Skip to main content

Docker Linux network topology using route tables and arp [Resolved]

I'm working with a network of docker containers. C1's routing table is below, it's default gateway is the docker bridge. It's eth1 interface is connected to eth2 in C2 and it routes all destinations with a prefix of 192.1 to eth2 in C2.

enter image description here

Dest          Gateway       Genmask          Iface
default          eth0      eth1

C2's routing table is below. It is connected to C3 between eth3 on C2 and eth4 on C3.

Dest          Gateway       Genmask          Iface     eth3

I'm able to ping C2 from C1 using ping, however I cannot ping C3 from C1 using ping When I try to ping C3, C1 sends out an ARP query looking for C3's Mac address which is only received by C2, and fails. I can make the ping to C3 succeed if I manually update C1's ARP table and give it the Mac address of eth2 in C2 for

I believe I could also make this work by modifying C1's route table so it is on a different subnet then C3 and uses C2 as its default gateway. This way it wants the MAC address of C2 to ping C3.

Dest          Gateway       Genmask          Iface
default          eth1    eth1

However I've been lead to believe that it should be possible to ping C3 from C1 by only modifying C2's route table. Is this possible?

Question Credit: gary69
Question Reference
Asked July 18, 2019
Posted Under: Network
1 Answers

You can achieve it with proxy-arp functionality. When the proxy-arp is enabled on C2, it will answer the ARP requests with own MAC address in the ARP Reply. This is what you want.

To enable the proxy arp on eth0 interface of C2, you need run

sysctl -w net.ipv4.conf.eth2.proxy_arp=1

To enable on all interfaces run:

sysctl -w net.ipv4.conf.all.proxy_arp=1

To make this change permanent, you should edit the sysctl settings file.

credit: Anton Danilov
Answered July 18, 2019
Your Answer