Implement allocating IPs from CIDR within bridge network

[LK4D4]

Fixes #4986

It is similar to openstack nova --fixed-cidr and allows to do things like this. And our network engineer very excited about this change :)
Also I've refactored ipallocator a little more.

[LK4D4]

ping @shykes @unclejack @vieux @crosbymichael

[LK4D4]

reping @unclejack @vieux @crosbymichael

[GermanDZ]

+1

[subhraveti]

+1 This is fantastic and nicely fits the Hadoop usecase. How hard would it be to extend this to specify the CIDR per bridge rather than globally (assuming #6155 is implemented)?

[LK4D4]

@subhraveti ~ 4 hours with tests for "per-bridge" I think, it is mostly IP allocator feature.

[LK4D4]

rebased
ping @unclejack @vieux @crosbymichael

[tianon]

I think this seems sane, since we're controlling IP address assignment, providing more control over how they get assigned is generally good, although the UI could end up getting kind of cumbersome to specify via command-line flags, but that's inevitable and a much larger discussion than what's proposed here. :)

[LK4D4]

Also, benchmarks result:

benchmark              old ns/op     new ns/op     delta       
BenchmarkRequestIP     434104        275999        -36.42%     

benchmark              old allocs     new allocs     delta       
BenchmarkRequestIP     1278           771            -39.67%     

benchmark              old bytes     new bytes     delta       
BenchmarkRequestIP     31426         18648         -40.66%

[fkautz]

@LK4D4 Looks like there are some conflicts. Can you rebase this?

[LK4D4]

@fkautz Rebased :) I hope that this rebase will bring PR a lucky charm for review.

[fkautz]

Assigning this to myself so that I can review it.

[LK4D4]

@fkautz Cool, thank you!

[fkautz]

We will need some input from @shykes to make sure the changes are acceptable, since they change the UI. I've asked @tianon to add it to Thursday's meeting, contingent on @shykes being online.

Assuming he agrees with the UI approach, we'll also need additional documentation in docs. I have a few use cases to test out as well, I'll get back to you on how those go.

[LK4D4]

It will be sixth meeting for this PR. I glad to see, that someone interested in this apart from me :)

[shykes]

I think --ip= is more natural. The value can still use the CIDR notation of course.

[vieux]

@LK4D4 what about this comment ?

[SvenDowideit]

I would change the description to be more explicit like IPv4 subnet range for containers on thedocker0bridge

also - can you please add some documentation about how this new option interacts with or relates to the --bip option

[LK4D4]

We talked with @shykes on last meeting and he was okay with --fixed-cidr. This is more common in network engineers world.

[LK4D4]

@SvenDowideit This is not necessary docker0, it can be bridge specified by -b.

[SvenDowideit]

kewl :) if you can add this info into the docs, we're in a better place :)

[shykes]

+1 on the design, as long as it doesn't break links. Just a superficial note on the syntax (--ip feels simpler and more natural).

Sorry for being slow.

[LK4D4]

@shykes I don't think that ip is more natural for this feature :) I expect that --ip sets one fixed IP within bridge range and possibly this will be useful feature. But here we specify not ip, but exactly the cidr.
--fixed-cidr notation already very popular in openstack nova.

[fkautz]

I agree, fixed CIDR is more descriptive. An IP should also be assignable
with /32.
On Jul 10, 2014 9:23 PM, "Alexandr Morozov" notifications@github.com
wrote:

@shykes https://github.com/shykes I don't think that ip is more natural
for this feature :) I expect that --ip sets one fixed IP within bridge
range and possibly this will be useful feature. But here we specify not ip,
but exactly the cidr.
--fixed-cidr notation already very popular in openstack nova.

—
Reply to this email directly or view it on GitHub
#6101 (comment).

[LK4D4]

ping @shykes
What are you think about --fixed-cidr now?

[fkautz]

--fixed-cidr only provides half of the story. I think --fixed-cidr should not set the subnet, only the ip range allocaiton. If we are following openstack's approach, we should use --fixed-range to set the subnet separately from the allocation range. These two combined allow for a great degree of flexibility.

[edit] --fixed-cidr works as i was hoping, no change is necessary.

[tianon]

Just to keep the conversation together:

https://botbot.me/freenode/docker-dev/msg/18199269/

<shykes> I'm ok to merge 6101

[fkautz]

Had a talk with @LK4D4. The subnet isn't touched, so we should be good to go. Just need to add some documentation.

[jessfraz]

LGTM

[jessfraz]

I think just needs docs review from @SvenDowideit

[SvenDowideit]

• space before (
• put docker0 into docker0 code quotes
• s/setted by/set using/

[SvenDowideit]

Docs LGTM - @jamtur01 @fredlf @ostezer

While I like having examples, giving the users an idea of situations when they might use an option, I can't really think of one that is interesting - its the kind of thing an admin will use because they know they need it.

[LK4D4]

Okay, now we have bunch of lgtms here :) We need the one who brave enough to merge it or close it forever. ping @crosbymichael

[ghost]

@LK4D4 Docs mostly LGTM. However, I find "[..] nested in bridge subnet" to be bit confusing.
Do you think there can be another way to put it so it becomes simpler and easier to understand?

[LK4D4]

hmmm, "must be subset of bridge IP range"? I'm not very good at English still, so almost any english sentence is equally cryptic for me :)

[DwayneBull]

"must be subset of bridge IP range" sounds fine.

[md5]

May I humbly suggest: "IPv4 range for fixed IPs (ex: 10.20.0.0/16); this range must be a subset of the bridge IP range"

[SvenDowideit]

@LK4D4 use @md5 's text - its good, and we can re-write it later if needed

[crosbymichael]

I don't have time to test right now but if someone else reviews and tests I'm good with this

[jessfraz]

maybe @tiborvass or @unclejack tomorrow?

[LK4D4]

Fixed article text.

[unclejack]

LGTM

The docs need to be approved as well. Please don't merge until @fredlf @jamtur01 and @ostezer have approved the docs and the help text.

[LK4D4]

pint @fredlf @ostezer
Guys, review docs pls.

[fredlf]

It's not clear to me what the pronoun "it" is referring to. The bridge? docker0? Might help to break it into two sentences and get rid of the pronoun.

[LK4D4]

I'm actually don't follow. docker0 and "it" are in different sentences and docker0 and bridge are synonyms anyway. Could you provide exact text for me?

[LK4D4]

@fredlf Thanks for review. Could you help me with that big sentence about MTU? I'm not very experienced English language user :/

[SvenDowideit]

how about something like

The host machine can both receive and send packets to
containers connected to the bridge.
 The *maximum transmission unit* (MTU) or largest packet length that the interface will
allow will be copied from the Docker host's default route interface.

I've ignored the 1500 bytes - do we need it?

[fredlf]

LGTM. We'll fix the docs later.

[LK4D4]

ping @unclejack
can we merge this now?

[DwayneBull]

Will this fix docker changing the container ip on container or deamon restart?

[LK4D4]

@DwayneBull Nope

[DwayneBull]

@LK4D4 I assume you could get round it with something like --fixed-cidr="172.168.0.1/32"

[LK4D4]

@DwayneBull Problem that this is daemon-wide option. There is another PR for per-container IP control.

[unclejack]

@jamtur01 Is it OK if we merge this PR with the current docs?

[jamtur01]

LGTM