I'm using docker, and when I started some container it starts the docker network interface. With it the daemon set-up 2 new routes, including a new default route, overriding my old one. And, of course, it disable my internet connection. I have to chose: the containers or the internet.
wlp8s0 is by DHCP, and docker I suppose too.
I'm using:
Debian 4.19.28-2 (2019-03-15) x86_64 GNU/Linux
Docker version 18.09.5, build e8ff056
My route table before starting docker network is:
Destiny Gateway Mask. Options Metric Ref use Iface
default _gateway 0.0.0.0 UG 0 0 0 wlp8s0
10.0.0.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp8s0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
And after starting any container:
Destiny Gateway Mask. Options Metric Ref use Iface
default 0.0.0.0 0.0.0.0 U 0 0 0 veth0f9e15f
default _gateway 0.0.0.0 UG 0 0 0 wlp8s0
10.0.0.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp8s0
link-local 0.0.0.0 255.255.0.0 U 0 0 0 veth0f9e15f
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
- Only default in my /etc/network/interfaces
- In /etc/iproute2/rt_tables, only the reserved values 255,254 e 253 are set to local, main and default.
- There are no files in interfaces.d
My refered interfaces:
3: wlp8s0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether a4:17:31:fd:3f:f3 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.60/24 brd 10.0.0.255 scope global noprefixroute wlp8s0
valid_lft forever preferred_lft forever
7: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:85:c7:f8:af brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:85ff:fec7:f8af/64 scope link
valid_lft forever preferred_lft forever
52: veth0f9e15f@if51: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether ce:31:95:8e:e1:4b brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 169.254.26.188/16 brd 169.254.255.255 scope global veth0f9e15f
valid_lft forever preferred_lft forever
inet6 fe80::cc31:95ff:fe8e:e14b/64 scope link
valid_lft forever preferred_lft forever
My containers:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b2a179ae6336 guacamole/guacamole "/opt/guacamole/bin/…" 4 hours ago Exited (143) About an hour ago guacamole
3f334e77c607 mariadb "docker-entrypoint.s…" 4 hours ago Exited (0) About an hour ago mariadb
b760bf700d8f guacamole/guacd "/bin/sh -c '/usr/lo…" 19 hours ago Exited (137) About an hour ago myguacd
ddcbbd2e4f6d phpmyadmin/phpmyadmin "/run.sh supervisord…" 23 hours ago Exited (0) About an hour ago phpmyadmin
8cf84a35676b portainer/portainer "/portainer" 24 hours ago Up 31 minutes 0.0.0.0:9000->9000/tcp portainer
21e29de41252 resilio/sync "run_sync --config /…" 24 hours ago Exited (0) About an hour ago Sync
The Docker networks:
NETWORK ID NAME DRIVER SCOPE
a7abfffd7abb bridge bridge local
cdf93d14df48 host host local
2ff09ecdac42 none null local
When I try to traceroute to 8.8.8.8, first with docker route and second with correct default route, I get: r
root@debianhost:/etc/network# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 debianhost.local (169.254.254.108) 3068.675 ms !H 3068.593 ms !H 3068.567 ms !H
root@debianhost:/home/usrnm# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 _gateway (10.0.0.1) 1.124 ms 1.783 ms 1.759 ms
2 10.255.255.19 (10.255.255.19) 4.142 ms 4.080 ms 4.658 ms
3 10.6.2.61 (10.6.2.61) 4.644 ms 5.425 ms 5.413 ms
My dhclient.conf:
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
send host-name = gethostname();
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
netbios-name-servers, netbios-scope, interface-mtu,
rfc3442-classless-static-routes, ntp-servers;
What have I tried?
- Deleting some containers
- Stopping All containers
- Delete the docker bridge network (is not possible because it is the default one)
- restart docker deamon, computer, network interfaces many times...
- Add --bip 172.17.0.1/16 in /etc/docker/daemon.js.
- When I delete all the veth* interfaces routes, docker creates another default one.
WORKAROUND for now...
- creating a new route: sudo route add default gw 10.0.0.1 wlp8s0
- or adding this text to /etc/NetworkManager/NetworkManager.conf (added in 24/04/2019)
[keyfile]
unmanaged-devices=interface-name:veth*
But, this is not the solution and I don't know what the impact in the containers network.
Questions
Creating another default route will have some drawback?
The problem is docker, why it behave like this?
Can I have more than one default network routes (without problems)?
How to solve this permanently, or how to avoid it happening?
Could it be my dhcp client?
Any help is welcome!!
--------- Added in 25/04/2019 ---------
Some more outputs
$ ip -4 route show table all
default dev vethecb6424 scope link
default via 10.0.0.1 dev wlp8s0 proto dhcp metric 600
10.0.0.0/24 dev wlp8s0 proto kernel scope link src 10.0.0.60 metric 600
10.0.0.1 dev wlp8s0 scope link
169.254.0.0/16 dev vethecb6424 proto kernel scope link src 169.254.100.23
169.254.0.0/16 dev vethfa2d67b proto kernel scope link src 169.254.169.71
169.254.0.0/16 dev vethe3baba8 proto kernel scope link src 169.254.18.47
169.254.0.0/16 dev vethdad294c proto kernel scope link src 169.254.135.194
169.254.0.0/16 dev veth286d984 proto kernel scope link src 169.254.203.214
169.254.0.0/16 dev vethf0499b4 proto kernel scope link src 169.254.26.152
169.254.0.0/16 dev veth5bc4e10 proto kernel scope link src 169.254.56.53
169.254.0.0/16 dev veth9644994 proto kernel scope link src 169.254.159.65
169.254.0.0/16 dev vethe026982 proto kernel scope link src 169.254.220.98
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.18.0.0/16 dev br-f9c59cf90bcd proto kernel scope link src 172.18.0.1
broadcast 10.0.0.0 dev wlp8s0 table local proto kernel scope link src 10.0.0.60
local 10.0.0.60 dev wlp8s0 table local proto kernel scope host src 10.0.0.60
broadcast 10.0.0.255 dev wlp8s0 table local proto kernel scope link src 10.0.0.60
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 169.254.0.0 dev vethecb6424 table local proto kernel scope link src 169.254.100.23
broadcast 169.254.0.0 dev vethfa2d67b table local proto kernel scope link src 169.254.169.71
broadcast 169.254.0.0 dev vethe3baba8 table local proto kernel scope link src 169.254.18.47
broadcast 169.254.0.0 dev vethdad294c table local proto kernel scope link src 169.254.135.194
broadcast 169.254.0.0 dev veth286d984 table local proto kernel scope link src 169.254.203.214
broadcast 169.254.0.0 dev vethf0499b4 table local proto kernel scope link src 169.254.26.152
broadcast 169.254.0.0 dev veth5bc4e10 table local proto kernel scope link src 169.254.56.53
broadcast 169.254.0.0 dev veth9644994 table local proto kernel scope link src 169.254.159.65
broadcast 169.254.0.0 dev vethe026982 table local proto kernel scope link src 169.254.220.98
local 169.254.18.47 dev vethe3baba8 table local proto kernel scope host src 169.254.18.47
local 169.254.26.152 dev vethf0499b4 table local proto kernel scope host src 169.254.26.152
local 169.254.56.53 dev veth5bc4e10 table local proto kernel scope host src 169.254.56.53
local 169.254.100.23 dev vethecb6424 table local proto kernel scope host src 169.254.100.23
local 169.254.135.194 dev vethdad294c table local proto kernel scope host src 169.254.135.194
local 169.254.159.65 dev veth9644994 table local proto kernel scope host src 169.254.159.65
local 169.254.169.71 dev vethfa2d67b table local proto kernel scope host src 169.254.169.71
local 169.254.203.214 dev veth286d984 table local proto kernel scope host src 169.254.203.214
local 169.254.220.98 dev vethe026982 table local proto kernel scope host src 169.254.220.98
broadcast 169.254.255.255 dev vethecb6424 table local proto kernel scope link src 169.254.100.23
broadcast 169.254.255.255 dev vethfa2d67b table local proto kernel scope link src 169.254.169.71
broadcast 169.254.255.255 dev vethe3baba8 table local proto kernel scope link src 169.254.18.47
broadcast 169.254.255.255 dev vethdad294c table local proto kernel scope link src 169.254.135.194
broadcast 169.254.255.255 dev veth286d984 table local proto kernel scope link src 169.254.203.214
broadcast 169.254.255.255 dev vethf0499b4 table local proto kernel scope link src 169.254.26.152
broadcast 169.254.255.255 dev veth5bc4e10 table local proto kernel scope link src 169.254.56.53
broadcast 169.254.255.255 dev veth9644994 table local proto kernel scope link src 169.254.159.65
broadcast 169.254.255.255 dev vethe026982 table local proto kernel scope link src 169.254.220.98
broadcast 172.17.0.0 dev docker0 table local proto kernel scope link src 172.17.0.1
local 172.17.0.1 dev docker0 table local proto kernel scope host src 172.17.0.1
broadcast 172.17.255.255 dev docker0 table local proto kernel scope link src 172.17.0.1
broadcast 172.18.0.0 dev br-f9c59cf90bcd table local proto kernel scope link src 172.18.0.1
local 172.18.0.1 dev br-f9c59cf90bcd table local proto kernel scope host src 172.18.0.1
broadcast 172.18.255.255 dev br-f9c59cf90bcd table local proto kernel scope link src 172.18.0.1
$ ip -4 rule
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
$ ip -4 route
default dev vethecb6424 scope link
default via 10.0.0.1 dev wlp8s0 proto dhcp metric 600
10.0.0.0/24 dev wlp8s0 proto kernel scope link src 10.0.0.60 metric 600
10.0.0.1 dev wlp8s0 scope link
169.254.0.0/16 dev vethecb6424 proto kernel scope link src 169.254.100.23
169.254.0.0/16 dev vethfa2d67b proto kernel scope link src 169.254.169.71
169.254.0.0/16 dev vethe3baba8 proto kernel scope link src 169.254.18.47
169.254.0.0/16 dev vethdad294c proto kernel scope link src 169.254.135.194
169.254.0.0/16 dev veth286d984 proto kernel scope link src 169.254.203.214
169.254.0.0/16 dev vethf0499b4 proto kernel scope link src 169.254.26.152
169.254.0.0/16 dev veth5bc4e10 proto kernel scope link src 169.254.56.53
169.254.0.0/16 dev veth9644994 proto kernel scope link src 169.254.159.65
169.254.0.0/16 dev vethe026982 proto kernel scope link src 169.254.220.98
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.18.0.0/16 dev br-f9c59cf90bcd proto kernel scope link src 172.18.0.1
ip -4 route,ip -4 rule, andip -4 route show table all?