I have tested Rancher before in the past in Digital Ocean as well privately, I like the concept on how it manages everything, including linking containers, services, managed network, etc.
My question is regarding the networks used in Rancher per the documentation. I’m not a Docker expert and since Rancher seems to be doing things a bit different I may better ask and be safe.
Rancher uses the range 10.42.0.0 and Docker bridge by default 172.17.0.0
I know you can change that default in Docker but I may rather stick to the default when launching new systems for usability reasons. Does someone know how this can potentially affect other systems in the same network? Assuming you VLAN’s or not.
For example, I can stay away from using the 10.42 range, but even if I use it, I could use the same IP’s as a Rancher and from my understand is that it would have no effect or conflict because Rancher uses them in their own managed network which is not accesible outside the containers or Rancher. But what about the Docker bridge? If there are several machines running Dockers can this cause a network/ip conflict in my network?
While I don’t use the 10.42 internally I happen to actually use the 172.17.0.0/16 range for some things and I prefer it to be reserved for my own use. Is this exposed out of the machine running Docker or its contained inside that host only?
But what about the Docker bridge? If there are several machines running Dockers can this cause a network/ip conflict in my network?
That’s exactly the problem with the ‘basic’ docker networking. The IP addresses of the containers across different hosts is not unique. Rancher allocates IP addresses for the containers across the hosts in the cluster from the 10.42.0.0/16 subnet making it possible for the containers to have a unique IP address.
For example, I can stay away from using the 10.42 range, but even if I use it, I could use the same IP’s as a Rancher and from my understand is that it would have no effect or conflict because Rancher uses them in their own managed network which is not accesible outside the containers or Rancher.
Yes 10.42.0.0/16 is used my Rancher managed network. Since this subnet is used on the hosts, it’s not recommended to use the same subnet in your network. As you can see below, we have a directly connected route on the hosts.
root@mycluster-h1:~# ip route
default via 10.240.0.1 dev eth0
10.42.0.0/16 dev docker0 proto kernel scope link src 10.42.0.1
10.240.0.1 dev eth0 scope link
169.254.169.250 dev docker0 scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
root@mycluster-h1:~#
You are free to change the default subnet which docker uses. As mentioned earlier, this docker subnet doesn’t allow unique IP addresses for the containers on different hosts.
We do not use VLANs in Rancher networking.[quote=“net, post:1, topic:5056”]
While I don’t use the 10.42 internally I happen to actually use the 172.17.0.0/16 range for some things and I prefer it to be reserved for my own use. Is this exposed out of the machine running Docker or its contained inside that host only?
[/quote]
If you are using this subnet for your own purposes within the cluster, then you can either change the docker’s default subnet or change your choice of subnet for your purposes. If another route with 172.17.0.0/16 shows up, the routing will get messed up.