• [6.8.2] Docker Container not listing all br's


    RifleJock
    • Minor

    Version: 6.8.1 w/ NVIDIA drivers 440.44

    In this example, br0 and br1 exist on my server, br1 spanning multiple interfaces, one of which is a 1gbe and another a 10gbe
    When reviewing my Docker Settings, I see IPv4 and IPv6 listings for both br0 and br1, as well as the custom added IPv4 for eth2 (which exist's within br1, but uses global network IP scheme)
    image.thumb.png.42bb1cbdfd4cd4aebad3399448ae8c74.png
    However, only br0 and eth2 show up as options (as well as bridge, host, and none) when creating a docker container... br1 missing!?image.png.054a0dca2c2540020a36fe5aca010a04.png

    One concern I have, is in the docker settings section. I've noticed that the gateway is listed automatically as the global IP address, which technically works based on my network configuration, but I am unsure of why. This should match interface settings right?

    Looking at the interface section, the gateway is configured to use 10.1.10.1 as my default gateway.
    image.thumb.png.75fe71c69b74e0398d218b8394b3654a.png

     

    This could be as simple as a configuration issue on my end. But I think this might be a bug as well.
     

    Additionally, When editing settings > Docker, I have only blanks to add networks to eth2, not sure if there is a way to manually edit which interfaces are associated with manual IP assignment, or if br1 can be removed or changed manually...

    image.thumb.png.590445c8d3b206734ef435519991fd29.png

    Would I have to remove my docker image to start fresh with this?
    Also, here is the current routing table: Notice how default route for br1's 10.1.10.0 network shows correctly.
    The only manually assigned network here is the 96.x.x.x global addressing scheme.

     

    image.thumb.png.e0aebcb02a26ab9d5d78de61eeca243b.png



    Someone help?

    Main concern(s) in summary:
    --Why does docker settings learn the global IP address as the default route? Even when default is specified for the local network in interface settings.
    --Why can I not edit the default gateway in the br1 network setting for Docker under Settings > Docker

    --Why does eth2 show up as the only setting that can be edited manually in docker settings? Because it doesn't have IP addressing directly assigned to it in interface settings?
    --Why does br1 not show up in creating docker containers, yet br0 and eth2 show?

    -Jockie

    dash-diagnostics-20200202-1029.zip




    User Feedback

    Recommended Comments

    Tested with 6.8.2 as well. Here is the new diag.

    One thing to note, before manually adding my global network information. This shows correct default for docker setting.
    image.thumb.png.e1bba50611e4de4b159ebf085a9ade23.png

     

    However, after editing the routing table to include the global addressing scheme, even if I remove the 10.1.10.1 information and re-add it... Docker settings shows incorrect default route for br1.

     

    image.thumb.png.12a3b85f9facef41f588805e7ee0a7f2.png


    I went ahead and removed the global default route. It's not really needed, since the unraid server doesn't have a global IP address assigned. (VM's will have global IP addresses, but they can specify the defaults within the VM)

    Still not able to add br1 to docker containers, even if all global IP addressing in the route table is removed.
     

    dash-diagnostics-20200202-1058.zip

    Edited by RifleJock
    Added images and corrections.
    Link to comment

    You have configured br1 to use DHCP, which means it gets its IP address and gateway address from your DHCP server (router).

     

    br0 and br1 have network settings, which means these can not be changed under the docker settings (they are configured automatically).

     

    But you have configured br1 with two bridge members eth1 and eth2, it seems eth1 is connected to the LAN side of your router, while eth2 seems to be connected to the WAN side.

     

    This setup is wrong and connects LAN and WAN directly to each other. This likely explains why br1 receives a public gateway address.

     

    If you want to use eth2 as a separate interface, first you need to take it out of the br1 bridge group.

    Second, you should not configure eth2 with public addresses, it is a bad idea to expose your server directly to the Internet.

     

    Btw this is not a bug.

    Docker does not accept the settings of br1, the gateway is in the wrong network

    Edited by bonienl
    Link to comment

    So, the eth2 connection is disabled at the moment, (set to port down, as well as unplugged).

    The br1 pluggs into a Xfinity Business Modem/Router. The ports on the Modem/Router are basic switch ports, and there is a DHCP server that runs for basic networking connectivity within that network. However, there is a /29 network, of which the modem is also a part of. The modem acts as 96.x.x.134/29 (last useable address) and the 10.1.10.0/24 uses the 96.x.x.134 as the WAN address when being NAT'd.

    Plugged into the Xfinity Modem/Router is also an Asus GT5300 Wireless router, configured to use 96.x.x.129/29 (first IP address in my global range) on its WAN interface. Additionally, the LAN side is the 10.1.0.0/24 network.

    I dislike Xfinity for this reason, as the switched interfaces on the Modem/Router use both Private and Public addressing on the same switched network.

    The idea here, even though the unraid server doesn't actually have a global IP address assigned to it, is to allow specific docker containers to use global IP addresses in the event I use them as a host for something and don't want to worry about port forwarding/control.

    Say like SteamCMD servers running via docker containers.

    Additionally, to allow passthrough of br1 to VM's. Currently, VM's work fine, and will adopty a 10.1.10.0/24 address if not manually configured to use a global IP.

    Since the unraid server doesn't have a global IP address assigned, I have removed the global default gateway, which now makes the docker interface settings use the 10.1.10.1 gateway address.

    However, br1 is still not a visable option to use as a network br for containers.

    Why does br1 not show up as a custom network option?

    Edited by RifleJock
    fixed a sentence
    Link to comment

    Changed Status to Open

    Changed Priority to Minor

    So, I've changed up the configuration.

    Eth0 is now br0 (10.1.0.0/24) DHCP and default shows correctly as 10.1.0.1 in both docker settings and interface settings.

    Eth1 is now br1 (10.1.10.0/24) DHCP and default shows correctly as 10.1.10.1 in both docker settings and interface settings.
    Eth2 (Disabled/unplugged and port down) is now br2 DHCP (no network associated, because its port down/unplugged).


    br1 is still not an option for docker containers whereas br0 is. I'll plug up eth2 later to see if br2 will show up as an option for docker containers.

    None the less, outside of complex configuration(s) aforementioned, br1 still does not show as an option as an interface for configuring docker containers.

     

    Screenshot_20200203-224408_Chrome.thumb.jpg.75d1af7a12560c421fb1549f5a919c36.jpg

    Edited by RifleJock
    Link to comment

    Post your diagnostics.

     

    For some reason Docker doesn't accept the br1 settings or something else goes wrong and hence the network is not created under Docker.

    Edited by bonienl
    Link to comment
    3 hours ago, RifleJock said:

    I dislike Xfinity for this reason, as the switched interfaces on the Modem/Router use both Private and Public addressing on the same switched network.

    I would say this is a major design flaw.

    Link to comment

    In future please raise these kind of questions first in the general support topic.

     

    If it really turns out to be a bug, the appropriate steps can be taken.

    Link to comment

    I noticed this same issue (custom:br1/custom:eth1) not showing up in the drop down under network in my container.  I assumed I was making a stupid mistake but maybe its something else.  I can post diagnostics later if its relevant to this case (don't want to steal the thread), otherwise I was going to open a topic under docker.

    Link to comment
    8 hours ago, RifleJock said:

    Diagnostics Attached.

    Your problem happens because both eth0 (br0) and eth1 (br1) use the same IPv6 subnet and gateway.

     

    Docker does not allow two networks with the same subnet and gateway. Hence br1 is not created.

     

    The easiest way to solve your issue, is define eth1 (br1) as IPv4 only and avoid the double IPv6 declaration.

    Link to comment
    8 hours ago, civic95man said:

    I noticed this same issue (custom:br1/custom:eth1) not showing up in the drop down under network in my container.  I assumed I was making a stupid mistake but maybe its something else.  I can post diagnostics later if its relevant to this case (don't want to steal the thread), otherwise I was going to open a topic under docker.

    See if my answer above applies to your situation too.

    Link to comment
    10 hours ago, bonienl said:

    Your problem happens because both eth0 (br0) and eth1 (br1) use the same IPv6 subnet and gateway.

    10 hours ago, bonienl said:

    See if my answer above applies to your situation too.

    I believe this is my case as well.  I was simply trying to dedicate eth1 to my plex container and keep eth0 (a member of br0) for everything else, including unraid.  

     

    878065115_dockernetwork.thumb.jpg.7b319f564c88e9ccc48e5f73967998f6.jpg

     

    As it shows, both br0 and eth1 occupy the same subnet and gateway.  Thats a bummer.  Now is this just common knowledge passed from person to person, or is it documented somewhere.  I've been searching through the docker forum/manual for any information but came up empty.

     

    So it seems my only solution would be to change the subnet for eth1 (dont think my router would like that), or switch eth1 to IPv6.  Is this correct?

     

    Thanks!

    Link to comment
    1 hour ago, civic95man said:

    I believe this is my case as well

    yep, duplicate assignments

    1 hour ago, civic95man said:

    Now is this just common knowledge passed from person to person, or is it documented somewhere

    While doing the implementation for Unraid, I ran into multiple issues limitations of Docker. I don't know if they have these all documented.

    1 hour ago, civic95man said:

    So it seems my only solution would be to change the subnet for eth1

    If your router allows adding a "secondary address" to its LAN interface, then you are good to go.

    Or perhaps your router supports multiple LAN ports, each with their own network assignment.

     

    Remember that more complex network setups on Unraid does require network equipment (your switch / router) to support that.

    Link to comment
    4 minutes ago, bonienl said:

    While doing the implementation for Unraid, I ran into multiple issues limitations of Docker. I don't know if they have these all documented.

    Okay, good to know.

    4 minutes ago, bonienl said:

    If your router allows adding a "secondary address" to its LAN interface, then you are good to go.

    Or perhaps your router supports multiple LAN ports, each with their own network assignment.

    I'll have to look at the options that my router supports and proceed from there.  

    6 minutes ago, bonienl said:

    Remember that more complex network setups on Unraid does require network equipment (your switch / router) to support that.

    Yeah, I'm seeing that as I proceed, just not only with networks but hardware as well.  Its definately a learning curve and I'm trying to build things up as funds allow.  Looks like my network will be the next to receive an upgrade.

     

    Thanks @bonienl

    Link to comment

    I am attempting to put Untangle into Unraid as a VM to route certain dockers through VPN only as my Sophos XG firewall cannot accomplish this task. I have confirmed that even with a second NIC configured as BR1, and plugged into a port on my switch that I've isolated into it's own VLAN (to give Unraid an live link as it kept complaining that eth1 was down until I did so) I cannot select br1 in docker configurations. This is a show stopper for me.

    2020-05-08 16_07_16-Window.png

    2020-05-08 16_07_45-Window.png

    Link to comment

    I found a solution to this. Not only must your secondary NIC be connected to a dummy port, but it mus also be IP addressed.

     

    4 minutes ago, UberLerd said:

    I am attempting to put Untangle into Unraid as a VM to route certain dockers through VPN only as my Sophos XG firewall cannot accomplish this task. I have confirmed that even with a second NIC configured as BR1, and plugged into a port on my switch that I've isolated into it's own VLAN (to give Unraid an live link as it kept complaining that eth1 was down until I did so) I cannot select br1 in docker configurations. This is a show stopper for me.

    2020-05-08 16_07_16-Window.png

    2020-05-08 16_07_45-Window.png

     

    Link to comment


    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Restore formatting

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Status Definitions

     

    Open = Under consideration.

     

    Solved = The issue has been resolved.

     

    Solved version = The issue has been resolved in the indicated release version.

     

    Closed = Feedback or opinion better posted on our forum for discussion. Also for reports we cannot reproduce or need more information. In this case just add a comment and we will review it again.

     

    Retest = Please retest in latest release.


    Priority Definitions

     

    Minor = Something not working correctly.

     

    Urgent = Server crash, data loss, or other showstopper.

     

    Annoyance = Doesn't affect functionality but should be fixed.

     

    Other = Announcement or other non-issue.