Docker 正在创建另一个默认网络路由，覆盖默认路由并禁用互联网连接

Question

我正在使用 docker，当我启动一些容器时，它会启动docker网络接口。有了它，守护进程设置了2 条新路由，包括一条新的默认路由，覆盖了我的旧路由。当然，它会禁用我的互联网连接。我必须选择：容器还是互联网。

\n

wlp8s0 是由 DHCP 提供的，我想也是 docker 提供的。

\n

我在用着：

\n

\n

Debian 4.19.28-2 (2019-03-15) x86_64 GNU/Linux

\n

Docker 版本 18.09.5，内部版本 e8ff056

\n

\n

启动docker网络之前我的路由表是：

\n

Destiny         Gateway        Mask.          Options Metric Ref    use Iface\ndefault         _gateway        0.0.0.0         UG    0      0        0 wlp8s0\n10.0.0.0        0.0.0.0         255.255.255.0   U     600    0        0 wlp8s0\n172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0\n

\n

启动任何容器后：

\n

Destiny         Gateway        Mask.          Options Metric Ref    use Iface\ndefault         0.0.0.0         0.0.0.0         U     0      0        0 veth0f9e15f\ndefault         _gateway        0.0.0.0         UG    0      0        0 wlp8s0\n10.0.0.0        0.0.0.0         255.255.255.0   U     600    0        0 wlp8s0\nlink-local      0.0.0.0         255.255.0.0     U     0      0        0 veth0f9e15f\n172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0\n

\n

\n
• 仅在我的 /etc/network/interfaces 中默认
\n
• 在 /etc/iproute2/rt_tables 中，只有保留值 255,254 e 253 设置为 local、main 和 default。
\n
• Interfaces.d 中没有文件
\n

\n

我参考的接口：

\n

3: wlp8s0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000\n    link/ether a4:17:31:fd:3f:f3 brd ff:ff:ff:ff:ff:ff\n    inet 10.0.0.60/24 brd 10.0.0.255 scope global noprefixroute wlp8s0\n       valid_lft forever preferred_lft forever\n7: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default \n    link/ether 02:42:85:c7:f8:af brd ff:ff:ff:ff:ff:ff\n    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0\n       valid_lft forever preferred_lft forever\n    inet6 fe80::42:85ff:fec7:f8af/64 scope link \n       valid_lft forever preferred_lft forever\n52: veth0f9e15f@if51: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default \n    link/ether ce:31:95:8e:e1:4b brd ff:ff:ff:ff:ff:ff link-netnsid 0\n    inet 169.254.26.188/16 brd 169.254.255.255 scope global veth0f9e15f\n       valid_lft forever preferred_lft forever\n    inet6 fe80::cc31:95ff:fe8e:e14b/64 scope link \n       valid_lft forever preferred_lft forever\n

\n

我的容器：

\n

CONTAINER ID        IMAGE                   COMMAND                  CREATED             STATUS                           PORTS                    NAMES\nb2a179ae6336        guacamole/guacamole     "/opt/guacamole/bin/\xe2\x80\xa6"   4 hours ago         Exited (143) About an hour ago                            guacamole\n3f334e77c607        mariadb                 "docker-entrypoint.s\xe2\x80\xa6"   4 hours ago         Exited (0) About an hour ago                              mariadb\nb760bf700d8f        guacamole/guacd         "/bin/sh -c \'/usr/lo\xe2\x80\xa6"   19 hours ago        Exited (137) About an hour ago                            myguacd\nddcbbd2e4f6d        phpmyadmin/phpmyadmin   "/run.sh supervisord\xe2\x80\xa6"   23 hours ago        Exited (0) About an hour ago                              phpmyadmin\n8cf84a35676b        portainer/portainer     "/portainer"             24 hours ago        Up 31 minutes                    0.0.0.0:9000->9000/tcp   portainer\n21e29de41252        resilio/sync            "run_sync --config /\xe2\x80\xa6"   24 hours ago        Exited (0) About an hour ago                              Sync\n

\n

Docker 网络：

\n

NETWORK ID          NAME                DRIVER              SCOPE\na7abfffd7abb        bridge              bridge              local\ncdf93d14df48        host                host                local\n2ff09ecdac42        none                null                local\n

\n

当我尝试跟踪路由到 8.8.8.8 时，首先使用 docker 路由，然后使用正确的默认路由，我得到：\nr

\n

root@debianhost:/etc/network# traceroute 8.8.8.8\ntraceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets\n 1  debianhost.local (169.254.254.108)  3068.675 ms !H  3068.593 ms !H  3068.567 ms !H\n\n\nroot@debianhost:/home/usrnm# traceroute 8.8.8.8\ntraceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets\n 1  _gateway (10.0.0.1)  1.124 ms  1.783 ms  1.759 ms\n 2  10.255.255.19 (10.255.255.19)  4.142 ms  4.080 ms  4.658 ms\n 3  10.6.2.61 (10.6.2.61)  4.644 ms  5.425 ms  5.413 ms\n

\n

我的 dhclient.conf：

\n

option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;\n\nsend host-name = gethostname();\nrequest subnet-mask, broadcast-address, time-offset, routers,\n    domain-name, domain-name-servers, domain-search, host-name,\n    dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,\n    netbios-name-servers, netbios-scope, interface-mtu,\n    rfc3442-classless-static-routes, ntp-servers;\n

\n

我尝试了什么？

\n

\n
• 删除一些容器
\n
• 停止所有容器
\n
• 删除 docker 桥接网络（不可能，因为它是默认的）
\n
• 多次重启 docker deamon、计算机、网络接口...
\n
• 在 /etc/docker/daemon.js 中添加 --bip 172.17.0.1/16。
\n
• 当我删除所有 veth* 接口路由时，docker 会创建另一个默认路由。
\n

\n

目前的解决方法...

\n

\n
• 创建新路由：\nsudo route add default gw 1​​0.0.0.1 wlp8s0
\n
• 或将此文本添加到 /etc/NetworkManager/NetworkManager.conf （于 24/04/2019 添加）
\n

\n

[keyfile]\nunmanaged-devices=interface-name:veth*\n

\n

但是，这不是解决方案，我不知道对容器网络有何影响。

\n

问题

\n

\n

1. 创建另一个默认路由会有一些缺点吗？

   \n
\n

2. 问题是docker，为什么它会这样呢？

   \n
\n

3. 我可以有多个默认网络路由（没有问题）吗？

   \n
\n

4. 如何永久解决这个问题，或者如何避免它发生？

   \n
\n

5. 这可能是我的 dhcp 客户端吗？

   \n

   欢迎任何帮助！

   \n
\n

\n

--------- 于 2019 年 4 月 25 日添加 ---------

\n

更多输出

\n

Destiny         Gateway        Mask.          Options Metric Ref    use Iface\ndefault         _gateway        0.0.0.0         UG    0      0        0 wlp8s0\n10.0.0.0        0.0.0.0         255.255.255.0   U     600    0        0 wlp8s0\n172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0\n

\n

Destiny         Gateway        Mask.          Options Metric Ref    use Iface\ndefault         0.0.0.0         0.0.0.0         U     0      0        0 veth0f9e15f\ndefault         _gateway        0.0.0.0         UG    0      0        0 wlp8s0\n10.0.0.0        0.0.0.0         255.255.255.0   U     600    0        0 wlp8s0\nlink-local      0.0.0.0         255.255.0.0     U     0      0        0 veth0f9e15f\n172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0\n

\n

3: wlp8s0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000\n    link/ether a4:17:31:fd:3f:f3 brd ff:ff:ff:ff:ff:ff\n    inet 10.0.0.60/24 brd 10.0.0.255 scope global noprefixroute wlp8s0\n       valid_lft forever preferred_lft forever\n7: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default \n    link/ether 02:42:85:c7:f8:af brd ff:ff:ff:ff:ff:ff\n    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0\n       valid_lft forever preferred_lft forever\n    inet6 fe80::42:85ff:fec7:f8af/64 scope link \n       valid_lft forever preferred_lft forever\n52: veth0f9e15f@if51: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default \n    link/ether ce:31:95:8e:e1:4b brd ff:ff:ff:ff:ff:ff link-netnsid 0\n    inet 169.254.26.188/16 brd 169.254.255.255 scope global veth0f9e15f\n       valid_lft forever preferred_lft forever\n    inet6 fe80::cc31:95ff:fe8e:e14b/64 scope link \n       valid_lft forever preferred_lft forever\n

\n