I am setting up a server with Docker and LXD. I have a real network with several vlans which I want to have bridges to, that can be shared between Docker and LXD. This was relatively easy with LXD, but Docker is like that annoying girlfriend wanting to control everything, so I am having difficulty getting it to play nice.
Here are the netplan configuration:
network:
version: 2
ethernets:
enp5s0:
match:
macaddress: 84:a9:3e:86:7b:d4
set-name: enp5s0
enx0s0:
match:
macaddress: 00:e0:4c:02:61:57
set-name: enx0s0
bridges:
vlan69: # Untagged
interfaces:
- enp5s0
parameters:
stp: true
forward-delay: 4
dhcp4: yes
dhcp6: no
vlan36:
interfaces:
- enx0s0.36
parameters:
stp: true
forward-delay: 4
dhcp4: no
dhcp6: no
vlan32:
interfaces:
- enp5s0.32
parameters:
stp: true
forward-delay: 4
dhcp4: no
dhcp6: no
vlan1:
interfaces:
- enp5s0.1
parameters:
stp: true
forward-delay: 4
dhcp4: no
dhcp6: no
vlans:
enx0s0.36:
accept-ra: no
id: 36
link: enx0s0
enp5s0.32:
accept-ra: no
id: 32
link: enp5s0
enp5s0.1:
accept-ra: no
id: 1
link: enp5s0
With LXD this was as easy as simply adding a NIC to one of the vlans.
devices:
enp1s0:
nictype: bridged
parent: vlan36
type: nic
But Docker is not that easy to deal with apparently. After hours of searching through sources on docker networks, I came up with this.
root@host:~# docker network create vlan32 \
-o com.docker.network.bridge.inhibit_ipv4=true \
-o com.docker.network.bridge.name=vlan32 \
--subnet=192.168.32.0/24 \
--gateway=192.168.32.254
This seamed to do the job just fine. Connecting containers worked fine, they had access to the network, my router could see them connected, pinging other devices on the network was also working, but. You can not establish an incoming connection back to the containers. Pinging a container just results in an unreachable network. And this is not just affecting Docker but also LXD. So even though Docker seams to simply adopt the bridge, it does something to it. Disabling the Docker service and rebooting fixes the problem for the LXD containers.
