[feature request]a specific option of "bridge" network driver to attach the user-defined bridge network to a network interface on Docker host

[immarvin]

request description:

To create a bridge network attached to a network interface on docker host, I have to try the following 3 steps

1.docker network create --driver=bridge --gateway=10.5.107.1 --subnet=10.5.107.0/8 --ip-range=10.5.107.100/30 -o "com.docker.network.bridge.name"="br0" -o "com.docker.network.bridge.host_binding_ipv4"="10.5.107.1" subnet1
2.;ip addr del dev eno1 10.5.107.1/8
3.;brctl addif br0 eno1
4.ip link set br0 up

is it possible to finish the 3 steps above in 1 "docker network" command? is there any option to achieve this?

Describe the results you expected

create a user defined bridge network and attach it to a network interface on docker host with one "docker network create"

Background

I am trying to dockerize my project and encourage users to use run my service inside docker container instead of traditional installation way, I have finished the docker image build and draft a documentation(http://10.3.5.21/doc/advanced/docker/run_xcat_in_docker.html) to run it in docker, I encountered some problem while trying to start container with docker compose instead of following the doc step-by-step, since I can not include the following 2,3,4 steps in the docker-compose.yml:

1.docker network create --driver=bridge --gateway=10.5.107.1 --subnet=10.5.107.0/8 --ip-range=10.5.107.100/30 -o "com.docker.network.bridge.name"="br0" -o "com.docker.network.bridge.host_binding_ipv4"="10.5.107.1" subnet1
2.;ip addr del dev eno1 10.5.107.1/8
3.;brctl addif br0 eno1
4.ip link set br0 up

thanks

[mavenugo]

@immarvin we have been thinking about this feature as well.
@aboch pls add your inputs.

[immarvin]

hi @mavenugo ,thanks

[dreamcat4]

Related:

Using external bridge to phyical NIC breaks the default docker0 for me. And in turn cannot build anything (as docker build uses docker0).

moby/moby#21141

[sainath14]

So this proposal provides containers in this network to get to use IPs provided by the dns on the bridge and get external connectivity via bridge. This avoids NAT... Am i right?

[immarvin]

hi @sainath14 , this proposal is to attach the bridge create by "docker network create" to a specified network interface and the bridge will inherit the network configuration of the network interface.

so that the containers connected with the docker network object will get external connectivity via the bridge. on "This avoids NAT." , can you explain a bit?

[SkypLabs]

@immarvin: @sainath14 means that when using the docker0 bridge, only the IP address of the host system is visible from the devices that the containers communicate with. By this way, Docker containers are not visible from them from a network point of view.

On the other hand, when using a custom bridge on which you connect a NIC, containers are visible just like independent devices, such as virtual machines or physical ones.

[sainath14]

@SkypLabs @immarvin got it... you confirmed my understanding

[immarvin]

any update on this?

[mavenugo]

@immarvin we are in Docker 1.11 code-freeze and hence this feature will have to wait for the subsequent Docker release. I think we should synchronize this with #1023.

[immarvin]

hi @mavenugo ,thanks

[ovidiudurbalau]

Has this feature been added to docker? Either through docker network create or through docker-compose.yml file?

Preferably, would be nice to be able to add something like the following to my docker-compose.yml:

networks:
    ponmgmt:
         driver: bridge
         driver_opts:
              device: eth1  <-- equivalent of me manually doing "sudo brctl addif ponmgmt eth1"

[kpcyrd]

Is this still being worked on? I'm using an application that relies on broadcasting, currently this is an all-or-nothing problem because I have to either set --net=host, which exposes all interfaces and dbus to this application, or use the default bridge option, which would break the application.

What I want to do is docker run --net=br0 --ip=192.168.1.2, which would attach the container veth to br0 and assign 192.168.1.2. I'm not sure how the netmask and gateway are set though.

I think there are some people creating br0 with docker and then attaching eno1, but since that's my servers primary connection I'd like to avoid that.

[izznogooood]

I have a simuler problem, need "cloned" services with broadcasting on existing bridge.

[kpcyrd]

I've solved my problem by creating a docker network for my existing bridge:

docker network create --driver macvlan --subnet 192.168.1.0/24 --gateway 192.168.1.1 -o parent=br0 lan

Afterwards you can run containers directly in this network (drop --ip to use a random ip, this may cause collisions YMMV):

docker run --rm --net=lan --ip=192.168.1.123 debian:latest ip a

[izznogooood]

Thanks. This will solve my problem.

Still would like to se veth feature so docker can draw dhcp from an external source thus avoiding collision.

[ghost]

+1 for implementing this feature 👍

[realsnick]

+2

[mgmorcos]

+1

[realsnick]

Qnap implemented it quite nicely with the qnet driver.

https://qnap-dev.github.io/container-station-api/qnet.html#docker-compose