Docker Community Forums

Share and learn in the Docker community.

Docker0 network down

Hello,
I’d like to clarify why in my docker host the docker0 interface is DOWN and evertything seems to work.
I’ve read about people wanting to change docker0 address, other wanted to stop it.
Why is not UP as expected ?
I needed to get docker0 address in an ansible playbook to config containers to access a host port.

In my /etc/docker/daemon.json i have this :

“default-address-pools”: [{“base”: “172.240.0.0/16”, “size”: 24}

I presume this could be relevant to the issue.

Thanks for your suggestions.

There are two network models here Docker and Kubernetes.

Docker model

By default, Docker uses host-private networking. It creates a virtual bridge, called docker0 by default, and allocates a subnet from one of the private address blocks defined in RFC1918 for that bridge. For each container that Docker creates, it allocates a virtual Ethernet device (called veth) which is attached to the bridge. The veth is mapped to appear as eth0 in the container, using Linux namespaces. The in-container eth0 interface is given an IP address from the bridge’s address range.

The result is that Docker containers can talk to other containers only if they are on the same machine (and thus the same virtual bridge). Containers on different machines can not reach each other - in fact they may end up with the exact same network ranges and IP addresses.

Kubernetes model

Kubernetes imposes the following fundamental requirements on any networking implementation (barring any intentional network segmentation policies):

all containers can communicate with all other containers without NAT
all nodes can communicate with all containers (and vice-versa) without NAT
the IP that a container sees itself as is the same IP that others see it as
Kubernetes applies IP addresses at the Pod scope - containers within a Pod share their network namespaces - including their IP address. This means that containers within a Pod can all reach each other’s ports on localhost. This does imply that containers within a Pod must coordinate port usage, but this is no different than processes in a VM. This is called the “IP-per-pod” model. This is implemented, using Docker, as a “pod container” which holds the network namespace open while “app containers” (the things the user specified) join that namespace with Docker’s --net=container: function.

As with Docker, it is possible to request host ports, but this is reduced to a very niche operation. In this case a port will be allocated on the host Node and traffic will be forwarded to the Pod. The Pod itself is blind to the existence or non-existence of host ports.

In order to integrate the platform with the underlying network infrastructure Kubernetes provide a plugin specification called Container Networking Interface (CNI). If the Kubernetes fundamental requirements are met vendors can use network stack as they like, typically using overlay networks to support multi-subnet and multi-az clusters.

Bellow is shown how overlay networks are implemented through Flannel which is a popular CNI.

flannel

You can read more about other CNI’s here. The Kubernetes approach is explained in Cluster Networking docs. I also recommend reading Kubernetes Is Hard: Why EKS Makes It Easier for Network and Security Architects which explains how Flannel works, also another article from Medium

Hope this answers your question.

Thanks, I’ve already read that.
By the way I’m working on a single docker host, not with kubernetes.
The question was about WHY the network interface docker0 is DOWN instead of UP and this seems not to affect docker.