Docker – Routing among different docker networks on the same host machine

dockernetworking

I have created two docker networks.

docker network create --subnet=172.18.0.0/16 Docker_network_1
docker network create --subnet=172.19.0.0/16 Docker_network_2

On each one of them I run two different containers:

docker run --rm -it --name Container_1 --net Docker_network_1  alpine /bin/sh
docker run --rm -it --name Container_2 --net Docker_network_2  alpine /bin/sh

Container_1 has IP 172.18.0.2 whereas Container_2 has IP 172.19.0.2.

From Container_1 I can ping the docker interface IP 172.19.0.1 which belongs to Docker_network_2 but I cannot ping Container_2 IP 172.19.0.2.

I don't understand why since "routing" on my host machine seems correct:

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    1024   0        0 eth0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
172.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-ea28cf2d7108
172.19.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-244606ad6705

Best Answer

Tailing on @user 's answer. A little bit safer way to do is is to add rules to allow the networks to talk to each other instead of flushing everything.

This is what worked for me:

sudo iptables -I DOCKER-ISOLATION-STAGE-2 -o docker0 -i othernet -j ACCEPT
sudo iptables -I DOCKER-ISOLATION-STAGE-2 -o othernet -i docker0 -j ACCEPT

I have yet to find a non-hacky way to do this automatically.

Related Solutions

Networking – Use Specific Interface for Outbound Connections on Ubuntu 9.04

You should only have one default gateway. If you remove the gateway line from eth1, it'll all just work (after networking is restarted).

Centos 6.2 Fresh ‘Basic Server’ install networking issues

Your routes and configuration look fine.

$: route -n
Destination // Gateway // Genmask // Flags // Metric // Ref // Use // Iface
66.*.*.0       0.0.0.0    255.255.255.248   U   1003      0   0     0  em2
0.0.0.0        66.*.*.1   0.0.0.0           UG     0      0   0     0  em2

The first route, 66.*.*.0/29 with gateway 0.0.0.0 tells your computer to use interface em2 and then make an arp request to find the hardware address of the host you're trying to reach. This is a "connected" route.

The second one is the default route, pointing at your default gateway through em2. If you need to send a packet in another network than 66.*.*.0/29, your computer will make an arp request to find 66.*.*.1 and then send the packets to it.

The only thing in your configuration that could be an issue is the NM_CONTROLLED=yes statement in /etc/sysconfig/network-scripts/ifcfg-em2. This tells the system that this interface is controlled by NetworkManager. This could interfere with your static configuration.

However, even without any default gateway you should be able to ping and ssh from the 66.*.*.0/29 subnet to your machine.

Check layer 1 first, and ensure that the cable is plugged on each side. Use leds on nic and switch, and check if the system sees it correctly:

# mii-tool
eth0: negotiated 1000baseT-FD flow-control, link ok

Then verify if any iptables are dropping the packets. Use iptables -L or iptables-save to check for any rules, and iptables -D <rule> to delete them. Pay attention to the default policy.

Also, on some systems, NetworkManager can configure ufw automatically, and I've had issues with static interface configuration that wasn't seen by NM and hence blocked by ufw.

Best Answer

Related Solutions

Networking – Use Specific Interface for Outbound Connections on Ubuntu 9.04

Centos 6.2 Fresh ‘Basic Server’ install networking issues

Related Topic