You are not logged in.
I saw that topic but it didn't help : [SOLVED] Docker breaks existing bridge I use for KVM/QEMU
I use a bridge with DHCP and attach all eno interfaces in it.
br0.netdev
[NetDev]
Name=br0
Kind=bridgebr0.network
[Match]
Name=br0
[Network]
DHCP=ipv4
[DHCP]
UseDNS=true
RouteMetric=10enoX.network
[Match]
Name=en*
[Network]
Bridge=br0
[DHCP]
RouteMetric=10I changed my gateway to not match first ip of the network, to let docker get it for containers
root@osz ~# ip route
default via 192.168.1.254 dev br0 proto dhcp src 192.168.1.20 metric 10
root@osz ~# ip a show br0
2: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 82:00:0a:46:10:88 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.20/24 brd 192.168.1.255 scope global dynamic br0
valid_lft 84839sec preferred_lft 84839secI tell docker to :
- not use iptables as Archlinux wiki / Docker / Starting Docker breaks KVM bridged networking
- use existing bridge as Serverfault / Networking between KVM VM and docker container on same host
/etc/docker/daemon.json
{
"bridge": "br0",
"iptables": false
}When i start a docker container my host lose its connectivity after few time.
Also, an APIPA address is set to the interface host side, strange part is that docker inspect tells me that container as first ip of network and that i can ping it.
1° I start the container
root@osz /e/s/network# docker run -d -p 8080:80 nginx
8f083a9032d3e6d2798dafa13981fe322d78ba2e32fe7caf3b9c4a26f577f3932° I can see the container interface in bridge and ping it
root@osz /e/s/network# brctl show br0
bridge name bridge id STP enabled interfaces
br0 8000.82000a461088 no eno1
veth20ebda5
root@osz /e/s/network# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8f083a9032d3 nginx "nginx -g 'daemon of…" 10 seconds ago Up 9 seconds 0.0.0.0:8080->80/tcp strange_maxwell
root@osz /e/s/network# docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' 8f083a9032d3
192.168.1.1
root@osz /e/s/network# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.235 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.085 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.061 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=0.087 ms
64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=0.091 ms
^C
--- 192.168.1.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4066ms
rtt min/avg/max/mdev = 0.061/0.111/0.235/0.062 ms3° Host side, after X seconds, interface get 'nodhcp' address, but 192.168.1.1 is still pingable
root@osz /e/s/network# ip a show veth20ebda5
21: veth20ebda5@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default
link/ether 2a:de:92:fb:53:6b brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::28de:92ff:fefb:536b/64 scope link
valid_lft forever preferred_lft forever
root@osz /e/s/network# ip a show veth20ebda5
21: veth20ebda5@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default
link/ether 2a:de:92:fb:53:6b brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 169.254.225.90/16 brd 169.254.255.255 scope global veth20ebda5
valid_lft forever preferred_lft forever
inet6 fe80::28de:92ff:fefb:536b/64 scope link
valid_lft forever preferred_lft forever
root@osz /e/s/network# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.100 ms
^C
--- 192.168.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.100/0.100/0.100/0.000 msI think a bad route break my host connectivity
root@osz /e/s/network# ip route
default dev veth20ebda5 scope link
default via 192.168.1.254 dev br0 proto dhcp src 192.168.1.20 metric 10
169.254.0.0/16 dev veth20ebda5 proto kernel scope link src 169.254.225.90
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.20
192.168.1.254 dev br0 proto dhcp scope link src 192.168.1.20 metric 10
root@osz /e/s/network# ping www.google.fr
^C⏎ If i kill the container, connectivity comes back
root@osz /e/s/network# docker kill 8f083a9032d3e6d2798dafa13981fe322d78ba2e32fe7caf3b9c4a26f577f393
8f083a9032d3e6d2798dafa13981fe322d78ba2e32fe7caf3b9c4a26f577f393
root@osz /e/s/network# ping www.google.fr
PING www.google.fr (216.58.198.195) 56(84) bytes of data.
64 bytes from par10s27-in-f195.1e100.net (216.58.198.195): icmp_seq=1 ttl=53 time=13.9 ms
^C
--- www.google.fr ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 13.910/13.910/13.910/0.000 msI'm a bit lost, any help would be appreciated.
Last edited by eolien (2019-11-08 21:20:29)
Offline
It doesn't come from my bridge.
If i remove my bridge and configure my eno1 interface normally, problem still here.
Flushed every iptables, reinstalling docker, default configuration.
When i start a docker container, that strange route comes after 30sec....
I created an issue on docker/libnetwork : https://github.com/docker/libnetwork/issues/2481
Last edited by eolien (2019-11-08 21:20:00)
Offline
I have another archlinux host at work, and this doesn't appears.
Something is bringing that route up, i don't know how to debug this...
Any help to debug this would be appreciated
- This is not bridge related, with only my wired interface configured, it also add the route
- This is not docker conf related, reinstalled package, erasing /var/lib/docker completly, restarting fresh docker, iptables services
Last edited by eolien (2019-12-11 13:15:16)
Offline
That was connman related.
Offline