Search code examples
dockernetwork-programmingipv4

Bind to multiple ip addresses in a single docker container

So I have docker running on a vm in Azure, I have 5 different public ipv4 addresses assigned to this instance, with the private ips at the host level being 172.16.0.4 - 172.16.0.8 on eth0.

In my node.js app, I want to make a http requests but load balance between those 5 ips, so when I make the request I'm choosing different 172.x ips for each request to bind to, but I'm getting: Error: bind EADDRNOTAVAIL 172.16.0.4, etc.

Is there something I need to do to allow a docker container instance access to these ips?

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0d:3a:73:c1:f2 brd ff:ff:ff:ff:ff:ff
inet 172.16.0.4/24 brd 172.16.0.255 scope global eth0
   valid_lft forever preferred_lft forever
inet 172.16.0.5/24 brd 172.16.0.255 scope global secondary eth0
   valid_lft forever preferred_lft forever
inet 172.16.0.6/24 brd 172.16.0.255 scope global secondary eth0
   valid_lft forever preferred_lft forever
inet 172.16.0.7/24 brd 172.16.0.255 scope global secondary eth0
   valid_lft forever preferred_lft forever
inet 172.16.0.8/24 brd 172.16.0.255 scope global secondary eth0
   valid_lft forever preferred_lft forever
Solution

  • Host interfaces and addresses are not available to a process running inside a container unless you are using the --net=host option to docker run

    A container normally runs in it's own network namespace with it's own address space. If you run ip address show in a container you will see a different set of interfaces to what you do running ip address show on the host

    To route outbound requests from a container via a specific IP you are probably stepping outside of what Docker can setup for you, apart from --net=host

    • docker run --net host will work but gives the container access to the hosts networking, which has security implications.

    • Assign 5 virtual interfaces inside the container with pipework, and setup NAT or source based routing rules to look at each source address/interface.

    • It's possible to "bridge" interfaces from the container directly to the network as well with Dockers macvlan driver or pipework. This is more complex on cloud providers as most providers filter mac addresses on the network, so you need to reconfigure the MAC address of the interface in the container.