Do I need to request IP space for the Rancher managed network?

I’ll be running Rancher on a VM host in a company-wide shared data center. I’m a little unclear about the 10.42.0.0/16 IP space that Rancher uses… is it only used locally on each node, or does this IP space need to be available/reserved in my data center for a multi-node deployment?

It’s internal to the containers/Rancher set up. It does not “have to be reserved”, however, if you are using it on your network, then the 10.42.0.0/16 subnet won’t be able to reach your containers or vice-versa since it does not perform NATing. Other sub-nets won’t have issues. Let’s say you have a Wordpress container, it will be accessed using the host’s IP address - say 10.13.10.3. The 10.42.0.0/16 address is used between containers in the Rancher managed network.

At least it’s my understanding - I didn’t test it.

If you happen to already be using the 10.42.x used in your set up for hosts, then you can always update the subnet that Rancher is using.

http://docs.rancher.com/rancher/faqs/#the-subnet-used-by-rancher-is-already-used-in-my-network-how-do-i-change-the-subnet

Thanks you so much etiweather and Denise! I think that clears up my question quite well!

Can we specify the ip space when creating rancher/server using executing “docker run” command? for example, setting an environment variable. otherwise, the default environment will use the 10.42 IP space.

@okenjian Are you talking about the managed network (all the containers using the 10.42.x.x IP)? If so, you can update it following the docs.

http://docs.rancher.com/rancher/faqs/#subnet

Yes, any setting can be overridden with an environment variable by prepending CATTLE_, uppercasing and replacing dots with underscores:

-e CATTLE_DOCKER_NETWORK_SUBNET_CIDR=172.16.0.0/16

1 Like

yes, i am talking about the managed network. but I want to set the value by environment variable. And vincent has told me how to set it.
thank you!

this is exactly what I want, thank you very much!

Are there implications in using 172.x.x.x or 192.x.x.x in a multi-node deployment with the way Rancher is using IPSec tunnels, or do we need to ensure that we are using a more public address space?

@dan For the IPsec tunnels, you only need to make sure that UDP ports 500 and 4500 are open on the hosts.