Why is a physical interface not part of the docker_gwbridge?

by sbrattla   Last Updated January 08, 2018 14:00 PM

When I look at the docker_gwbridge, I see that all containers on that host are members of the bridge.

bridge name         bridge id           STP enabled  interfaces
docker_gwbridge     8000.0242e581b3f5   no           veth0987748

However, how can it be that a physical interface on the host is not a member of that bridge? The documentation describes this network as the egress bridge for traffic leaving a Docker swarm cluster. That is, traffic which most likely will leave the host. What mechanism is ensuring that packets entering the docker_gwbridge (from any given container) eventually leaves the host on a physical interface when no physical interface takes part in the bridge?

