Allow bridge net driver to skip IPv4 configuration of bridge interface #2317
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Introduce "com.docker.network.bridge.inhibit_ipv4" option to the bridge network driver. If set, this option will prevent docker from setting or modifying Layer-3 (IP) configuration on the bridge interface in any way. This option should allow connecting containers to pre-existing network segments (with e.g., pre-existing default gateways) while simultaneously preserving our ability to communicate with the host and/or configure the properties of the host-side container virtual network interface (e.g., delay/loss/jitter via netem), which can not be done using macvlan. Signed-off-by: Gabriel Somlo <gsomlo@gmail.com>
|
ping @fcrisciani PTAL |
selansen
approved these changes
Jul 7, 2019
|
@gsomlo , Can you pls add one test case to cover this new change and make sure we don't regress? |
|
@gsomlo this PR looks good for East-West traffic (pinging between two Docker containers on the same bridge network) has North-South (ping www.google.com) been verified as well ? |
|
If the patches look good, is there a next step that the community can do to help progress this and the corresponding Moby commit, moby/moby#37430? |
thaJeztah
added a commit
to thaJeztah/docker
that referenced
this pull request
Feb 17, 2020
full diff: moby/libnetwork@feeff4f...6659f7f includes: - moby/libnetwork#2317 Allow bridge net driver to skip IPv4 configuration of bridge interface - adds support for a `com.docker.network.bridge.inhibit_ipv4` label/configuration - addresses moby#37430 Prevent bridge network driver from setting IPv4 address on bridge interface - moby/libnetwork#2454 Support for com.docker.network.host_ipv4 driver label - addresses moby#30053 Unable to choose outbound (external) IP for containers - moby/libnetwork#2491 Improving load balancer performance - addresses moby#35082 [SWARM] Very poor performance for ingress network with lots of parallel requests Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Introduce "com.docker.network.bridge.inhibit_ipv4" option to the bridge
network driver. If set, this option will prevent docker from setting or
modifying Layer-3 (IP) configuration on the bridge interface in any way.
This option should allow connecting containers to pre-existing network
segments (with e.g., pre-existing default gateways) while simultaneously
preserving our ability to communicate with the host and/or configure the
properties of the host-side container virtual network interface (e.g.,
delay/loss/jitter via netem), which can not be done using macvlan.
Also see following Moby project issue: moby/moby#37430