Bridge vs br0 - Routing docker traffic through another docker


ati

Recommended Posts

I am slowly trying to learn about routing one docker container through another. 

 

I've watched SpaceInvaderOne's video which was a great help. I have also read up on the changes to the binhex dockers with regards to passthrough. 

 

What I am most curious about is networking configurations. I typically prefer to use br0 networks for my dockers to keep different workloads on different addresses. Right or wrong, this is just how I have everything currently set up. What I am learning is that if I want do have one docker route through another docker (binhex-delugevpn in my case) I need to use bridge networking. Is that correct, there is no other way around that? 

 

I initially setup binhex-delugevpn as a br0 network on my server and I got everything working and running fine. Now that I got into playing with the inter docker routing I tried changing my binhex-delugevpn docker to bridge, and I can no longer access the UI. As soon as I change it back to br0 it's all good again. (probably an unrelated issue)

 

Is there a way to maintain a br0 docker network and still route traffic through that docker? I believe it comes down to ports. Once you're in br0 mode, my port mapping is ignored unlike when I am in bridge networking. 

 

 

 

 

Link to comment

see here: https://docs.docker.com/network/bridge/ fpr the difference between bridge and br0 (custom bridge)

Bridged networking is like switching (layer 2)

In Addition to that, you can still apply a routing scenario (layer 3), by enabling VLANs if your infrastructure (Router+Switches) support that.

By placing dockers into different VLANs (with a different subnet each), in order for these to be able to communicate, inter-VLAN routing comes into play.

Here your router (and its firewall and included rules) will perform the forwarding between dockers.

 

Link to comment

Not quite what I was getting at, but I get it. 

 

I want to have my unRAID server at 192.168.10.50/24

I want to have a docker (binhex-delugevpn) at 192.168.10.100/24

I want to have a docker run through binhex-delugevpn and be accessible at 192.168.10.100 (because the ports are run through binhex-delugevpn). 

 

They're all on the same network. No layer 3 required, just different IP addresses. I don't want my binhex-delugevpn and my unRAID server at 192.168.10.50/24.

Link to comment
4 hours ago, ati said:

They're all on the same network. No layer 3 required, just different IP addresses. I don't want my binhex-delugevpn and my unRAID server at 192.168.10.50/24.

...then use a custom bridge and assign custom IPs to all dockers accordingly.

However, for other dockers to route traffic through a specific one, this IP does need to be the gateway for all others, doesn't it?

Simplest way is to declare this IP as default gateway.

But when on the same IP Segment as unRaid, with a single IP network...default gateway is your router.

Therefore, I find a routing scenario in L3 less invasive and easier to maintain.

 

You could try using a router in an unRaid VM, though.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.