directly to the container, Docker will certainly let you configure that.
EDIT: I misunderstood the original question was about host routing.
Regarding host routing, Docker does let you change the network ranges it uses. If you are using docker to create your networks, you can configure the docker0 interface to whatever range you want, make sure to pick one not currently in use on your network.
If you use docker-compose to create the networks, then you need to configure the network ranges in the docker-compose.yml file for that project.
answered Jun 21 at 0:06
GracefulRestart
1,09427
edited Jun 21 at 22:20
answered Jun 21 at 0:06
GracefulRestart
1,09427
answered Jun 21 at 0:06
GracefulRestart
1,09427
answered Jun 21 at 0:06
GracefulRestart
1,09427
1,09427
1
I am sorry, probably my description wasn't clear. The issue is not about trying to connect a service in a Docker container. My problem is that on my network there is a service (on a different server, not owned/controlled by me) with ip 172.18.100.101, but I cannot connect to this service, as Docker automatically assigns the 172.18.0.0 range to a bridge network it creates.
– Zoltan Fedor
Jun 21 at 14:29
1
ok, now I see the routes with overlapping subnets on172.18.0.0/255.255.0.0and understand the issue better. I have made an edit with some info that might help.
– GracefulRestart
Jun 21 at 22:20
Thanks. Yes, we use docker-compose, which is why I was hoping to find something better than hardcoding into each project's docker-compose.yml file the network range to be used as with multiple projects deployed on multiple nodes that is a maintenance nightmare (to make sure that they never clash with each other). This is why I was hoping to find a more elegant solution.
– Zoltan Fedor
Jun 27 at 18:39
add a comment |
1
I am sorry, probably my description wasn't clear. The issue is not about trying to connect a service in a Docker container. My problem is that on my network there is a service (on a different server, not owned/controlled by me) with ip 172.18.100.101, but I cannot connect to this service, as Docker automatically assigns the 172.18.0.0 range to a bridge network it creates.
– Zoltan Fedor
Jun 21 at 14:29
1
ok, now I see the routes with overlapping subnets on172.18.0.0/255.255.0.0and understand the issue better. I have made an edit with some info that might help.
– GracefulRestart
Jun 21 at 22:20
Thanks. Yes, we use docker-compose, which is why I was hoping to find something better than hardcoding into each project's docker-compose.yml file the network range to be used as with multiple projects deployed on multiple nodes that is a maintenance nightmare (to make sure that they never clash with each other). This is why I was hoping to find a more elegant solution.
– Zoltan Fedor
Jun 27 at 18:39
1
1
I am sorry, probably my description wasn't clear. The issue is not about trying to connect a service in a Docker container. My problem is that on my network there is a service (on a different server, not owned/controlled by me) with ip 172.18.100.101, but I cannot connect to this service, as Docker automatically assigns the 172.18.0.0 range to a bridge network it creates.
– Zoltan Fedor
Jun 21 at 14:29
I am sorry, probably my description wasn't clear. The issue is not about trying to connect a service in a Docker container. My problem is that on my network there is a service (on a different server, not owned/controlled by me) with ip 172.18.100.101, but I cannot connect to this service, as Docker automatically assigns the 172.18.0.0 range to a bridge network it creates.
– Zoltan Fedor
Jun 21 at 14:29
1
1
ok, now I see the routes with overlapping subnets on
172.18.0.0/255.255.0.0 and understand the issue better. I have made an edit with some info that might help.– GracefulRestart
Jun 21 at 22:20
ok, now I see the routes with overlapping subnets on
172.18.0.0/255.255.0.0 and understand the issue better. I have made an edit with some info that might help.– GracefulRestart
Jun 21 at 22:20
Thanks. Yes, we use docker-compose, which is why I was hoping to find something better than hardcoding into each project's docker-compose.yml file the network range to be used as with multiple projects deployed on multiple nodes that is a maintenance nightmare (to make sure that they never clash with each other). This is why I was hoping to find a more elegant solution.
– Zoltan Fedor
Jun 27 at 18:39
Thanks. Yes, we use docker-compose, which is why I was hoping to find something better than hardcoding into each project's docker-compose.yml file the network range to be used as with multiple projects deployed on multiple nodes that is a maintenance nightmare (to make sure that they never clash with each other). This is why I was hoping to find a more elegant solution.
– Zoltan Fedor
Jun 27 at 18:39
add a comment |
Routes with larger prefixes (like your 172.18.100.101 host route) will have higher priority than routes with a smaller prefix (like the /16 routes added by docker). So, your initial approach should work. However, unless 172.18.100.101 is directly reachable on eth0, you will need to specify a gateway for it as well.
e.g:
ip route add 172.18.100.101/32 via 10.x.x.x dev eth0
answered Dec 15 at 23:06
user234931
33115
add a comment |
Routes with larger prefixes (like your 172.18.100.101 host route) will have higher priority than routes with a smaller prefix (like the /16 routes added by docker). So, your initial approach should work. However, unless 172.18.100.101 is directly reachable on eth0, you will need to specify a gateway for it as well.
e.g:
ip route add 172.18.100.101/32 via 10.x.x.x dev eth0
answered Dec 15 at 23:06
user234931
33115
add a comment |
Routes with larger prefixes (like your 172.18.100.101 host route) will have higher priority than routes with a smaller prefix (like the /16 routes added by docker). So, your initial approach should work. However, unless 172.18.100.101 is directly reachable on eth0, you will need to specify a gateway for it as well.
e.g:
ip route add 172.18.100.101/32 via 10.x.x.x dev eth0
answered Dec 15 at 23:06
user234931
33115
Routes with larger prefixes (like your 172.18.100.101 host route) will have higher priority than routes with a smaller prefix (like the /16 routes added by docker). So, your initial approach should work. However, unless 172.18.100.101 is directly reachable on eth0, you will need to specify a gateway for it as well.
e.g:
ip route add 172.18.100.101/32 via 10.x.x.x dev eth0
answered Dec 15 at 23:06
user234931
33115
answered Dec 15 at 23:06
user234931
33115
answered Dec 15 at 23:06
user234931
33115
answered Dec 15 at 23:06
user234931
33115
33115
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f450924%2fhow-to-make-docker-not-to-use-a-subnet-as-a-bridge-network-or-add-a-routing-exce%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
I know that by adjusting the Metric I could achieve priority between the routing rules, but the problem is that the lowest Metric is the one with highest priority and I don't think I can set a non-zero priority for those bridges created by docker automatically.
– Zoltan Fedor
Jun 20 at 20:52