Why is a physical interface not part of the docker_gwbridge?

by sbrattla   Last Updated January 08, 2018 14:00 PM

When I look at the docker_gwbridge, I see that all containers on that host are members of the bridge.

bridge name         bridge id           STP enabled  interfaces
docker_gwbridge     8000.0242e581b3f5   no           veth0987748
                                                     veth21aa5ea
                                                     veth358d367
                                                     veth473e3a5
                                                     vetha199713
                                                     vethf482f5f
                                                     vethf4ceab6

However, how can it be that a physical interface on the host is not a member of that bridge? The documentation describes this network as the egress bridge for traffic leaving a Docker swarm cluster. That is, traffic which most likely will leave the host. What mechanism is ensuring that packets entering the docker_gwbridge (from any given container) eventually leaves the host on a physical interface when no physical interface takes part in the bridge?



Related Questions


docker stack network issue

Updated September 11, 2017 12:00 PM

Browser services' container in Docker Swarm mode

Updated April 26, 2017 08:00 AM



Preventing against a DDoS attack of a load balancer

Updated September 28, 2017 17:00 PM