Skip to content

Docker IP address allocation

Docker IP address allocation refers to the method by which IP addresses are assigned to containers, often requiring manual configuration when containers span multiple physical hosts or specific network boundaries need to be enforced.^[600-developer-docker-docker-bridge.md]

Bridge Network Constraints

When configuring network bridges for containers across multiple hosts, all connected network interfaces (NICs) typically must reside within the same network segment.^[600-developer-docker-docker-bridge.md] Because this sharing of the physical network segment can lead to IP conflicts, administrators must impose specific restrictions on the IP ranges assigned by the Docker daemon on each host.^[600-developer-docker-docker-bridge.md]

Custom Bridge Configuration

To implement controlled allocation, a common practice is to replace the default docker0 bridge with a custom virtual bridge (e.g., br1).^[600-developer-docker-docker-bridge.md]

Manual Bridge Setup

The process involves creating a bridge device and assigning it a physical IP address: 1. Create the bridge: brctl addbr br1^[600-developer-docker-docker-bridge.md] 2. Assign IP: Assign a free IP from the local subnet (e.g., ifconfig br1 192.168.2.1 netmask 255.255.255.0).^[600-developer-docker-docker-bridge.md] 3. Bind Interface: Attach the physical interface to the bridge using brctl addif br1 eth0.^[600-developer-docker-docker-bridge.md]

Docker daemon configuration

Once the bridge is active, the Docker service must be configured to use it and restrict its IP scope. This is achieved by editing the Docker configuration options (commonly found in /etc/sysconfig/docker or equivalent):^[600-developer-docker-docker-bridge.md]

  • -b=br1: Specifies that containers should connect to the br1 bridge instead of the default docker0.^[600-developer-docker-docker-bridge.md]
  • --fixed-cidr: Defines the strict range of IP addresses available for container allocation (e.g., --fixed-cidr='192.168.2.64/26').^[600-developer-docker-docker-bridge.md]

By partitioning the subnet (e.g., using .64/26 on one host and .128/26 on another), administrators ensure that containers on different hosts do not assign conflicting IP addresses while remaining routable on the broader physical network.^[600-developer-docker-docker-bridge.md]

  • [[Docker]]
  • [[Network Bridge]]
  • [[Subnetting]]

Sources

  • 600-developer-docker-docker-bridge.md