What is going on with this crazy routing table?

[tknx]

When I enable docker, the various lans get split up with shims to cover the addressable space.

 

So in the attached picture you can see that my 10.0.0.0/22 main network has two shim-br0 to cover the addressable space:

• 10.0.0.0/23
• 10.0.2.0/23

 

Same for the IOT VLAN 10.0.20.0/24 which has two shim-br0.20

• 10.0.20.0/25
• 10.0.20.128/125

 

And then there are two entries at the bottom which I have no idea what they are for, but look like they are splitting apart the docker network:

• 172.17.0.0/16    docker0
• 172.31.200.0/24    br-fcb95060594f
• 172.31.201.0/24    br-6aaca2bea56c

 

 

[Sascha_B]

I had a similar entry, looks like this is an orphan Docker adapter that is no longer used.

 

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.178.1   0.0.0.0         UG    1004   0        0 br0
10.253.0.2      0.0.0.0         255.255.255.255 UH    0      0        0 wg0
172.31.200.0    0.0.0.0         255.255.255.0   U     0      0        0 br-af3bd9cc0c24
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
192.168.178.0   0.0.0.0         255.255.255.0   U     1004   0        0 br0
 

I found this with the following command

 

docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
9c73f7ae825c   br0       macvlan   local
42c79c489b86   bridge    bridge    local
e86908c40902   host      host      local
ce3ed75d3fe3   none      null      local
af3bd9cc0c24   wg0       bridge    local

 

Then I deleted it with the command:

docker network prune
WARNING! This will remove all custom networks not used by at least one container.
Are you sure you want to continue? [y/N] y
Deleted Networks:
wg0
br0

 

Even after a restart, this is no longer displayed and Docker is running.

 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.178.1   0.0.0.0         UG    1004   0        0 br0
10.253.0.2      0.0.0.0         255.255.255.255 UH    0      0        0 wg0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
192.168.178.0   0.0.0.0         255.255.255.0   U     1004   0        0 br0
 

[Manchineel]

@Sascha_B's post clearly explains the odd leftover Docker interface, but not why Unraid chose to split the address space for shim interface routing rules in half. My home network is a /16 and for some reason, just like in @tknx's case, I have two /17 rules rather than a single /16. This being the default behavior is also confirmed by this guide I was following, which "fixes" the fact that Unraid often fails to create the shim interfaces altogether with a script to automatically create the routes on array start—the poster also splits the /24 route into two /25s in his script.

 

I haven't tested what will happen if you use a single /16 rule, although I can't see why it shouldn't work all the same—this is all but clearly the doing of some spaghetti code on Unraid's part. Besides, the only difference should be that this way a container with its IP at exactly half the address space (network address of the 2nd subnet, or the bogus "broadcast" IP of the 1st subnet preceding it) will not route properly.

 

I doubt the "Host access to custom networks" option does anything more than create this interface and the two weird rules, so it should probably be safe to set the option to Disabled and replace it with the solution linked above but using a single forwarding rule. I'll do a few tests and report on my findings, probably create a bug report.

Edited May 17, 2023 by Manchineel

[Diego Spinola]

I was debugging the same issue and found the two /17 rules , I'm about to give up trying to make sense of why the address space has been split... but not knowing it makes me fearful of missing some hidden "gotcha" of using the /16 address for my VLAN... for now I'll use 2 rules "just in case" 

[Daniel71]

On 1/19/2023 at 1:39 PM, Sascha_B said:

I had a similar entry, looks like this is an orphan Docker adapter that is no longer used.

 

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.178.1   0.0.0.0         UG    1004   0        0 br0
10.253.0.2      0.0.0.0         255.255.255.255 UH    0      0        0 wg0
172.31.200.0    0.0.0.0         255.255.255.0   U     0      0        0 br-af3bd9cc0c24
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
192.168.178.0   0.0.0.0         255.255.255.0   U     1004   0        0 br0
 

I found this with the following command

 

docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
9c73f7ae825c   br0       macvlan   local
42c79c489b86   bridge    bridge    local
e86908c40902   host      host      local
ce3ed75d3fe3   none      null      local
af3bd9cc0c24   wg0       bridge    local

 

Then I deleted it with the command:

docker network prune
WARNING! This will remove all custom networks not used by at least one container.
Are you sure you want to continue? [y/N] y
Deleted Networks:
wg0
br0

 

Even after a restart, this is no longer displayed and Docker is running.

 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.178.1   0.0.0.0         UG    1004   0        0 br0
10.253.0.2      0.0.0.0         255.255.255.255 UH    0      0        0 wg0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
192.168.178.0   0.0.0.0         255.255.255.0   U     1004   0        0 br0
 

How can i change virbr0 from 192.168.122.0 to 192.168.0.0?

 

thx