Understanding Docker Networks and resolving conflict with Docker Subnet IP Range!
Published in
3 min readMar 18, 2021
- As we all know, By default Docker creates 3 networks automatically
Bridge, Host, and None network.
Bridge Network
- The private internal network created by default.
- Every container is attached to this by default and gets an IP or range 172.17.*.*
- Containers can also access each other using this IP if required.
- For accessing internal IPs we need to map the port of the container to the docker host using the –p flag.
By default, Docker uses 172.17.0.0/16 subnet range.
Host Network
- In this network, all the containers use the docker host’s IP and no mapping is required.
- We can directly use the PORT as everything is available at HOST’s network.
- But not we can’t have multiple containers running on the same PORT in docker as it would have been possible in the Bridge network.
None Network
- Containers are not attached to any network and don’t have access to other containers or external networks.
We can also create our own networks as per out needs, more
Conflict with Docker Default Bridge IP Range
- In my case, I have been using an external Database system that has an IP in the range of 172.17.*.*
- so, when I am trying to connect with the system, It was not able to as docker bridge thinks that it is a container internal Ip and it was not going through the default gateway.
- I was getting NoRouteToHostException, which can be caused due to some firewall or networking issue.
java.net.NoRouteToHostException: No route to host at java.net.PlainSocketImpl.socketConnect(Native Method)- And when I check my route of the container
$netstat -rnKernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.31.16.1 0.0.0.0 UG 0 0 0 eth0
169.254.169.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-e9768d205a82
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.31.16.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
- docker0 is the default docker bridge and it is handling all destinations starting 172.17.*.*
Solution
- for solving this issue I have to change the Default Bridge IP range to some other address, like 172.26.*.*
- this could be done by editing /etc/docker/daemon.json docker host.
- we will have to add a new field “bip”: “172.26.0.1/16” and restart the docker service.
sudo vi /etc/docker/daemon.jsonThe JSON will look like this after you updated it:
{
...
..."bip": "172.26.0.1/16"
}
… is the content you already had before
- Now, Restart Docker service
sudo systemctl restart docker- Check the routing table, we should be able to see the changed IP Range
netstat -rnYou should see the following output (see the relevant line in bold):
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.31.16.1 0.0.0.0 UG 0 0 0 eth0
169.254.169.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-e9768d205a82
172.26.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.31.16.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0- That's it, now we can connect to our required system having IP starting with 172.17.*.* as there is no conflict and our IP goes through default gateway.
thanks, #HappyCoding
