Nodes on the same subnet?

Greetings All,

I hope that everyone is doing well today.

I have recently setup Rancher Server with RancherOS on 6 nodes (4 on a LAN and 2 on the WAN). I can see all of them from the Rancher Server but have a question about containers visibility to each other.

I would like to be able to have it so that all of the container, no matter what node they are physically running on, to be able to see the other containers in the system. What I am wondering is if I have a container, or more, running on the LAN nodes then will the WAN nodes be able to see them, if I know their IP?

The reason for this question is that the LAN nodes are actually on a private network behind a firewall on the 192.168.1.x subnet (physically) so directly accessing them from the public WAN internet is not possible but there may be containers running on both the LAN & WAN nodes that need to see each other.

Can someone please discuss or comment on this?

My thoughts were that I would have to somehow put the whole RancherOS cluster on the same subnet for this to work, but maybe not.


All the hosts in an environment need unique, musky reachable IP addresses on the IPSec ports (500 and 4500/udp). It does not matter if they are in the same subnet or not, the just needs to be layer 3 communication between all the IPs shown on the hosts in the UI.

If you have be that, then the managed IPSec network creates tunnels between hosts as needed to allow all containers (that use managed networking) to talk to each other using their respective 10.42.x.y addresses.

But in the situation you described it sounds like 4 of them are behind the same NAT… so they will likely not have unique addresses that the other two outside can reach. You could split them up into two environments, and use the private IPs for the the 4 NATted hosts.