Run OpenThread Border Router in Docker container on custom network

Cilenco
December 12, 2023
203 views
1 vote
2 Answers

I’m trying to setup an OpenThread Border Router (OTBR) on my Raspberry Pi. When running OTBR in a docker container as suggested in the official guide apps like Google Home or other cannot connect to it.

When starting the docker container with:

docker run --sysctl "net.ipv6.conf.all.disable_ipv6=0 net.ipv4.conf.all.forwarding=1 net.ipv6.conf.all.forwarding=1" -p 8080:80 --dns=127.0.0.1 -it --volume /dev/ttyACM0:/dev/ttyACM0 --privileged openthread/otbr --radio-url spinel+hdlc+uart:///dev/ttyACM0

no apps can connect to the border router. However if I execute these command beforehand on the host:

sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0
sudo sysctl -w net.ipv4.conf.all.forwarding=1 
sudo sysctl -w net.ipv6.conf.all.forwarding=1

and then start the container like this

docker run --net=host --dns=127.0.0.1 -it --volume /dev/ttyACM0:/dev/ttyACM0 --privileged openthread/otbr --radio-url spinel+hdlc+uart:///dev/ttyACM0

everything works as expected and apps can connect to the border router. Because I already have a container using port 80 on my host machine I would like to use a custom docker network. I’m not quite sure how to do that as the Thread communication requires at least IPv6 and also UDP packets for the DNS discovery. Do you have any ideas for this?

Answers

- NeoMn
- December 12, 2023 at 10:25 am
- 0 votes
0
maybe you can use a gateway like nginx so you can have as many container as you want listening on port 80 at the same time, for example imagine a server that has multiple website, all of them listening of port 80 and 443 at the same time, actually nginx as a gateway listen on 80 and 443 and based on the request url, passes the request to the correct webapp, in a local machine you can modify /etc/hosts and add your custom hostnames and do a similar trick,so:

set hostname for your containers , map that host names to containers ip addresses in the /etc/hosts, and setup nginx

Login or Signup to reply.

- VonC
- December 12, 2023 at 9:56 pm
- 0 votes
0
The OpenThread Border Router replies on IPv6.

Running the container with --net=host solves the connectivity problem. This mode makes the container use the host’s network stack, which implies that the host is correctly configured for IPv6.
The challenge, then, is to replicate this IPv6 functionality in a non-host network mode, which is crucial for the OP’s requirement to avoid port conflicts.

So instead of using Nginx as a reverse proxy to handle port conflicts when multiple containers need to listen on the same ports (like 80 and 443), you can try and address the requirements of setting up OTBR in Docker, focusing on IPv6 networking.

Try and create a Docker network that supports IPv6, as OTBR requires IPv6 for proper functionality:
```
docker network create --ipv6 --subnet fd12:3456:789a::/64 my_custom_network
```
Then launch the OTBR container on your custom network, ensuring IPv6 settings are correct and forwarding the necessary ports. Replace 8080 with an unused port if 80 is occupied:
```
docker run --network my_custom_network 
            --sysctl "net.ipv6.conf.all.disable_ipv6=0 net.ipv4.conf.all.forwarding=1 net.ipv6.conf.all.forwarding=1" 
            -p 8080:80 --dns=127.0.0.1 -it 
            --volume /dev/ttyACM0:/dev/ttyACM0 --privileged 
            openthread/otbr --radio-url spinel+hdlc+uart:///dev/ttyACM0
```
Make sure the Raspberry Pi’s firewall and routing settings permit IPv6 traffic and the forwarding of the necessary ports.

And double-check the DNS server on your Raspberry Pi is configured to handle requests from the container, especially when using --dns=127.0.0.1.
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.