integration: drop Force flag on docker network disconnect

Force-disconnect leaves stale routes in the container's network namespace: libnetwork removes the host-side veth but the namespace-internal route survives. The next ConnectNetwork on the same network then fails with "cannot program address X/16 in sandbox interface because it conflicts with existing route", and the route never resolves on its own. Bounded retry around ConnectNetwork exhausts MaxElapsedTime instead of recovering. Without Force, libnetwork drains the namespace routes synchronously during disconnect and ConnectNetwork sees a clean slate. Cable-pull semantic is preserved: docker still tears down the endpoint at the namespace level, leaving in-flight TCP half-open inside the container's view, verified via paired probe-timeout pairs in HA prober logs while both routers are physically disconnected. Fixes #3234
2026-05-05 03:56:10 +02:00 · 2026-04-30 09:01:46 +00:00 · 2026-04-30 09:01:46 +00:00 · ecaf56e0a0
commit ecaf56e0a0
parent 94ec607bca
1 changed files with 0 additions and 1 deletions
--- a/integration/dockertestutil/network.go
+++ b/integration/dockertestutil/network.go
@ -132,7 +132,6 @@ func DisconnectContainerFromNetwork(
 	return retryDockerOp(context.Background(), func() error {
 		return pool.Client.DisconnectNetwork(network.Network.ID, docker.NetworkConnectionOptions{
 			Container: containers[0].ID,
-			Force:     true,
 		})
 	})
 }