libnetwork icon indicating copy to clipboard operation
libnetwork copied to clipboard
verified publisher icon moby

[feature request]a specific option of "bridge" network driver to attach the user-defined bridge network to a network interface on Docker host

Open immarvin opened this issue 9 years ago • 19 comments

request description:

To create a bridge network attached to a network interface on docker host, I have to try the following 3 steps

1.docker network create --driver=bridge --gateway=10.5.107.1 --subnet=10.5.107.0/8 --ip-range=10.5.107.100/30 -o "com.docker.network.bridge.name"="br0" -o "com.docker.network.bridge.host_binding_ipv4"="10.5.107.1" subnet1
2.;ip addr del dev eno1 10.5.107.1/8
3.;brctl addif br0 eno1
4.ip link set br0 up

is it possible to finish the 3 steps above in 1 "docker network" command? is there any option to achieve this?

Describe the results you expected

create a user defined bridge network and attach it to a network interface on docker host with one "docker network create"

Background

I am trying to dockerize my project and encourage users to use run my service inside docker container instead of traditional installation way, I have finished the docker image build and draft a documentation(http://10.3.5.21/doc/advanced/docker/run_xcat_in_docker.html) to run it in docker, I encountered some problem while trying to start container with docker compose instead of following the doc step-by-step, since I can not include the following 2,3,4 steps in the docker-compose.yml:

1.docker network create --driver=bridge --gateway=10.5.107.1 --subnet=10.5.107.0/8 --ip-range=10.5.107.100/30 -o "com.docker.network.bridge.name"="br0" -o "com.docker.network.bridge.host_binding_ipv4"="10.5.107.1" subnet1
2.;ip addr del dev eno1 10.5.107.1/8
3.;brctl addif br0 eno1
4.ip link set br0 up

thanks

immarvin avatar Mar 10 '16 01:03 immarvin

@immarvin we have been thinking about this feature as well. @aboch pls add your inputs.

mavenugo avatar Mar 13 '16 01:03 mavenugo

hi @mavenugo ,thanks

immarvin avatar Mar 13 '16 01:03 immarvin

Related:

Using external bridge to phyical NIC breaks the default docker0 for me. And in turn cannot build anything (as docker build uses docker0).

https://github.com/docker/docker/issues/21141

dreamcat4 avatar Mar 13 '16 16:03 dreamcat4

So this proposal provides containers in this network to get to use IPs provided by the dns on the bridge and get external connectivity via bridge. This avoids NAT... Am i right?

sainath14 avatar Mar 18 '16 19:03 sainath14

hi @sainath14 , this proposal is to attach the bridge create by "docker network create" to a specified network interface and the bridge will inherit the network configuration of the network interface.

so that the containers connected with the docker network object will get external connectivity via the bridge. on "This avoids NAT." , can you explain a bit?

immarvin avatar Mar 21 '16 07:03 immarvin

@immarvin: @sainath14 means that when using the docker0 bridge, only the IP address of the host system is visible from the devices that the containers communicate with. By this way, Docker containers are not visible from them from a network point of view.

On the other hand, when using a custom bridge on which you connect a NIC, containers are visible just like independent devices, such as virtual machines or physical ones.

SkypLabs avatar Mar 21 '16 10:03 SkypLabs

@SkypLabs @immarvin got it... you confirmed my understanding

sainath14 avatar Mar 21 '16 23:03 sainath14

any update on this?

immarvin avatar Mar 25 '16 07:03 immarvin

@immarvin we are in Docker 1.11 code-freeze and hence this feature will have to wait for the subsequent Docker release. I think we should synchronize this with https://github.com/docker/libnetwork/issues/1023.

mavenugo avatar Mar 25 '16 07:03 mavenugo

hi @mavenugo ,thanks

immarvin avatar Mar 25 '16 07:03 immarvin

Has this feature been added to docker? Either through docker network create or through docker-compose.yml file?

Preferably, would be nice to be able to add something like the following to my docker-compose.yml:

networks:
    ponmgmt:
         driver: bridge
         driver_opts:
              device: eth1  <-- equivalent of me manually doing "sudo brctl addif ponmgmt eth1"

ovidiudurbalau avatar Mar 22 '17 17:03 ovidiudurbalau

Is this still being worked on? I'm using an application that relies on broadcasting, currently this is an all-or-nothing problem because I have to either set --net=host, which exposes all interfaces and dbus to this application, or use the default bridge option, which would break the application.

What I want to do is docker run --net=br0 --ip=192.168.1.2, which would attach the container veth to br0 and assign 192.168.1.2. I'm not sure how the netmask and gateway are set though.

I think there are some people creating br0 with docker and then attaching eno1, but since that's my servers primary connection I'd like to avoid that.

kpcyrd avatar Nov 11 '17 23:11 kpcyrd

I have a simuler problem, need "cloned" services with broadcasting on existing bridge.

izznogooood avatar Nov 17 '17 00:11 izznogooood

I've solved my problem by creating a docker network for my existing bridge:

docker network create --driver macvlan --subnet 192.168.1.0/24 --gateway 192.168.1.1 -o parent=br0 lan

Afterwards you can run containers directly in this network (drop --ip to use a random ip, this may cause collisions YMMV):

docker run --rm --net=lan --ip=192.168.1.123 debian:latest ip a

kpcyrd avatar Nov 17 '17 03:11 kpcyrd

Thanks. This will solve my problem.

Still would like to se veth feature so docker can draw dhcp from an external source thus avoiding collision.

izznogooood avatar Nov 17 '17 08:11 izznogooood

+1 for implementing this feature 👍

ghost avatar Jan 19 '18 11:01 ghost

+2

i-am-logger avatar Apr 15 '18 06:04 i-am-logger

+1

mgmorcos avatar Apr 15 '18 06:04 mgmorcos

Qnap implemented it quite nicely with the qnet driver.

https://qnap-dev.github.io/container-station-api/qnet.html#docker-compose

i-am-logger avatar Apr 15 '18 06:04 i-am-logger