Avoiding Docker network conflicts with reserved IP ranges

Avoiding Docker network conflicts with reserved IP ranges

Introduction

I run several Docker containers managed with Dockge on an LXC in Proxmox. Recently, I encountered an issue where my LXC became unresponsive, and new containers were unreachable. Even the LXC itself stopped responding to pings. After some investigation, I discovered that Docker was assigning an IP range that conflicted with my home network. This quick guide outlines how I resolved the issue.

The problem: Docker attempts to use an IP range that is already in use elsewhere on my network

I use the 192.168.x.x IP range for my home network. Everything worked fine until Docker started assigning IPs within that same range, causing conflicts. Previously, Docker used the 172.16.x.x range, which didn't interfere with my network. To resolve this, I needed to configure Docker to avoid using IP ranges that could potentially collide with other parts of my network.

The solution: Explicitly define what ranges Docker is allowed to use

You can explicitly define which IP ranges Docker is allowed to use. One straightforward method is to configure this in the Docker daemon.json file, typically located at /etc/docker/daemon.json.

Check the contents of your existing file:

cat /etc/docker/daemon.json

Mine had an existing defintion for the log driver, but yours could be empty.

/etc/docker/daemon.json
{
  "log-driver": "journald"
}

You can add a new key value pair as follows. This will explicitly define which ranges are OK, and thus exclude IPs not in that range. For me, this meant excluding 192.168.x.x.

nano /etc/docker/daemon.json
/etc/docker/daemon.json
{
  "log-driver": "journald",
  "default-address-pools": [
    {
      "base": "172.16.0.0/12",
      "size": 24
    },
    {
      "base": "10.0.0.0/8",
      "size": 24
    }
  ]
}

Then just reload the configuration and restart Docker.

systemctl daemon-reload
sudo systemctl restart docker.service

If your docker does not load, you can use the followng command to check what may be the issue.

journalctl -xeu docker.service

Wrap up

By configuring Docker to use specific IP ranges, you can prevent network conflicts that may cause your LXC or containers to become unresponsive. This guide demonstrated how to modify the daemon.json file to set acceptable IP ranges and ensure smooth operation. Following these steps can help maintain a stable and conflict-free Docker environment.