tknx Posted October 14, 2022 Share Posted October 14, 2022 When I enable docker, the various lans get split up with shims to cover the addressable space. So in the attached picture you can see that my 10.0.0.0/22 main network has two shim-br0 to cover the addressable space: 10.0.0.0/23 10.0.2.0/23 Same for the IOT VLAN 10.0.20.0/24 which has two shim-br0.20 10.0.20.0/25 10.0.20.128/125 And then there are two entries at the bottom which I have no idea what they are for, but look like they are splitting apart the docker network: 172.17.0.0/16 docker0 172.31.200.0/24 br-fcb95060594f 172.31.201.0/24 br-6aaca2bea56c Quote Link to comment
Sascha_B Posted January 19, 2023 Share Posted January 19, 2023 I had a similar entry, looks like this is an orphan Docker adapter that is no longer used. route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.178.1 0.0.0.0 UG 1004 0 0 br0 10.253.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 wg0 172.31.200.0 0.0.0.0 255.255.255.0 U 0 0 0 br-af3bd9cc0c24 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 192.168.178.0 0.0.0.0 255.255.255.0 U 1004 0 0 br0 I found this with the following command docker network ls NETWORK ID NAME DRIVER SCOPE 9c73f7ae825c br0 macvlan local 42c79c489b86 bridge bridge local e86908c40902 host host local ce3ed75d3fe3 none null local af3bd9cc0c24 wg0 bridge local Then I deleted it with the command: docker network prune WARNING! This will remove all custom networks not used by at least one container. Are you sure you want to continue? [y/N] y Deleted Networks: wg0 br0 Even after a restart, this is no longer displayed and Docker is running. route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.178.1 0.0.0.0 UG 1004 0 0 br0 10.253.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 wg0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 192.168.178.0 0.0.0.0 255.255.255.0 U 1004 0 0 br0 Quote Link to comment
Manchineel Posted May 17, 2023 Share Posted May 17, 2023 (edited) @Sascha_B's post clearly explains the odd leftover Docker interface, but not why Unraid chose to split the address space for shim interface routing rules in half. My home network is a /16 and for some reason, just like in @tknx's case, I have two /17 rules rather than a single /16. This being the default behavior is also confirmed by this guide I was following, which "fixes" the fact that Unraid often fails to create the shim interfaces altogether with a script to automatically create the routes on array start—the poster also splits the /24 route into two /25s in his script. I haven't tested what will happen if you use a single /16 rule, although I can't see why it shouldn't work all the same—this is all but clearly the doing of some spaghetti code on Unraid's part. Besides, the only difference should be that this way a container with its IP at exactly half the address space (network address of the 2nd subnet, or the bogus "broadcast" IP of the 1st subnet preceding it) will not route properly. I doubt the "Host access to custom networks" option does anything more than create this interface and the two weird rules, so it should probably be safe to set the option to Disabled and replace it with the solution linked above but using a single forwarding rule. I'll do a few tests and report on my findings, probably create a bug report. Edited May 17, 2023 by Manchineel Quote Link to comment
Diego Spinola Posted July 14, 2023 Share Posted July 14, 2023 I was debugging the same issue and found the two /17 rules , I'm about to give up trying to make sense of why the address space has been split... but not knowing it makes me fearful of missing some hidden "gotcha" of using the /16 address for my VLAN... for now I'll use 2 rules "just in case" Quote Link to comment
Daniel71 Posted January 17 Share Posted January 17 On 1/19/2023 at 1:39 PM, Sascha_B said: I had a similar entry, looks like this is an orphan Docker adapter that is no longer used. route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.178.1 0.0.0.0 UG 1004 0 0 br0 10.253.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 wg0 172.31.200.0 0.0.0.0 255.255.255.0 U 0 0 0 br-af3bd9cc0c24 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 192.168.178.0 0.0.0.0 255.255.255.0 U 1004 0 0 br0 I found this with the following command docker network ls NETWORK ID NAME DRIVER SCOPE 9c73f7ae825c br0 macvlan local 42c79c489b86 bridge bridge local e86908c40902 host host local ce3ed75d3fe3 none null local af3bd9cc0c24 wg0 bridge local Then I deleted it with the command: docker network prune WARNING! This will remove all custom networks not used by at least one container. Are you sure you want to continue? [y/N] y Deleted Networks: wg0 br0 Even after a restart, this is no longer displayed and Docker is running. route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.178.1 0.0.0.0 UG 1004 0 0 br0 10.253.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 wg0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 192.168.178.0 0.0.0.0 255.255.255.0 U 1004 0 0 br0 How can i change virbr0 from 192.168.122.0 to 192.168.0.0? thx Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.