Docker networking... private range or not?Current Working Directoryhttp://current.workingdirectory.net/posts/2015/docker-networking/Current Working Directoryikiwiki2015-05-14T21:03:51ZPrivate rangehttp://current.workingdirectory.net/posts/2015/docker-networking/comment_1_ca3f0950bc8452b02ce880c2944d6732/Anonymous2015-05-05T21:18:32Z2015-05-05T20:09:48Z
hmm am I mistaken or is 172.17.0.0/16 part of 172.16.0.0/12?
RFC1918http://current.workingdirectory.net/posts/2015/docker-networking/comment_1_83b71216b01c3c999e1d7bed631427fb/Anonymous2015-05-05T21:18:32Z2015-05-05T20:10:56Z
Well, 172.17.42.1/16 really looks like it's inside 172.16/12 to me.
comment 1http://current.workingdirectory.net/posts/2015/docker-networking/comment_1_db922ab8ce4c3e5a8d9cb118874ab14d/Anonymous2015-05-05T21:18:32Z2015-05-05T20:14:39Z
172.16.0.0 < 172.17.42.1/16 < 172.31.255.255
comment 1http://current.workingdirectory.net/posts/2015/docker-networking/comment_1_ba8acaed73de129bc1f0062a23d9d024/Anonymous2015-05-05T21:18:32Z2015-05-05T20:21:27Z
172.17.42.1 is in 172.16/12
comment 1http://current.workingdirectory.net/posts/2015/docker-networking/comment_1_1be2218d1ed35be0892cd0a9311f3b73/Anonymous2015-05-05T21:18:32Z2015-05-05T20:22:33Z
172.17.42.1 is in 172.16/12
slash 12http://current.workingdirectory.net/posts/2015/docker-networking/comment_1_03b2ab691bef6e9233d81b96179c6eb4/Anonymous2015-05-05T21:18:32Z2015-05-05T20:23:37Z
<p>172.16.0.0/12 defines the range from 172.16.0.0 to 172.31.255.255</p>
<p>The IP your container was assigned (172.17.42.1) is within that range. So, it is a valid RFC 1918 address.</p>
comment 1http://current.workingdirectory.net/posts/2015/docker-networking/comment_1_c47585fd5348760d8c8e58b6778f7fef/Anonymous2015-05-05T21:18:32Z2015-05-05T20:25:19Z
172.17.42.1 is in 172.16/12
comment 1http://current.workingdirectory.net/posts/2015/docker-networking/comment_1_ac2a712eca7c720837db7279176cf5f6/Anonymous2015-05-05T21:18:32Z2015-05-05T20:26:25Z
<p>172.16.0.0 - 172.31.255.255 or 172.16/12</p>
<p>172.17 is belowthe 172.31 ...</p>
172.16.0.0 is a /12http://current.workingdirectory.net/posts/2015/docker-networking/comment_1_d4c124f1271f757fa5289c188861929c/Anonymous2015-05-05T21:18:32Z2015-05-05T20:28:38Z
Note that it's a /12 so it's from 172.16.0.0 to 172.31.255.255 as you noted. 172.17.42.1 falls within that range.
It's not a public IPhttp://current.workingdirectory.net/posts/2015/docker-networking/comment_1_0a8a035ce5995d609bd99ffc34969382/Anonymous2015-05-05T21:18:32Z2015-05-05T20:42:08Z
<p>That /16 block is definitely part of the larger 172.16.0.0/12 block, so you're fine. No publicly routable addresses were assigned.</p>
<p>It's just a bit odd to specify the .42 octet in combination with the /16 CIDR mask. Your range is effectively 172.17.0.1 - 172.17.255.254.</p>
You are missing somethinghttp://current.workingdirectory.net/posts/2015/docker-networking/comment_1_e6705336879fac44c4dbfd84ac4eb643/Anonymous2015-05-05T21:18:32Z2015-05-05T20:43:12Z
172.16.0.0 - 172.31.255.255 (172.16/12 prefix) contains all the /16 networks from 172.16/16 to 172.31/16 so 172.17/16 is fine.
comment 1http://current.workingdirectory.net/posts/2015/docker-networking/comment_1_258c6542e50b11c625d1743f8ad13492/Anonymous2015-05-05T21:18:32Z2015-05-05T20:44:39Z
172.17.42.1/16 i.e. 172.17.0.0 - 172.17.255.255 is in the subnet 172.16.0.0/12 i.e. 172.16.0.0 - 172.31.255.255, which, according to RFC 1918, is reserved for private internets. Right?
comment 1http://current.workingdirectory.net/posts/2015/docker-networking/comment_1_8d199da7b092e79816f1de9728911866/Anonymous2015-05-05T21:18:32Z2015-05-05T20:56:58Z
172.17.42.1/16 is well within the 172.16/12 prefix. Check with ipcalc <img alt=":)" src="http://current.workingdirectory.net/smileys/smile.png" />
comment 1http://current.workingdirectory.net/posts/2015/docker-networking/comment_1_9c15c2c8f3824eb0d8fb381e366a7c65/Anonymous2015-05-05T21:18:32Z2015-05-05T21:08:10Z
<p>Yes, you're missing something. 172.16/12 covers the range 172.16.0.0 - 172.31.255.255.</p>
<p>HTH,
Chris</p>
Looks fine to mehttp://current.workingdirectory.net/posts/2015/docker-networking/comment_1_1209e8b497ff051d1e2af76f674a4075/Anonymous2015-05-05T21:18:32Z2015-05-05T21:09:15Z
172.17.42.1 is in the 172.16.0.0/12 range defined by RFC1918 (17 is between 16 and 31, inclusive), so it's a perfectly valid private IP address. Or did I misunderstand your question?
It's in the 2nd rangehttp://current.workingdirectory.net/posts/2015/docker-networking/comment_1_60092479be69d3a91904284c87a4f796/Anonymous2015-05-05T21:18:32Z2015-05-05T21:14:08Z
The chosen range of addresses is found within the 172.16.0.0/12 range. The number after the / tells you that it's a rage starting at 172.16.0.0 and ending at 172.31.255.255. You can slice and dice the networks within this range as you see fit; so to carve out 172.17.0.0/16 is perfectly valid.
comment 1http://current.workingdirectory.net/posts/2015/docker-networking/comment_1_a3456367bcb9990c9a2ad29dfdc45d62/Anonymous2015-05-06T13:16:02Z2015-05-05T21:17:28Z
172.17. is within the 172.16.0.0 - 172.31.255.255 range.
Docker networking... private range or not?http://current.workingdirectory.net/posts/2015/docker-networking/comment_17_24d85285122bcc17ca78cc79e00b3677/Anonymous2015-05-06T13:17:31Z2015-05-05T21:22:37Z
<p>No, it's a private IP range. When you plug the numbers into ipcalc, you get:</p>
<pre><code>$ ipcalc 172.16.0.0/12 -s 65534
Address: 172.16.0.0 10101100.0001 0000.00000000.00000000
Netmask: 255.240.0.0 = 12 11111111.1111 0000.00000000.00000000
Wildcard: 0.15.255.255 00000000.0000 1111.11111111.11111111
=>
Network: 172.16.0.0/12 10101100.0001 0000.00000000.00000000
HostMin: 172.16.0.1 10101100.0001 0000.00000000.00000001
HostMax: 172.31.255.254 10101100.0001 1111.11111111.11111110
Broadcast: 172.31.255.255 10101100.0001 1111.11111111.11111111
Hosts/Net: 1048574 Class B, Private Internet
1. Requested size: 65534 hosts
Netmask: 255.255.0.0 = 16 11111111.11111111. 00000000.00000000
Network: 172.16.0.0/16 10101100.00010000. 00000000.00000000
HostMin: 172.16.0.1 10101100.00010000. 00000000.00000001
HostMax: 172.16.255.254 10101100.00010000. 11111111.11111110
Broadcast: 172.16.255.255 10101100.00010000. 11111111.11111111
Hosts/Net: 65534 Class B, Private Internet
Needed size: 65536 addresses.
Used network: 172.16.0.0/16
Unused:
172.17.0.0/16
172.18.0.0/15
172.20.0.0/14
172.24.0.0/13
</code></pre>
<p>As you can see above, '172.17.0.0/16' subnet is contained within 172.16.0.0/12' subnet.</p>
<p>Your example of '172.17.42.1/16' might look weird at first, but it's just a normal CIDR notation of specific host / prefix. This style is a common way to write down IPv6 addresses as well. When you plug this one into ipcalc, you get:</p>
<pre><code>$ ipcalc 172.17.42.1/16
Address: 172.17.42.1 10101100.00010001. 00101010.00000001
Netmask: 255.255.0.0 = 16 11111111.11111111. 00000000.00000000
Wildcard: 0.0.255.255 00000000.00000000. 11111111.11111111
=>
Network: 172.17.0.0/16 10101100.00010001. 00000000.00000000
HostMin: 172.17.0.1 10101100.00010001. 00000000.00000001
HostMax: 172.17.255.254 10101100.00010001. 11111111.11111110
Broadcast: 172.17.255.255 10101100.00010001. 11111111.11111111
Hosts/Net: 65534 Class B, Private Internet
</code></pre>
<p>In other words, you're in the clear. <img alt=":-)" src="http://current.workingdirectory.net/smileys/smile.png" /></p>
Thank you Internethttp://current.workingdirectory.net/posts/2015/docker-networking/comment_1_P5v7CrKAwjfrJwMwaGleDWmnO/jamie [id.mayfirst.org]2015-05-06T13:21:00Z2015-05-06T12:43:12Z
Wow. Thank you Internet! And a curse on my naive decimal thinking. Also, thank you to the commenter who alerted me to the ipcalc program. I just installed it and will be using it a lot in the future.
This is a big problemhttp://current.workingdirectory.net/posts/2015/docker-networking/comment_20_e6f5f90ab334919d1119e308280e65aa/Anonymous2015-05-14T21:03:51Z2015-05-11T18:10:11Z
<p>The big problem is that you lack knowledge of the basics of IPv4 addressing.
You'd better study it a bit, or you will have real problems when trying to configure any networking.</p>
narrow the rangehttp://current.workingdirectory.net/posts/2015/docker-networking/comment_20_e33badb6bd631921886ef003285aa673/Anonymous2015-05-14T21:03:51Z2015-05-14T16:50:40Z
FWIW, I find the default /12 to be rather wide, and I have the unfortunate situation where I get another 172/8 address at work, 10/8 taken up by work VPN, and a 192-range address at home, meaning other private networks (host only VM or whatever) need to share with <em>something</em>. I narrow the range down for docker to a /24, which is more than big enough for my uses. -- (Jonathan Dowland)