Bridging networks for containers using Docker's Macvlan

For friends who know about the Docker container network, I think the network of virtual machines is not unfamiliar, after all, we are the people who follow this era to learn and progress together. Compared to Vm,docker's network is gradually maturing, this article mainly for the Macvlan to do a simple introduction.

Why Macvlan?

First we compare the VMS and the different networks in Docker, which is quite clear.

Vm	Docker
Nat	Bridge
Bridged	Macvlan, overlay, etc.
Host-only	Bridge

Nat

The NAT in the VM corresponds to the bridge in Docker, although called Bridge, but unlike the VM's bridged network, the principle is to virtual a NIC Bridge0 on the host, and then all the containers will be bridged on the network segment of the NIC. By default, the container can access the external network, but the external network cannot access the container, so the external network is required to access the service within the container by exposing the container port (Docker run-p). Docker then establishes a NAT routing rule on the host that exposes the services in the container in the subnet to the external network through port forwarding (ports forwarding). When the bridge network does not expose any ports, it is basically equivalent to the VM's Host-only network.

Bridged

The benefit of bridging the network is that it does not require a NAT port mapping to expose the service in the container, and when the container is bridged to the physical network, the container is a host in the physical network, enabling interoperability between containers and the physical host. As mentioned above, the default bridge in Docker is not a true bridging network, and Docker's network can be flexibly customized to achieve true bridging in a number of ways. It can be implemented by overlay network driver, multi-host multi-container bridging, but need to rely on additional key-value services to save network topology information. Other third-party tools also enable bridging modes, such as pipework. Bridging the network simplifies the deployment of the container network, so Docker officially introduces the Macvlan network driver after version 1.12, so that we can more easily configure the bridging network for the container.

Macvlan

As the name implies, the principle of Macvlan is to virtual on the host physical network card, multiple sub-network card, through the different MAC address in the Data link layer (the database link) for network data forwarding, it is relatively new network virtualization technology, need more new kernel support (Linux kernel v3.9–3.19 and 4.0+).

Using Macvlan

Docker Network Create-D Macvlan--subnet=192.168.1.0/ -     --gateway=192.168.1.1      -O parent=enp4s0 mcv# Explanation: #1. Create a Macvlan network and use the Macvlan Network driver #2. Specify the network address to be bridged #3. Specify Gateway #4Set up a virtual sub-network card on that NIC on the host
# test Docker Run--NET=MCV--ip=192.168.1.99-ITD alpine/bin/SH# Run the container, specify the newly built Macvlan network, and set the IP address.
# If you do not specify an IP, IP is assigned via Ipam, which is from 192 by default.168.1. 2 start distribution.
Note that the allocation does not determine the address conflict, you can use the Docker Network command to specify the allocation method, here do not repeat. Docker Run--net=mcv-it--RMalpine/bin/SH# Run Another container for connectivity testingPing 192.168.1.99Ping 192.168.1.1

In addition, Macvlan also supports more complex network topologies such as 802.1q trunking, so you can learn more.

[via] Get started with Macvlan network driver

[via] Mapping of virtual networks to real networks on Linux

Bridging networks for containers using Docker's Macvlan