networking - Docker 1.10 container's IP in LAN

Question

Since Docker 1.10 (and libnetwork update) we can manually give an IP to a container inside a user-defined network, and that's cool!

I want to give a container an IP address in my LAN (like we can do with Virtual Machines in "bridge" mode). My LAN is 192.168.1.0/24, all my computers have IP addresses inside it. And I want my containers having IPs in this range, in order to reach them from anywhere in my LAN (without NAT/PAT/etc...).

I obviously read Jessie Frazelle's blog post and a lot of others post here and everywhere like :

• How to set a docker container's iP?
• How to assign specific IP to container and make that accessible outside of VM host?

and so much more, but nothing came out; my containers still have IP addresses "inside" my docker host, and are not reachable for others computers on my LAN.

Reading Jessie Frazelle's blog post, I thought (since she uses public IP) we can do what I want to do?

Edit: Indeed, if I do something like :

network create --subnet 192.168.1.0/24 --gateway 192.168.1.1 homenet
docker run --rm -it --net homenet --ip 192.168.1.100 nginx

The new interface on the docker host (br-[a-z0-9]+) take the '--gateway' IP, which is my router IP. And the same IP on two computers on the network... BOOM

Thanks in advance.

Answer 1

EDIT : This solution is now useless. Since version 1.12, Docker provides two network drivers : macvlan and ipvlan. They allow assigning static IP from the LAN network. See the answer below.

---

After looking for people who have the same problem, we went to a workaround :

Sum up :

• (V)LAN is 192.168.1.0/24
• Default Gateway (= router) is 192.168.1.1
• Multiple Docker Hosts
• Note : We have two NIC : eth0 and eth1 (which is dedicated to Docker)

What do we want :

We want to have containers with ip in the 192.168.1.0/24 network (like computers) without any NAT/PAT/translation/port-forwarding/etc...

Problem

When doing this :

network create --subnet 192.168.1.0/24 --gateway 192.168.1.1 homenet

we are able to give containers the IP we want to, but the bridge created by docker (br-[a-z0-9]+) will have the IP 192.168.1.1, which is our router.

Solution

1. Setup the Docker Network

Use the DefaultGatewayIPv4 parameter :

docker network create --subnet 192.168.1.0/24 --aux-address "DefaultGatewayIPv4=192.168.1.1" homenet

By default, Docker will give to the bridge interface (br-[a-z0-9]+) the first IP, which might be already taken by another machine. The solution is to use the --gateway parameter to tell docker to assign a arbitrary IP (which is available) :

docker network create --subnet 192.168.1.0/24 --aux-address "DefaultGatewayIPv4=192.168.1.1" --gateway=192.168.1.200 homenet

We can specify the bridge name by adding -o com.docker.network.bridge.name=br-home-net to the previous command.

2. Bridge the bridge !

Now we have a bridge (br-[a-z0-9]+) created by Docker. We need to bridge it to a physical interface (in my case I have to NIC, so I'm using eth1 for that):

brctl addif br-home-net eth1

3. Delete the bridge IP

We can now delete the IP address from the bridge, since we don't need one :

ip a del 192.168.1.200/24 dev br-home-net

The IP 192.168.1.200 can be used as bridge on multiple docker host, since we don't use it, and we remove it.