2

I'm running Docker CE 25 on Ubuntu Linux 22.04. I have numerous KVM VMs routing ip through bridges br25 and br50. All of these components reside on the same host.

This issue has also been reproduced with Docker CE 26.

br25: 192.168.25.0/24
br50: 192.168.50.0/24
docker/kvm host: 192.168.1.205

I recently encountered an issue where VMs from br25 were unable to connect to any container's exposed ports on the docker host. I found an acceptable with defining the bridge in /etc/docker/daemon.json:

{
  "bridge": "br25"
}

However I've now arrived at a point where I also need VMs from br50 to connect to containers on the docker host but not understanding how to define multiple bridges in daemon.json.

I'm currently aware of two workarounds for this issue. Both are relatively simple, yet neither are ideal.

The first is disabling Docker's iptables rules. This allows VMs from both bridges to connect to containers but is a horrible longer term solution for obvious reasons:

{
  "iptables": false
}

Secondly, network_mode: host may be used for the containers in question but this too defeats features brought by use of Docker.

I found a good deal of discussion on this topic yet nothing so far illustrates an ideal solution for my use case or my level of knowledge. I'm leaving some of them below. I continue to review these items and will post an update if I arrive at something satisfactory.

I'm hoping to get some help here in the form of an explanation, workaround, or walk through on how to solve and better understand this issue.

The more specific questions I would apply to this issue are:

  • Is there a clear means of defining multiple bridges like what I've shown above? { "bridge": "br25", "bridge": "br50" } will pass validation but works only for the last bridge defined (ie, br50)
  • I'm still working on advanced Docker networking. Is macvlan a wise approach? I'm hesitant to pursue because of it's seeming complexity and the potential need for additional configuration on the 16 other containers I run on this host.

Related Discussion:

me2017
  • 51

0 Answers0