Networking using a macvlan network (original) (raw)

This series of tutorials deals with networking standalone containers which connect to macvlan networks. In this type of network, the Docker host accepts requests for multiple MAC addresses at its IP address, and routes those requests to the appropriate container. For other networking topics, see theoverview.

The goal of these tutorials is to set up a bridged macvlan network and attach a container to it, then set up an 802.1Q trunked macvlan network and attach a container to it.

• Most cloud providers block macvlan networking. You may need physical access to your networking equipment.
• The macvlan networking driver only works on Linux hosts, and is not supported on Docker Desktop or Docker Engine on Windows.
• You need at least version 3.9 of the Linux kernel, and version 4.0 or higher is recommended.
• The examples assume your ethernet interface is eth0. If your device has a different name, use that instead.
• The macvlan driver is not supported in rootless mode.

In the simple bridge example, your traffic flows through eth0 and Docker routes traffic to your container using its MAC address. To network devices on your network, your container appears to be physically attached to the network.

1. Create a macvlan network called my-macvlan-net. Modify the subnet, gateway, and parent values to values that make sense in your environment.
   You can use docker network ls and docker network inspect my-macvlan-netcommands to verify that the network exists and is a macvlan network.
2. Start an alpine container and attach it to the my-macvlan-net network. The-dit flags start the container in the background but allow you to attach to it. The --rm flag means the container is removed when it is stopped.
3. Inspect the my-macvlan-alpine container and notice the MacAddress key within the Networks key:
4. Check out how the container sees its own network interfaces by running a couple of docker exec commands.
5. Stop the container (Docker removes it because of the --rm flag), and remove the network.

In the 802.1Q trunked bridge example, your traffic flows through a sub-interface of eth0 (called eth0.10) and Docker routes traffic to your container using its MAC address. To network devices on your network, your container appears to be physically attached to the network.

1. Create a macvlan network called my-8021q-macvlan-net. Modify thesubnet, gateway, and parent values to values that make sense in your environment.
   You can use docker network ls and docker network inspect my-8021q-macvlan-netcommands to verify that the network exists, is a macvlan network, and has parent eth0.10. You can use ip addr show on the Docker host to verify that the interface eth0.10 exists and has a separate IP address
2. Start an alpine container and attach it to the my-8021q-macvlan-netnetwork. The -dit flags start the container in the background but allow you to attach to it. The --rm flag means the container is removed when it is stopped.
3. Inspect the my-second-macvlan-alpine container and notice the MacAddresskey within the Networks key:
4. Check out how the container sees its own network interfaces by running a couple of docker exec commands.
5. Stop the container (Docker removes it because of the --rm flag), and remove the network.

• Standalone networking tutorial
• Overlay networking tutorial
• Host networking tutorial