我正在使用docker,当我启动某个容器时,它会启动码头工人网络接口。守护进程设置2 条新航线,包括新的默认路线,覆盖旧路线。当然,它禁用了我的互联网连接。我必须选择:容器或互联网。
wlp8s0 由 DHCP 控制,我想 docker 也是如此。
我在用着:
Debian 4.19.28-2(2019-03-15)x86_64 GNU/Linux
Docker 版本 18.09.5,内部版本 e8ff056
启动docker网络之前的路由表是:
Destiny Gateway Mask. Options Metric Ref use Iface
default _gateway 0.0.0.0 UG 0 0 0 wlp8s0
10.0.0.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp8s0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
启动任何容器后:
Destiny Gateway Mask. Options Metric Ref use Iface
default 0.0.0.0 0.0.0.0 U 0 0 0 veth0f9e15f
default _gateway 0.0.0.0 UG 0 0 0 wlp8s0
10.0.0.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp8s0
link-local 0.0.0.0 255.255.0.0 U 0 0 0 veth0f9e15f
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
- 我的 /etc/network/interfaces 中只有默认值
- 在 /etc/iproute2/rt_tables 中,仅保留值 255,254 和 253 被设置为 local、main 和 default。
- 接口.d 中没有文件
我参考的接口:
3: wlp8s0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether a4:17:31:fd:3f:f3 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.60/24 brd 10.0.0.255 scope global noprefixroute wlp8s0
valid_lft forever preferred_lft forever
7: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:85:c7:f8:af brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:85ff:fec7:f8af/64 scope link
valid_lft forever preferred_lft forever
52: veth0f9e15f@if51: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether ce:31:95:8e:e1:4b brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 169.254.26.188/16 brd 169.254.255.255 scope global veth0f9e15f
valid_lft forever preferred_lft forever
inet6 fe80::cc31:95ff:fe8e:e14b/64 scope link
valid_lft forever preferred_lft forever
我的容器:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b2a179ae6336 guacamole/guacamole "/opt/guacamole/bin/…" 4 hours ago Exited (143) About an hour ago guacamole
3f334e77c607 mariadb "docker-entrypoint.s…" 4 hours ago Exited (0) About an hour ago mariadb
b760bf700d8f guacamole/guacd "/bin/sh -c '/usr/lo…" 19 hours ago Exited (137) About an hour ago myguacd
ddcbbd2e4f6d phpmyadmin/phpmyadmin "/run.sh supervisord…" 23 hours ago Exited (0) About an hour ago phpmyadmin
8cf84a35676b portainer/portainer "/portainer" 24 hours ago Up 31 minutes 0.0.0.0:9000->9000/tcp portainer
21e29de41252 resilio/sync "run_sync --config /…" 24 hours ago Exited (0) About an hour ago Sync
Docker 网络:
NETWORK ID NAME DRIVER SCOPE
a7abfffd7abb bridge bridge local
cdf93d14df48 host host local
2ff09ecdac42 none null local
当我尝试跟踪路由到 8.8.8.8 时,首先使用 docker 路由,其次使用正确的默认路由,我得到:r
root@debianhost:/etc/network# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 debianhost.local (169.254.254.108) 3068.675 ms !H 3068.593 ms !H 3068.567 ms !H
root@debianhost:/home/usrnm# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 _gateway (10.0.0.1) 1.124 ms 1.783 ms 1.759 ms
2 10.255.255.19 (10.255.255.19) 4.142 ms 4.080 ms 4.658 ms
3 10.6.2.61 (10.6.2.61) 4.644 ms 5.425 ms 5.413 ms
我的dhclient.conf:
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
send host-name = gethostname();
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
netbios-name-servers, netbios-scope, interface-mtu,
rfc3442-classless-static-routes, ntp-servers;
我尝试过什么?
- 删除一些容器
- 停止所有容器
- 删除 docker bridge 网络(由于它是默认网络,所以不可能)
- 多次重启docker deamon、计算机、网络接口...
- 在 /etc/docker/daemon.js 中添加 --bip 172.17.0.1/16。
- 当我删除所有 veth* 接口路由时,docker 会创建另一个默认路由。
目前的解决方法...
- 创建新路线:sudo route add default gw 10.0.0.1 wlp8s0
- 或者将此文本添加到 /etc/NetworkManager/NetworkManager.conf (于 2019 年 4 月 24 日添加)
[keyfile]
unmanaged-devices=interface-name:veth*
但是,这不是解决方案,我不知道这会对容器网络产生什么影响。
问题
创建另一条默认路由会有一些缺点吗?
问题出在docker,为什么它会表现得这样?
我可以拥有多个默认网络路由(没有问题)吗?
如何永久解决这个问题,或者如何避免它发生?
可能是我的 dhcp 客户端吗?
欢迎任何帮助!
--------- 于 2019 年 4 月 25 日添加 ---------
更多输出
$ ip -4 route show table all
default dev vethecb6424 scope link
default via 10.0.0.1 dev wlp8s0 proto dhcp metric 600
10.0.0.0/24 dev wlp8s0 proto kernel scope link src 10.0.0.60 metric 600
10.0.0.1 dev wlp8s0 scope link
169.254.0.0/16 dev vethecb6424 proto kernel scope link src 169.254.100.23
169.254.0.0/16 dev vethfa2d67b proto kernel scope link src 169.254.169.71
169.254.0.0/16 dev vethe3baba8 proto kernel scope link src 169.254.18.47
169.254.0.0/16 dev vethdad294c proto kernel scope link src 169.254.135.194
169.254.0.0/16 dev veth286d984 proto kernel scope link src 169.254.203.214
169.254.0.0/16 dev vethf0499b4 proto kernel scope link src 169.254.26.152
169.254.0.0/16 dev veth5bc4e10 proto kernel scope link src 169.254.56.53
169.254.0.0/16 dev veth9644994 proto kernel scope link src 169.254.159.65
169.254.0.0/16 dev vethe026982 proto kernel scope link src 169.254.220.98
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.18.0.0/16 dev br-f9c59cf90bcd proto kernel scope link src 172.18.0.1
broadcast 10.0.0.0 dev wlp8s0 table local proto kernel scope link src 10.0.0.60
local 10.0.0.60 dev wlp8s0 table local proto kernel scope host src 10.0.0.60
broadcast 10.0.0.255 dev wlp8s0 table local proto kernel scope link src 10.0.0.60
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 169.254.0.0 dev vethecb6424 table local proto kernel scope link src 169.254.100.23
broadcast 169.254.0.0 dev vethfa2d67b table local proto kernel scope link src 169.254.169.71
broadcast 169.254.0.0 dev vethe3baba8 table local proto kernel scope link src 169.254.18.47
broadcast 169.254.0.0 dev vethdad294c table local proto kernel scope link src 169.254.135.194
broadcast 169.254.0.0 dev veth286d984 table local proto kernel scope link src 169.254.203.214
broadcast 169.254.0.0 dev vethf0499b4 table local proto kernel scope link src 169.254.26.152
broadcast 169.254.0.0 dev veth5bc4e10 table local proto kernel scope link src 169.254.56.53
broadcast 169.254.0.0 dev veth9644994 table local proto kernel scope link src 169.254.159.65
broadcast 169.254.0.0 dev vethe026982 table local proto kernel scope link src 169.254.220.98
local 169.254.18.47 dev vethe3baba8 table local proto kernel scope host src 169.254.18.47
local 169.254.26.152 dev vethf0499b4 table local proto kernel scope host src 169.254.26.152
local 169.254.56.53 dev veth5bc4e10 table local proto kernel scope host src 169.254.56.53
local 169.254.100.23 dev vethecb6424 table local proto kernel scope host src 169.254.100.23
local 169.254.135.194 dev vethdad294c table local proto kernel scope host src 169.254.135.194
local 169.254.159.65 dev veth9644994 table local proto kernel scope host src 169.254.159.65
local 169.254.169.71 dev vethfa2d67b table local proto kernel scope host src 169.254.169.71
local 169.254.203.214 dev veth286d984 table local proto kernel scope host src 169.254.203.214
local 169.254.220.98 dev vethe026982 table local proto kernel scope host src 169.254.220.98
broadcast 169.254.255.255 dev vethecb6424 table local proto kernel scope link src 169.254.100.23
broadcast 169.254.255.255 dev vethfa2d67b table local proto kernel scope link src 169.254.169.71
broadcast 169.254.255.255 dev vethe3baba8 table local proto kernel scope link src 169.254.18.47
broadcast 169.254.255.255 dev vethdad294c table local proto kernel scope link src 169.254.135.194
broadcast 169.254.255.255 dev veth286d984 table local proto kernel scope link src 169.254.203.214
broadcast 169.254.255.255 dev vethf0499b4 table local proto kernel scope link src 169.254.26.152
broadcast 169.254.255.255 dev veth5bc4e10 table local proto kernel scope link src 169.254.56.53
broadcast 169.254.255.255 dev veth9644994 table local proto kernel scope link src 169.254.159.65
broadcast 169.254.255.255 dev vethe026982 table local proto kernel scope link src 169.254.220.98
broadcast 172.17.0.0 dev docker0 table local proto kernel scope link src 172.17.0.1
local 172.17.0.1 dev docker0 table local proto kernel scope host src 172.17.0.1
broadcast 172.17.255.255 dev docker0 table local proto kernel scope link src 172.17.0.1
broadcast 172.18.0.0 dev br-f9c59cf90bcd table local proto kernel scope link src 172.18.0.1
local 172.18.0.1 dev br-f9c59cf90bcd table local proto kernel scope host src 172.18.0.1
broadcast 172.18.255.255 dev br-f9c59cf90bcd table local proto kernel scope link src 172.18.0.1
$ ip -4 rule
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
$ ip -4 route
default dev vethecb6424 scope link
default via 10.0.0.1 dev wlp8s0 proto dhcp metric 600
10.0.0.0/24 dev wlp8s0 proto kernel scope link src 10.0.0.60 metric 600
10.0.0.1 dev wlp8s0 scope link
169.254.0.0/16 dev vethecb6424 proto kernel scope link src 169.254.100.23
169.254.0.0/16 dev vethfa2d67b proto kernel scope link src 169.254.169.71
169.254.0.0/16 dev vethe3baba8 proto kernel scope link src 169.254.18.47
169.254.0.0/16 dev vethdad294c proto kernel scope link src 169.254.135.194
169.254.0.0/16 dev veth286d984 proto kernel scope link src 169.254.203.214
169.254.0.0/16 dev vethf0499b4 proto kernel scope link src 169.254.26.152
169.254.0.0/16 dev veth5bc4e10 proto kernel scope link src 169.254.56.53
169.254.0.0/16 dev veth9644994 proto kernel scope link src 169.254.159.65
169.254.0.0/16 dev vethe026982 proto kernel scope link src 169.254.220.98
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.18.0.0/16 dev br-f9c59cf90bcd proto kernel scope link src 172.18.0.1