Change the IP range used by Docker

This page indicates how to change the IP ranges used by Docker.

By default, docker will use these two ranges:

  • 172.17.0.0/16: for the bridge network (also called docker0)
  • 172.18.0.0/16: for the docker_gwbridge network

If the procedure is followed during the installation of Cyberwatch, only steps 3 and 4 are necessary.

  1. Stop the instance:

    sudo cyberwatch stop
    
  2. Disconnect and remove network docker_gwbridge

  docker network disconnect -f docker_gwbridge gateway_ingress-sbox
  docker network rm docker_gwbridge
  1. Edit file /etc/docker/daemon.json:

    {
      "bip": "10.0.1.1/24",
      "default-address-pools": [
        { "base": "10.0.2.0/18", "size": 24 }
      ]
    }
    

    The field bip (Bridge IP) defines the IP range that network interface docker0 can use. The example reserves IP range 10.0.1.1/24 to the interface. Beware, the range must end with .1, otherwise docker won’t start.

    The field default-address-pools defines the IP range of network interface docker_gwbridge. The example reserves IP range 10.0.2.0/24.

  2. Restart docker:

    sudo systemctl restart docker
    
  3. Start Cyberwatch:

    sudo cyberwatch start
    
  4. Check that the IPs changed:

    docker network inspect bridge | grep Subnet
    docker network inspect docker_gwbridge | grep Subnet
    

Troubleshooting

Potential problem detected on CentOS.

With the suggested configuration, docker may no longer be able to restart successfully on the Cyberwatch server. The command:

systemctl restart docker

may then fail, indicating that it was impossible to create the network docker_gwbridge.

You can then use the following commands as a workaround:

ip link add name docker0 type bridge
ip addr add dev docker0 10.10.0.1/16

This is a onetime fix and must be applied each time you restart docker.

The problem can be fixed permanently by modifying the configuration file like this:

cat > /etc/docker/daemon.json <<EOL
{
  "bip": "10.0.1.1/24",
  "default-address-pools": [
    { "base": "10.0.64.0/18", "size": 24 }
  ]
}
EOL

thus giving docker a larger IP range.

Sources: