[Docker] Macvlan best Combat

Last Update:2017-12-19 Source: Internet

Author: User

Tags docker run aliyun

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Comparison of Macvlan and Ipvlan

Http://hicu.be/macvlan-vs-ipvlan

Macvlan

Ipvlan

Reference:
https://yq.aliyun.com/articles/192998

Http://hicu.be/docker-networking-macvlan-bridge-mode-configuration

https://sreeninet.wordpress.com/2016/05/29/docker-macvlan-and-ipvlan-network-plugins/

Echo 1 >/proc/sys/net/ipv4/ip_forward-Create Macvlan Network Docker networks create-d Macvlan--subnet=192.168.14.0/24-- Gateway=192.168.14.2-o parent=eth0 Mac_net1 Docker run-itd--name B1--ip=192.168.14.11--network mac_net1 Busybo Xdocker run-itd--name B2--ip=192.168.14.12--network mac_net1 busybox-b2 ping B1 (extranet) is through $ docker exec B2 Ping 192.168 .14.11PING 192.168.14.11 (192.168.14.11): Data bytes64 bytes from 192.168.14.11:seq=0 ttl=64 time=0.062 ms-b2 Ping Host  Machine IP, not through $ docker exec B2 Ping 192.168.14.133^c-not created new bridge [[email protected] ~]# brctl Showbridge name Bridge ID STP Enabled INTERFACESDOCKER0 8000.024243c0f3d5 no-mac address and IP are different $ docker exec b1 IP a39: [email protected]: <b    Roadcast,multicast,up,lower_up,m-down> MTU Qdisc noqueue link/ether 02:42:c0:a8:0e:0b BRD ff:ff:ff:ff:ff:ff inet 192.168.14.11/24 Scope Global eth0 Valid_lft forever Preferred_lft forever $ docker exec B2 IP A40: [EMA Il protected]: <Broadcast,multicast,up,lower_up,m-down> MTU Qdisc noqueue link/ether 02:42:c0:a8:0e:0c BRD ff:ff:ff:ff:ff:ff inet 192.168.14.12/24 Scope Global eth0 Valid_lft forever preferred_lft Forever $ IP link Show Eth02:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU Qdisc Pfifo_fast State up mode DEFAULT Qlen link/ether 00:50:56:3 3:13:B6 BRD FF:FF:FF:FF:FF:FF

Access:
Reference: Http://hicu.be/docker-networking-macvlan-bridge-mode-configuration

Summarize

The interface of the container is directly connected to the host's Nic, which makes it possible for the container to communicate directly with the external network without the need for NAT and port mapping (as long as there is a gateway), without distinction on the network with other independent hosts.

Here's a hairpin mode, compared to bridge

Reference: Http://cizixs.com/2017/02/14/network-virtualization-macvlan

Macvaln Several modes, generally we use bridge to connect.
Https://hicu.be/bridge-vs-macvlan

Bridge

Vepa (Virtual Ethernet Port aggregator) mode: The switch that requires a primary interface connection supports the VEPA/802.1QBG feature. All messages sent out will go through the switch, the switch is sent to the corresponding destination address (even if the destination address is the other Macvlan interface on the host), that is, hairpin mode, this mode used in the interactive machine needs to do filtering, statistics and other functions of the scene.

Macvlan 802.1q Trunk Bridge Mode Use example

Reference: https://yq.aliyun.com/articles/192998

docker network  create  -d macvlan     --subnet=192.168.14.0/24     --gateway=192.168.14.1     -o parent=eth0.50 macvlan50docker rm -fv b1 b2docker run --net=macvlan50 -itd --name b1 busyboxdocker run --net=macvlan50 -itd --name b2 busyboxdocker network  create  -d macvlan     --subnet=192.168.15.0/24     --gateway=192.168.15.1     -o parent=eth0.60 macvlan60docker rm -fv b3 b4docker run --net=macvlan60 -itd --name b3 busyboxdocker run --net=macvlan60 -itd --name b4 busybox

Macvlan 802.1q trunking for multiple subnets

docker network create -d ipvlan     --subnet=192.168.210.0/24     --subnet=192.168.212.0/24     --gateway=192.168.210.254      --gateway=192.168.212.254       -o ipvlan_mode=l2 ipvlan210     # 测试 192.168.210.0/24 容器间连接性docker run --net=ipvlan210 --ip=192.168.210.10 -itd alpine /bin/shdocker run --net=ipvlan210 --ip=192.168.210.9 -it --rm alpine ping -c 2 192.168.210.10# 测试 192.168.212.0/24 容器间连接性docker run --net=ipvlan210 --ip=192.168.212.10 -itd alpine /bin/shdocker run --net=ipvlan210 --ip=192.168.212.9 -it --rm alpine ping -c 2 192.168.212.10

To create a Macvlan network with multiple sub-network segments

docker network  create  -d macvlan     --subnet=192.168.216.0/24      --gateway=192.168.216.1      --subnet=192.168.218.0/24     --gateway=192.168.218.1      -o parent=eth0.218      -o macvlan_mode=bridge macvlan216# 在第一个192.168.216.0/24网段创建一个容器docker run --net=macvlan216 --name=macnet216_test --ip=192.168.216.10 -itd busybox# 在第二个192.168.218.0/24网段创建容器docker run --net=macvlan216 --name=macnet218_test --ip=192.168.218.10 -itd busybox# 通过192.168.216.0/24的网段的容器Ping 在192.168.216.0/24网段中的第一个容器docker run --net=macvlan216 --ip=192.168.216.11 -it --rm busyboxping 192.168.216.10# 通过192.168.218.0/24的网段的容器Ping 在192.168.218.0/24网段中的第一个容器docker run --net=macvlan216 --ip=192.168.218.11 -it --rm busyboxping 192.168.218.10

[Docker] Macvlan best Combat

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More