Docker bridges and multiple routing tables

Hi all,

I’ve got a host which straddles 3 networks:

  • home: is a OpenVPN L2 link to my home network, and is dual-stack, I don’t use this for a default IPv4 gateway, but I can use this network for public IPv6 access. Network interface has two addresses: and 2001:db8:1000::2/64.
  • office: is a local Ethernet link to my workplace’s office network. It too, is dual-stack and is used as the default gateway on IPv4 and IPv6. Two addresses: and 2001:db8:2000::1234/64.
  • project: is a local Ethernet link to the project network at my workplace. I can use it as a default route, but it’s mainly there so that I can interact with devices on that network, particularly for protocols like BACnet that don’t line traversing subnets.

Now, I read this article which describes how to set up multiple routing tables. I actually did this for my workplace’s border router, which has two Internet connections, and when I got that working there, I applied the concepts to my own workstation. Things worked great, except Docker.

It seems Docker, when it creates new bridges, will implicitly create routes in the default routing table, but it knows nothing about the custom ones I’ve created for the other interfaces. This results in packets getting mis-directed. My containers can’t ping my host, or anything outside. If I add a suitable route to one of my custom routing tables, things work. However, the dynamic nature of bridges in Docker makes this an impractical solution.

I wonder if there’s some kind of hook I can employ so that when docker0 or br-XXXXXXXX is created, I can have a script called with the bridge name and IP subnets listed, for me to add those routes to my other routing tables?

For the record; this is docker info:

Containers: 19
 Running: 0
 Paused: 0
 Stopped: 19
Images: 320
Server Version: 18.05.0-ce
Storage Driver: btrfs
 Build Version: Btrfs v4.10.2
 Library Version: 102
Logging Driver: json-file
Cgroup Driver: cgroupfs
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 4ac4fd0b6a268fe6f38b2b2e32e40daa7e424fac (expected: 773c489c9c1b21a6d78b5c538cd395416ec50f88)
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: v0.16.1 (expected: 949e6facb77383876aeff8a6944dde66b3089574)
Security Options:
  Profile: default
Kernel Version: 4.17.1-vk4msl-ws-03110-g4a7914b0f375
Operating System: Gentoo/Linux
OSType: linux
Architecture: x86_64
CPUs: 16
Total Memory: 15.68GiB
Name: vk4msl-ws
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Username: sjlongland
Experimental: false
Insecure Registries:
Live Restore Enabled: false