Docker has network docker0 status DOWN

Question

I want to make a Wireguard VPN server from my Raspberry Pi. It is a Raspberry Pi 4B running Ubuntu 22.04. I have done other attempts in with installing wireguard directly (apt install wireguard no success, because could not connect), then with Docker (also no network). So I removed everything related to Docker and kicked the Pi. Now I installed this package with docker compose: https://docs.linuxserver.io/images/docker-wireguard/?h=wireguard .

First I did apt install docker docker.io and then I started docker by service docker start. Then I stumbled upon :

ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether *** brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.60/24 brd 192.168.0.255 scope global dynamic noprefixroute eth0
       valid_lft 83872sec preferred_lft 83872sec
    inet6 fe80::dea6:32ff:febb:9eec/64 scope link 
       valid_lft forever preferred_lft forever
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether *** brd ff:ff:ff:ff:ff:ff
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
    link/none 
    inet 10.8.0.1/24 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::86f2:a127:accf:cf73/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether *** brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever

wlan0 is not connected as it is not enabled, so that is ok. But why docker0 is DOWN after a fresh install I don't understand. So, before proceeding installing the Wireguard server by docker compose I want to fix this first. Running :

root@raspberrypi:/home/pi/wireguard# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
f9197f304906   bridge    bridge    local
763175e5495b   host      host      local
be74c86f8c4e   none      null      local
root@raspberrypi:/home/pi/wireguard# docker network inspect bridge
[
    {
        "Name": "bridge",
        "Id": "f9197f304906a1d273e0a59a9f87b7cfde564f99d3a87af75944fe2371d76cfb",
        "Created": "2024-06-12T17:54:14.177446042+02:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]

Ping from the Pi to 172.17.0.1 however does respond, so why down ? And the network is OK as I can get internet from the Pi and it already acts as an OpenVPN server (hence 'tun0').

Answer 1

wlan0 is not connected as it is not enabled, so that is ok. But why docker0 is DOWN after a fresh install I don't understand

Both interfaces report <NO-CARRIER> for the exact same reason: their "other side" is not connected to anything.

docker0 is a 'bridge' interface; it connects to nothing all on its own – its only purpose is to join together a number of other interfaces, so the carrier status it reports is the sum of all interfaces (ports) it contains. Since currently it has no ports at all (which would have master docker0 set on them), it therefore has no connection to anything except for the host OS itself.

So whereas NO-CARRIER for wlan0 means it itself has no Wi-Fi link, for docker0 it means none of its "port" interfaces have a working link (because has no ports at all) – in both cases it means that if the OS tried to send any packet through the interface, it would have nowhere to go.

The bridge will indicate a carrier once you start a container and the veth for that container gets added to the bridge. You can use bridge link or ip link ls master docker0 to see what interfaces the bridge contains.