When I look at the
docker_gwbridge, I see that all containers on that host are members of the bridge.
bridge name bridge id STP enabled interfaces docker_gwbridge 8000.0242e581b3f5 no veth0987748 veth21aa5ea veth358d367 veth473e3a5 vetha199713 vethf482f5f vethf4ceab6
However, how can it be that a physical interface on the host is not a member of that bridge? The documentation describes this network as the egress bridge for traffic leaving a Docker swarm cluster. That is, traffic which most likely will leave the host. What mechanism is ensuring that packets entering the
docker_gwbridge (from any given container) eventually leaves the host on a physical interface when no physical interface takes part in the bridge?