Docker starting from Zero Network (vi) Macvlan

using the Macvlan network

Estimated reading time: 3 minutes

Some applications, especially legacy applications or applications that monitor network traffic, want to connect directly to the physical network. In this case, you can use a macvlan network driver to assign a MAC address to each container's virtual network interface so that it looks like a physical network interface that is directly connected to the physical network. In this case, you need to specify a physical interface on the Docker host for Macvlan, as well as Macvlan subnets and gateways. You can even isolate the Macvlan network with different physical network interfaces. Please keep in mind the following items:

• Because of the exhaustion of IP addresses or "VLAN propagation", it is easy to inadvertently damage your network, in which case there are a number of different unique MAC addresses in your network.
• Your network device needs to be able to handle "promiscuous mode," where one physical interface can allocate multiple MAC addresses.
• If your application can use a bridge (on a single Docker host) or an overlay (to communicate across multiple Docker hosts), these solutions may be better in the long run.

Create a Macvlan network

When you create a Macvlan network, it can be in bridge mode or 802.1q Trunk bridge mode.

• In bridged mode, the Macvlan traffic passes through the physical devices on the host.

• in 802.1q trunk bridging mode, traffic is created by Docker in the 802.1q sub-interface that is running. This allows you to control routing and filtering at a finer level of granularity.

Bridging Mode

to create a Macvlan network bridged with a given physical network interface, use the --driver macvlan the docker network create command. You also need to specify that parent This is the interface that traffic will actually pass on the Docker host. The network name is Pub_net

[email protected] ~]# Docker network create-d macvlan--subnet=172.16. 86.0/ --gateway=172.16. 86.1 -o parent=eth0 pub_net7479d90651e92d8971916e678dceaad5c6deb845b7af30802b028afa022c98d0

If you need to exclude IP addresses that are used in the Macvlan network, such as when a given IP address is used, use the --aux-addresses :

$ docker Network Create-D macvlan    --subnet=192.168.  32.0/    --ip-range=192.168.  32.128/   --gateway=192.168.  32.254 --aux-address= "my-router=192.168.32.129"         -o parent=eth0 macnet32

192.168.32.128/25 means that the address range from 192.168.32.128 255.255.255.128 Network name is Macnet32

802.1q trunk Bridging mode

If you specify parent the interface name that contains the point, for example eth0.50 , Docker interprets it as a sub-interface eth0 and automatically creates sub-interfaces.

[email protected] ~]# Docker network create-d macvlan \
--subnet=192.168. 50.0/24 \
--gateway=192.168. 50.1 \
-O parent=eth0.  - MACVLAN50CD6369CC9F81CA163F1FCD6B7F36DB61276F0F750133E0F8812CE56697874CDC

use Ipvlan instead of Macvlan

In The example above, you are still using the L3 bridge. You can use ipvlan and then get the L2 bridge. specified -o ipvlan_mode=l2 .

use Ipvlan instead of Macvlan

In The example above, you are still using the L3 bridge. You can use ipvlan and then get the L2 bridge. specified -o ipvlan_mode=l2 . Need to download third-party plugins

$ docker Network Create-D ipvlan     --subnet=192.168.  210.0/     --subnet=192.168.  212.0/     --gateway=192.168.  210.254      --gateway=192.168.  212.254-o ipvlan_mode=l2       ipvlan210

using IPv6

If you have The Docker daemon is configured to allow IPv6, and you can use a dual-stack Ipv4/ipv6 Macvlan network.

[email protected] ~]# Docker network create-d macvlan \
>--subnet=192.168.216.0/24--subnet=192.168.218.0/24 \
>--gateway=192.168.216.1--gateway=192.168.218.1 \
>--SUBNET=2001:DB8:ABC8::/64--gateway=2001:db8:abc8::10 \
> o parent=eth0.218 \
>-O macvlan_mode=bridge macvlan216
65a2dc885f5dd2778089ba636a2dc1050331a4f83f2b2ff3f509e6df5b348a3d

Docker starting from Zero Network (vi) Macvlan