14

I have a Docker host that should allow each container to have multiple static IP addresses. The application inside the container should then be able to choose from which address it will send traffic to remote hosts (e.g. ping -I <source-address> example.com).

Imagine a setup like this: IP addresses 10.0.0.10 - 10.0.0.19 are assigned to ContainerA, 10.0.0.20 - 10.0.0.29 to ContainerB and so on. Any traffic to ContainerA's address range is forwarded to ContainerA, while outgoing traffic originates from an address from that range that ContainerA can chose. The same applies to ContainerB.

enter image description here

enter image description here

The default --net=bridgemode does not seem to support this. The closest I could get is that incoming traffic to any of ContainerA's addresses is correctly forwarded to the container, but outgoing traffic always originates from the same single address.

When using --net=host, the first container will attach to all available IP addresses, thus the second container will not be able to open the sockets in its IP range.

The --ip option of the docker run command seems to come close to what I need, as explained in this blog post. Unfortunately, it does not seem to support multiple static IPs per container.

If more convenient, using CIDR subnets instead of IP ranges is fine.

How do I need to configure Docker to achieve this?

Hexaholic
  • 3,299
  • 7
  • 30
  • 39

3 Answers3

0

I think you can do it by customizing docker0 bridge, or even create your own network bridge

Nguyen Cong
  • 174
  • 1
  • 13
0

Every docker container has a single IP only. We can set custom IP also, by making a bridge network as,

docker network create net1 --driver=bridge --subnet="192.168.0.1/27"

If you don't mention the driver then by default it is bridge network.

So here using --subnet, you can give a custom IP address to the network and using that network, you can also give custom IP addresses to the containers which are inside that network.

Then run a container as,

docker run -it --network=net1 --ip="192.168.0.3" --name=MyContainer image_name

Now, in this way you can make 32-27=5 i.e., (2^5)-2 docker containers.

Harshal Gunda
  • 91
  • 1
  • 1
  • 2
0

Hum I'm wondering if I really get the right meaning of your question. You say: "while outgoing traffic originates from an address from that range that ContainerA can chose." This means that your connection should be in UDP. Or the TCP connection would be broken without the same IP for inbound and outbound trafic ? right ?

I think you could make a network and assign IP addresses on that network to your containers. You can do this in command line, but I'd rather go for a docker-compose file. It could be something like this :

version: '2.1'

services:

  containerA:
    image: xxx
    networks:
      local_net:
        ipv4_address: 10.0.0.10
        ipv4_address: 10.0.0.11
        ...

  containerB:
    image: xxx
    networks:
      local_net:
        ipv4_address: 10.0.0.20
        ipv4_address: 10.0.0.21
        ...
      
networks:
  local_net:
    ipam:
      driver: default
      config:
        - subnet: 10.0.0.0/24
          gateway: 172.16.200.1

If you want to automate the creation of the file, you can script it I think.

elalitte
  • 46
  • 4
  • what is the equivalent of ipv4_address in docker run command? If I use --ip then I can specify only one. If add more '--ip' only last one persists, like it overrides previous --ip options. – vk-code Sep 14 '22 at 04:45