Docker - Preventing IP overlapping

-

 



What is IP address overlapping?

When the container IP address overlaps with another IP external, then the application running on the container is not accessible from outside due to the IP address overlapping. 

NOTE: This IP address overlapping can happen on the bridge interface IP or docker container IP.

Let's see how to address this IP overlapping issue on the bridge interface. I already have a running container. 

root@demo:~# docker run -d --name web --network mynet1 nginx:alpine

268647e11011d513d2357ce1c81e0f48787038a83d01d028d31a5b29dbdb885b

root@demo:~# docker container ls

CONTAINER ID   IMAGE          COMMAND                  CREATED         STATUS         PORTS     NAMES

268647e11011   nginx:alpine   "/docker-entrypoint.…"   4 seconds ago   Up 3 seconds   80/tcp    web

root@demo:~#

Lets get docker ip and test it with CURL.

root@demo:~# docker inspect 268647e11011 | grep -i ipaddress | tail -n1

                    "IPAddress": "10.10.1.2",

root@demo:~#

root@demo:~# curl -I http://10.10.1.2

HTTP/1.1 200 OK

Server: nginx/1.25.5

root@demo:~#

I am getting 200 response.

Now, lets understand the flow of traffic.

HOST -> BRIDGE -> CONTAINER. 

And, bridge interface (br-25333c619ba6 ) is assigned with an IP which is overlapping with another IP.

root@demo:~# brctl show

bridge name     bridge id               STP enabled     interfaces

br-25333c619ba6         8000.02425c9ababc       no              veth69e7fe5

br-5311eb0bc152         8000.02426db7cf48       no

br-d675fc215872         8000.02421d752723       no

docker0         8000.02425ddff0c4       no

root@demo:~#

If the IP on br-25333c619ba6 is overlapping with some external instance IP. 

Then we can change the IP of br-25333c619ba6 using "IP" command. 

1) Bring down the interface.

2) Unplumb the IP.

3) Assign new IP.

4) Bring up the interface.

root@demo:~# ifconfig br-25333c619ba6 down

root@demo:~# ifconfig br-25333c619ba6 0

root@demo:~# ifconfig br-25333c619ba6 10.10.1.10 netmask 255.255.255.0

root@demo:~# ifconfig br-25333c619ba6 up

root@demo:~# 

While this happens, the container still runs but they are not reachable.

 

root@demo:~# docker container ls

CONTAINER ID   IMAGE          COMMAND                  CREATED          STATUS          PORTS     NAMES

a3cd67125f9a   nginx:alpine   "/docker-entrypoint.…"   8 minutes ago    Up 8 minutes    80/tcp    web2

a5c3a4dc8434   nginx:alpine   "/docker-entrypoint.…"   8 minutes ago    Up 8 minutes    80/tcp    web1

268647e11011   nginx:alpine   "/docker-entrypoint.…"   35 minutes ago   Up 35 minutes   80/tcp    web

root@demo:~#

 

As we changed the bridge interface IP, let's test it with CURL.

root@demo:~# curl -I http://10.10.1.2

HTTP/1.1 200 OK

Accept-Ranges: bytes

It works.

Containers are reachable now. But this will not persist across reboot unless we add them to the startup script.

Let's explore the steps to deal with the IP overlapping happening at the docker container level.

We are going to create a new network mentioning the IP address to exclude.

We are using the parameter called "aux-address" to exclude the IP 20.1.0.2.

root@demo:/# docker network create -d bridge --subnet 20.1.0.0/24 \

> --gateway 20.1.0.1 \

> --ip-range 20.1.0.0/27 \

> --aux-address 'host=20.1.0.2' mynet

fe90515982c75dd507a0aaedbae7239603f23f4aa9ef8d96ca6e9d5a23bb0ae3

root@demo:/#

 

"Config": [

                {

                    "Subnet": "20.1.0.0/24",

                    "IPRange": "20.1.0.0/27",

                    "Gateway": "20.1.0.1",

                    "AuxiliaryAddresses": {

                        "host": "20.1.0.2"

                    }

                }

 

Now, let spin a container.

root@demo:/# docker inspect 68c73491530a | grep -i ipaddress | tail -n1

                    "IPAddress": "20.1.0.3",

root@demo:/#

We can see the docker has skipped IP "20.1.0.2" from assigning.

root@demo:/# curl -I http://20.1.0.3

HTTP/1.1 200 OK

Server: nginx/1.25.5

root@demo:/#

 

 

 

 

Comments

Post a Comment

Popular posts from this blog

SRE/DevOps Syllabus

-
Image
  DEVOPS/SRE Principles. Git What is Git? Architecture of Git. Working principle of Git. Create and cloning a repo. Version control branching. Version control commit. Version control managing workflows. Git hooks. Git Reflog. Git Stash. Git Cherry Picking. Undoing changes in different states of Git. Git based terraform template management. AWS CI/CD SDLC Automation. Code Commit. Code Build. Code Deployment. Code Pipeline. Elastic Beankstalk. Code Artifact. CodeGuru. Terraform Terraform Basics. Terraform State. Working with Terraform. Terraform with AWS. Remote State. Terraform Provisioners. Terraform Import, Tainting and Debugging. Terraform Modules. Terraform Functions and Conditional Expressions. Automation using Python - AWS AWS lambda. Automating EC2 with Lambda. Automating S3 with Lambda. Automating VPC with Lambda. Cost optimization with Lambda. SNS,SQS and SES with Python. Managing and Automating AWS Security with Python. Kubernetes - CKAD Application Developer. Kubernetes A...
Read more

AWS Code Commit - CI/CD Series Part 1

-
Image
  This is a multi-part series to show how to implement a CI/CD pipeline in AWS. In this post, We will see how to use AWS Code Commit. AWS CodeCommit is a fully managed source control service that allows you to store and manage your code securely in the cloud.  It provides a private Git repository for your code and supports all Git commands and workflows. CodeCommit also integrates with other AWS services like AWS CodePipeline and AWS CodeBuild, allowing you to automate your entire software release process. This can help you streamline your development workflows and improve the overall efficiency of your team. I created a repo from AWS CodeCommit -> Create Repository. And I begin with cloning the repo locally. So that I can make changes and push it. To clone the repo click on "HTTPS" under Clone URL. I make changes to index.html file. Now push it to AWS CodeCommit. Let’s verify the changes in AWS Code commit. Changes are reflected in AWS CodeCommit. We are done with Part ...
Read more