dockermacvlan

Docker macvlan: accessing a conatiner on hostA from hostB

https://docs.docker.com/network/network-tutorial-macvlan/#prerequisites

docker network create -d macvlan \
  --subnet=172.16.86.0/24 \
  --gateway=172.16.86.1 \
  -o parent=eth0 \
  my-macvlan-net

"Create a macvlan network called my-macvlan-net. Modify the subnet, gateway, and parent values to values that make sense in your environment."

I am noob when it comes to network. I have no idea what it means the values which make sense in my env

this is what i see in my host network interface, ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP qlen 1000
    link/ether 00:25:b5:66:11:31 brd ff:ff:ff:ff:ff:ff
3: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP qlen 1000
    link/ether 00:25:b5:66:11:32 brd ff:ff:ff:ff:ff:ff
4: enp12s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP qlen 1000
    link/ether 00:25:b5:66:11:33 brd ff:ff:ff:ff:ff:ff
    inet 10.60.114.101/23 brd 10.60.115.255 scope global dynamic enp12s0
       valid_lft 442187sec preferred_lft 442187sec
    inet6 fd20:8b1e:b255:8136:225:b5ff:fe66:1133/64 scope global noprefixroute dynamic
       valid_lft 2591830sec preferred_lft 604630sec
    inet6 fe80::225:b5ff:fe66:1133/64 scope link
       valid_lft forever preferred_lft forever
5: enp13s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP qlen 1000
    link/ether 00:25:b5:66:11:34 brd ff:ff:ff:ff:ff:ff
    inet 10.60.115.252/23 brd 10.60.115.255 scope global dynamic enp13s0
       valid_lft 414540sec preferred_lft 414540sec
    inet6 fd20:8b1e:b255:8136:607f:edd6:613a:41da/64 scope global noprefixroute dynamic
       valid_lft 2591830sec preferred_lft 604630sec
    inet6 fd20:8b1e:b255:8136:225:b5ff:fe66:1134/64 scope global deprecated mngtmpaddr dynamic
       valid_lft 1720109sec preferred_lft 0sec
    inet6 fe80::225:b5ff:fe66:1134/64 scope link
       valid_lft forever preferred_lft forever
6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
    link/ether 02:42:02:16:fb:be brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:2ff:fe16:fbbe/64 scope link
       valid_lft forever preferred_lft forever
11: docker_gwbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether 02:42:bb:c4:b4:18 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global docker_gwbridge
       valid_lft forever preferred_lft forever
    inet6 fe80::42:bbff:fec4:b418/64 scope link
       valid_lft forever preferred_lft forever
106: veth65ae6f8@if105: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker_gwbridge state UP 
    link/ether 52:be:7f:de:e2:11 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::50be:7fff:fede:e211/64 scope link
       valid_lft forever preferred_lft forever

How do I know which values make sense in my env?

ip route

ip route

default via 10.60.114.1 dev enp12s0 proto static metric 100 
default via 10.60.114.1 dev enp13s0 proto static metric 101 
10.60.114.0/23 dev enp12s0 proto kernel scope link src 10.60.114.101 
10.60.114.0/23 dev enp13s0 proto kernel scope link src 10.60.115.252 
10.60.114.0/23 dev enp12s0 proto kernel scope link src 10.60.114.101 metric 100 
10.60.114.0/23 dev enp13s0 proto kernel scope link src 10.60.115.252 metric 101 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
172.18.0.0/16 dev docker_gwbridge proto kernel scope link src 172.18.0.1
Solution

  • I am noob when it comes to network. I have no idea what it means the values which make sense in my env

    When you're creating a macvlan network, you are effectively making a "clone" of an existing network interface. In order for your containers to communicate on the associated network, they will generally need to be using the same ip address range and gateway used by other devices on the network.

    For example, if you were to create a macvlan network associated with enp12s0 on your system, then you would need to use the 10.60.114.0/23 network range and whatever default gateway your system is using (you don't include this information in your question so I can't suggest a specific value).

    That is (replacing the argument to --gateway with the correct value):

    docker network create -d macvlan \
  --subnet=10.60.114.0/24 \
  --gateway=10.60.114.1 \
  -o parent=enp12s0 \
  my-macvlan-net

    This by itself might not work, because it is likely that docker would assign ip addresses to containers that are already in use elsewhere on the network. You can avoid this by assigning docker a dedicated subset of addresses using the --ip-range option:

    docker network create -d macvlan \
  --subnet=10.60.114.0/24 \
  --gateway=10.60.114.1 \
  --ip-range=10.60.115.0/28 \
  -o parent=enp12s0 \
  my-macvlan-net

    This would restrict docker to addresses between 10.60.115.0 and 10.60.115.15. Whether or not this actually makes sense in your environment is something only you would know (possibly by asking your network administrator if you are not responsible for the network configuration).