nerdctl icon indicating copy to clipboard operation
nerdctl copied to clipboard
verified publisher icon containerd

Subnet intersection check is preventing legit scenarios

Open apostasie opened this issue 7 months ago • 4 comments

Description

This has been brought up in discussions:

  • #3430
  • #4082

And is also one of the issues in #4279.

In a shell:

  • this check was added in #1245 though it is no longer clear what was the motivation
  • this is preventing macvlan scenarios using the parent subnet for example
  • this is at odds with docker behavior

Part of one of the discussions https://github.com/containerd/nerdctl/discussions/3430#discussioncomment-13045708 suggests removing the check entirely.

cc @compdude22 who participated in that discussion.

Steps to reproduce the issue

Create a network which subnet is overlapping with an existing system subnet.

Describe the results you received and expected

Expect: work. Received: creation fail because subnet intersect with system subnet

What version of nerdctl are you using?

main

Are you using a variant of nerdctl? (e.g., Rancher Desktop)

None

Host information

No response

apostasie avatar May 22 '25 18:05 apostasie

I ran into FATA[0000] failed to verify networking settings: failed to create default network: subnet 10.4.0.0/24 overlaps with other one on this address space consistently. My DHCP server assigns my PC a random IPv4 address from 10.0.0.0/8. I tried to create the default network manually with a non-overlapping subnet, but nerdctl run still cannot pass the subnet intersection check.

zhangyoufu avatar May 23 '25 07:05 zhangyoufu

You can just configure the default bridge ip to whatever you need (https://github.com/containerd/nerdctl/blob/7d116bf1fd6279bb9d2c3bae03cb66967e0b2fcc/docs/config.md#properties)

Also please open a different issue with enough details about what your problem is.

I ran into FATA[0000] failed to verify networking settings: failed to create default network: subnet 10.4.0.0/24 overlaps with other one on this address space consistently.

Doing what?

My DHCP server assigns my PC a random IPv4 address from 10.0.0.0/8. I tried to create the default network manually with a non-overlapping subnet,

How?

but nerdctl run still cannot pass the subnet intersection check.

Which command?

apostasie avatar May 23 '25 15:05 apostasie 

FATA[0000] failed to verify networking settings: failed to create default network: subnet 10.4.0.0/24 overlaps with other one on this address space

ran into this while trying to set up nerdctl-in-nerdctl. Changing bridge-ip parameter in child container works.

arogozhnikov avatar Aug 26 '25 14:08 arogozhnikov

This subnet check directly causes the macvlan network to be unusable. I noticed that this issue was raised a long time ago—are there any solutions available now?

GavinTan avatar Sep 25 '25 07:09 GavinTan