Skip to content

Docker fixed CIDR IP allocation

Docker fixed CIDR IP allocation is a network configuration strategy used to limit the range of IP addresses assigned to containers by the Docker daemon.^[600-developer__docker__docker-bridge.md] This is particularly necessary in bridged network environments where multiple network interfaces or hosts must reside within the same network subnet.^[600-developer__docker__docker-bridge.md]

By default, Docker manages IP allocation automatically; however, in scenarios involving custom bridges or multi-host networking, explicit allocation ranges prevent IP conflicts and ensure proper network segmentation.^[600-developer__docker__docker-bridge.md]

Configuration

To implement a fixed CIDR allocation, the Docker daemon configuration must be modified, typically within the /etc/sysconfig/docker file^[600-developer__docker__docker-bridge.md]. The configuration uses two primary options:

  • -b: Specifies the bridge interface the Docker daemon should use instead of the default docker0^[600-developer__docker__docker-bridge.md].
  • --fixed-cidr: Defines the specific subnet range (e.g., 192.168.2.64/26) from which the daemon will allocate IPs to containers^[600-developer__docker__docker-bridge.md].

A typical configuration entry might look like this: DOCKER_OPTS="-b=br1 --fixed-cidr='192.168.2.64/26' "^[600-developer__docker__docker-bridge.md]

After saving the configuration changes, the Docker service must be restarted for the new rules to take effect^[600-developer__docker__docker-bridge.md].

Multi-host Segmentation

In a multi-host setup, this technique allows administrators to segment the IP range of a shared subnet across different physical hosts^[600-developer__docker__docker-bridge.md]. For example, Host1 might be configured with --fixed-cidr='192.168.2.64/26', while Host2 uses --fixed-cidr='192.168.2.128/26'^[600-developer__docker__docker-bridge.md]. This ensures that containers running on different machines do not attempt to claim the same IP address while maintaining connectivity within the broader network.

Sources

  • 600-developer__docker__docker-bridge.md