Skip to content

Docker network bridge configuration

Docker network bridge configuration allows containers to communicate across different hosts by utilizing a custom virtual bridge instead of the default docker0.^[600-developer__docker__docker-bridge.md]

This setup requires that the underlying physical network interfaces (NICs) exist on the same network segment.^[600-developer__docker__docker-bridge.md] Because all network interfaces share this segment, it is necessary to explicitly restrict the IP address range assigned by each Docker daemon to prevent conflicts.^[600-developer__docker__docker-bridge.md]

System Prerequisites

Before configuring Docker, the system requires bridge-utils to manage network bridges.^[600-developer__docker__docker-bridge.md] The primary commands used for setup include:

  • Create bridge: brctl addbr (e.g., brctl addbr br0)
  • Add interface: brctl addif (e.g., brctl addif br0 eth0)
  • Delete interface: brctl delif
  • Delete bridge: brctl delbr
  • Show configuration: brctl show^[600-developer__docker__docker-bridge.md]

Implementation Steps

The configuration process involves creating a virtual bridge, assigning it an IP, bridging the local physical NIC, and configuring Docker to use the new bridge.^[600-developer__docker__docker-bridge.md]

1. Create and Assign the Bridge

Instead of using the default docker0, a new bridge (e.g., br1) should be created on both hosts.^[600-developer__docker__docker-bridge.md] The bridge must be assigned an IP address within the same subnet as the physical network.

  • Host 1 (192.168.2.1): ifconfig br1 192.168.2.1 netmask 255.255.255.0
  • Host 2 (192.168.2.2): ifconfig br1 192.168.2.2 netmask 255.255.255.0^[600-developer__docker__docker-bridge.md]

2. Bridge Physical Network Cards

Connect the physical Ethernet interface to the new bridge.^[600-developer__docker__docker-bridge.md]

brctl addif br1 eth0

3. Configure Docker Daemon

Modify the Docker configuration file (typically /etc/sysconfig/docker) to point to the new bridge and define the container IP subnet.^[600-developer__docker__docker-bridge.md] The configuration uses two main options:

  • -b=br1: Specifies the bridge device name.

  • --fixed-cidr: Defines the specific subset of IPs the daemon is allowed to allocate.^[600-developer__docker__docker-bridge.md]

  • Host 1: DOCKER_OPTS="-b=br1 --fixed-cidr='192.168.2.64/26' "

  • Host 2: DOCKER_OPTS="-b=br1 --fixed-cidr='192.168.2.128/26' "^[600-developer__docker__docker-bridge.md]

After saving the configuration, restart the Docker service using systemctl restart docker.^[600-developer__docker__docker-bridge.md]

Persistent Bridge Configuration

To ensure the bridge persists after a system reboot, a network script should be created at /etc/sysconfig/network-scripts/ifcfg-br0 (or the appropriate bridge name).^[600-developer__docker__docker-bridge.md] This script defines the bridge as a static device with TYPE="Bridge" and includes the IP address, netmask, and gateway.^[600-developer__docker__docker-bridge.md]

Consequently, the configuration for the physical NIC (e.g., eth0) must be updated to remove its IP definitions and include the directive BRIDGE=br0, indicating that it is a slave to the bridge device.^[600-developer__docker__docker-bridge.md]

  • [[Docker]]
  • [[Network bridge]]
  • [[Subnet]]

Sources

^[600-developer__docker__docker-bridge.md]