How to have multicast support inside container? I noticed that from inside container I am not able to send multicast packets say to a destination multicast IP address 239.193.7.77 . Seems they are being blocked.
On further investigation I also found that upon adding “–net=host” option before launching the container with “docker run”, docker allows sending multicast packets from inside container to an external multicast address.
Here, I am asking if there is a capability specific for multicast support on container? I mean a capability to be able to send multicast packets from containers? or “–net=host” is the only option I have. I think “–net=host” is not good as it exposes more privilege to container.
Also, the reason for not having support for multicast from containers?
Is this really the right question, if you already identified that multicast works if --net=host is used. It works because the container does not apply network namespace isolation from the host network namespace, as in “it uses the hosts network interfaces directly”.
How is a container connected to a natted bridge network supposed to receive multicast traffic from your LAN or send it to your LAN, if it’s in a different network. This does not even work in networks with physical switches and routers.
My question is, container is not able to send out multicast packets without --net=host.
Normally, container should be able to send outside any multicast packet.
Receiving of multicast I understand what you are referring that its blocked in case of any NAT device. However, my question is not on receiving, instead sending of multicast packet from container.
I am looking if there is any documentation which explains this and how to enable just sending of multicast, if that’s a capability. Enabling --net=host, I think is a security risk as it gives more privilege than required.
Just to be sure: are you aware that multicast spans over the broadcast domain of a network?
Hint: bridge and overlay networks are different broadcast domains than the subnet of the host.
Or are you saying that you have multiple containers in a bridge network, and multicast is not working amongst these containers in the same network. That would be at least a case worth discussing.