Docker 创建了两个破坏我的互联网访问的桥梁
[英]Docker create two bridges that corrupts my internet access
问题描述
I'm facing a pretty strange issue:
我面临一个非常奇怪的问题:
Here is my config:这是我的配置:
- docker 17-ce码头工人 17-ce
- ubuntu 16.04. Ubuntu 16.04。
I work from two differents places with differents internet providers.我在不同的互联网提供商的两个不同地方工作。
On the first place, everything works just fine, i can run docker out of the box and access internet without any problems.首先,一切正常,我可以开箱即用地运行 docker 并毫无问题地访问互联网。
But on the second place i cannot access the internet while docker is running, more precisly while the two virtual briges created by docker are up .但另一方面,当 docker运行时,我无法访问互联网,更准确地说,当 docker 创建的两个虚拟桥启动时。
In this place, internet connection operate very strangly, i can ping google dns at 8.8.8.8, but nearly all dns request failed and most of the time after a few seconds the internet connection is totally down.在这个地方,互联网连接运行非常奇怪,我可以在 8.8.8.8 ping google dns,但几乎所有 dns 请求都失败了,而且大部分时间互联网连接都在几秒钟后完全断开。
( The only difference between the first and the second place is the internet provider ). (第一和第二之间的唯一区别是互联网提供商)。
At first i tought i could fix that by changing the default network bridge ip, but this does not solve the problem at all.起初我认为我可以通过更改默认网桥 ip 来解决这个问题,但这根本不能解决问题。
The point is that the --bip option of the docker daemon change the IP of the default docker bridge docker0 , but docker also create an other bridge called br-1a0208f108d9 which does not reflect the settings passed to the --bip option.关键是docker守护进程的--bip选项更改了默认docker网桥docker0的 IP,但docker还创建了另一个名为br-1a0208f108d9 的网桥,它不反映传递给--bip选项的设置。
I guess that this second bridge is causing trouble to my network because it overlap my wifi adapter configuration.我猜这第二个网桥给我的网络造成了麻烦,因为它与我的 wifi 适配器配置重叠。
I'm having a hard time trying to diagnosticate this.我很难对此进行诊断。
My questions are:我的问题是:
- How can i be sure that my asumptions are right and that this second bridget is in conflict with my wifi adapter我如何确定我的假设是正确的,并且第二个桥接器与我的 wifi 适配器冲突
- What is this second bridge ?这第二座桥是什么? It's easy to find documentation about the docker0 bridge, but i cannot find anything related to this second bridge br-1a0208f108d9很容易找到有关docker0网桥的文档,但我找不到与第二个网桥br-1a0208f108d9相关的任何内容
- How the exact same setup can work on one place and not an other one.完全相同的设置如何在一个地方而不是另一个地方工作。
With this trouble i feel like i'm pretty close to level up my docker knowledges but before that i have to increase my network administration knowledges.有了这个麻烦,我觉得我已经很接近提升我的 docker 知识了,但在此之前我必须增加我的网络管理知识。
Hope you can help.希望你能帮忙。
3 个解决方案
解决方案1
7 2017-05-16 12:26:24
I manage to solve this issue after reading this:阅读本文后,我设法解决了这个问题:
https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Designing_Scalable%2C_Portable_Docker_Container_Networks https://success.docker.com/Architecture/Docker_Reference_Architecture%3A_Designing_Scalable%2C_Portable_Docker_Container_Networks
The second docker bridge br-1a0208f108d9 was created by docker because i was using a docker-compose file which involve the creation of an other custom network.第二个 docker网桥br-1a0208f108d9是由docker创建的,因为我使用的是 docker-compose 文件,该文件涉及创建其他自定义网络。
This network was using a fixed ip range :此网络使用固定的 ip 范围:
networks:
my_network:
driver: bridge
ipam:
config:
- subnet: 172.16.0.0/16
gateway: 172.16.0.1
- At my home, the physical wifi network adapter was automaticly assigned using DHCP the address 192.168.0.X.在我家,物理 wifi 网络适配器使用 DHCP 自动分配地址 192.168.0.X。
- But in the other place, the same wifi adapter get the address 172.16.0.x但在另一个地方,同一个wifi适配器得到地址172.16.0.x
Which collide with the custom docker network.这与自定义 docker 网络发生冲突。
The solution was simply to change the IP of the custom docker network.解决方案只是更改自定义 docker 网络的 IP。
解决方案2
1 2020-02-28 09:08:24
You have to tell Docker to use a different subnet.您必须告诉 Docker 使用不同的子网。 Edit /etc/docker/daemon.json and use something like this:编辑/etc/docker/daemon.json并使用如下内容:
{
"bip": "198.18.251.1/24",
"default-address-pools": [
{
"base": "198.18.252.0/22",
"size": 26
}
]
}
Information is a bit hard to come by, but it looks like the bip option controls the IP and subnet assigned to the docker0 interface, while default-address-pools controls the addresses used for the br-* interfaces.信息有点难获取,但看起来bip选项控制分配给docker0接口的 IP 和子网,而default-address-pools控制用于br-*接口的地址。 You can omit bip in which case it will grab an allocation from the pool, and bip doesn't have to reside in the pool, as shown above.您可以省略bip在这种情况下,它将从池中获取分配,并且bip不必驻留在池中,如上所示。
The size is how big of a subnet to allocate to each Docker network. size是分配给每个 Docker 网络的子网的size 。 For example if your base is a /24 and you also set size to 24 , then you'll be able to create exactly one Docker network, and probably you'll only be able to run one Docker container.例如,如果您的base是/24并且您还将size设置为24 ,那么您将能够创建一个 Docker 网络,并且您可能只能运行一个 Docker 容器。 If you try to start another you'll get the message could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network , which means you've run out of IP addresses in the pool.如果您尝试启动另一个,您将收到消息could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network in the could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network ,这意味着您已经用完了池中的 IP 地址。
In the above example I have allocated a /22 (1024 addresses) with each network/container taking a /26 (64 addresses) from that pool.在上面的示例中,我分配了一个/22 (1024 个地址),每个网络/容器从该池中获取一个/26 (64 个地址)。 1024 ÷ 64 = 16, so you can run up to 16 Docker networks with this config (so max 16 containers running at the same time, or more if some of them share the same network). 1024 ÷ 64 = 16,因此您可以使用此配置运行多达 16 个 Docker 网络(因此最多可同时运行 16 个容器,如果其中一些共享同一网络,则最多可运行更多)。 Since I rarely have more than two or three running containers at any one time this is fine for me.因为我很少同时有两个或三个以上的运行容器,所以这对我来说很好。
In my example I'm using part of the 198.18.0.0/15 subnet as listed in RFC 3330 (but fully documented in RFC 2544 ) which is reserved for performance testing.在我的示例中,我使用了RFC 3330 中列出的198.18.0.0/15子网的一部分(但完整记录在RFC 2544 中),该子网保留用于性能测试。 It is unlikely that these addresses will appear on the real Internet, and no professional network provider will use these subnets in their private network either, so in my opinion they are a good choice for use with Docker as conflicts are very unlikely.这些地址不太可能出现在真实的 Internet 上,也没有专业的网络提供商会在他们的私有网络中使用这些子网,因此在我看来,它们是与 Docker 一起使用的不错选择,因为冲突的可能性很小。 But technically this is a misuse of this IP range so just be aware of potential future conflicts if you also choose to use these subnets.但从技术上讲,这是对该 IP 范围的滥用,因此如果您还选择使用这些子网,请注意未来可能发生的冲突。
The defaults listed in the documentation are: 文档中列出的默认值是:
{
"bip": "",
"default-address-pools": [
{"base": "172.80.0.0/16", "size": 24},
{"base": "172.90.0.0/16", "size": 24}
]
}
As mentioned above, the default empty bip means it will just grab an allocation from the pool, like any other network/container will.如上所述,默认的空bip意味着它只会从池中获取分配,就像任何其他网络/容器一样。
解决方案3
0 2018-11-28 08:16:47
In my case I would not apply Clement solution because I have the network conflict only with my dev pc while the container is delivered to many server which are not affected.在我的情况下,我不会应用 Clement 解决方案,因为我的网络冲突仅与我的开发电脑发生冲突,而容器被交付给许多不受影响的服务器。 This problem in my opinion should be resolved as suggested here .我认为这个问题应该按照这里的建议解决。 I tried this workaround:我试过这个解决方法:
I stopped the container with "docker-compose down" which destroys the bridge
我用“docker-compose down”停止了容器,这会破坏桥Started the container while I'm on the "bad" network, so the container use another network
当我在“坏”网络上时启动了容器,所以容器使用另一个网络
Since then, if I restart the container on any network it doesn't try to use the "bad" one, normally get the last used one.从那以后,如果我在任何网络上重新启动容器,它就不会尝试使用“坏”的容器,通常会获取最后使用的容器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.