The macvlan network driver to assign a MAC address to each container’s virtual network interface, making it appear to be a physical network interface directly connected to the physical network.
1. Enable "promiscuous mode" on the physical interface which can be assigned multiple MAC addresses.
peter@host1:~$ sudo ip link set ens3 promisc on peter@host1:~$ peter@host1:~$ ip link show ens3 2: ens3:mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 52:54:00:63:cc:02 brd ff:ff:ff:ff:ff:ff peter@host1:~$ peter@host2:~$ sudo ip link set ens3 promisc on peter@host2:~$ peter@host2:~$ ip link show ens3 2: ens3: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 52:54:00:38:4a:91 brd ff:ff:ff:ff:ff:ff peter@host2:~$
2. Creating a macvlan network (Bridge mode)
[peter@peter-KVM ~ [host1]]$ docker network create -d macvlan \ > --subnet=172.16.86.0/24 \ > --gateway=172.16.86.1 \ > -o parent=ens3 mac_net01 35c230c27f21914568318cd67d821706c63ced98f6e2b9a78dbcd4cb39646688 [peter@peter-KVM ~ [host1]]$ [peter@peter-KVM ~ [host1]]$ eval eval $(docker-machine env host2) [peter@peter-KVM ~ [host2]]$ [peter@peter-KVM ~ [host2]]$ docker network create -d macvlan \ > --subnet=172.16.86.0/24 \ > --gateway=172.16.86.1 \ > -o parent=ens3 mac_net01 2fbc0f619dde003f25769eeb049ec47516bcc0a71a4ab9d197ec588313e5ab92 [peter@peter-KVM ~ [host2]]$
3. Creating bbox1 in host1 and bbox2 in host2. bbox1 and bbox2 both are in the mac_net01.
[peter@peter-KVM ~ [host1]]$ docker run -itd --name bbox1 --ip=172.16.86.10 --network mac_net01 busybox 2385aa3812691b9f58b4cd648be01b07cb3f41dede7ecd25ffbfa8d790aeb526 [peter@peter-KVM ~ [host1]]$ [peter@peter-KVM ~ [host2]]$ docker run -itd --name bbox2 --ip=172.16.86.11 --network mac_net01 busybox 419bf4360454cc75e394a544f46a2e24a5637f5c2895a1bb8d548810e737a73b [peter@peter-KVM ~ [host2]]$
4. Verify. bbox1 (172.16.86.10) can ping bbox2 (172.16.86.11), but cannot ping hostname.
[peter@peter-KVM ~ [host2]]$ docker exec bbox2 ping -c 2 172.16.86.10 PING 172.16.86.10 (172.16.86.10): 56 data bytes 64 bytes from 172.16.86.10: seq=0 ttl=64 time=0.843 ms 64 bytes from 172.16.86.10: seq=1 ttl=64 time=0.466 ms --- 172.16.86.10 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.466/0.654/0.843 ms [peter@peter-KVM ~ [host2]]$ [peter@peter-KVM ~ [host2]]$ docker exec bbox2 ping -c 2 bbox1 ping: bad address 'bbox1' [peter@peter-KVM ~ [host2]]$ [peter@peter-KVM ~ [host2]]$ docker exec bbox2 ip link 1: lo:mtu 65536 qdisc noqueue qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 12: eth0@if2: mtu 1500 qdisc noqueue link/ether 02:42:ac:10:56:0b brd ff:ff:ff:ff:ff:ff [peter@peter-KVM ~ [host2]]$
5. Creating a macvlan network (802.1q trunk bridge mode)
[peter@peter-KVM ~ [host1]]$ docker network create -d macvlan \ > --subnet=172.16.10.0/24 \ > --gateway=172.16.10.1 \ > -o parent=ens3.10 mac_net10 987e2a5e464f7eac1cd6ef68f194af31a9486e9b2849ee47284bd2f9a4441f76 [peter@peter-KVM ~ [host1]]$ [peter@peter-KVM ~ [host1]]$ docker network create -d macvlan \ > --subnet=172.16.20.0/24 \ > --gateway=172.16.20.1 \ > -o parent=ens3.20 mac_net20 d952154e6ad4ac6fa1a2a40a75cfd97ba0b618e6c5f8cd253b1363ddaabc3344 [peter@peter-KVM ~ [host2]]$ docker network create -d macvlan \ > --subnet=172.16.10.0/24 \ > --gateway=172.16.10.1 \ > -o parent=ens3.10 mac_net10 9d012a86963d64d59e30fa3d46f382b377adcd64b8ab5447b586170956f2033f [peter@peter-KVM ~ [host2]]$ [peter@peter-KVM ~ [host2]]$ docker network create -d macvlan \ > --subnet=172.16.20.0/24 \ > --gateway=172.16.20.1 \ > -o parent=ens3.20 mac_net20 43066026861dedb0ccca126cb393159f30e4255c8de7a826478e781d3875849e [peter@peter-KVM ~ [host2]]$
6. In host1, crateing bbox11 in the mac_net10. bbox21 in the mac_net20. In host2, crateing bbox12 in the mac_net10. bbox22 in the mac_net20.
[peter@peter-KVM ~ [host1]]$ docker run -itd --name bbox11 --ip=172.16.10.10 --network mac_net10 busybox 763452dea2bbe38815f03123af7741e915d9bcc53482babc44a93f00e8c8858c [peter@peter-KVM ~ [host1]]$ [peter@peter-KVM ~ [host1]]$ docker run -itd --name bbox21 --ip=172.16.20.10 --network mac_net20 busybox a0d19586bce3a0bcb7aae994e3f4d02d9d1440559b68ebe04bad4ab3c2b479f6 [peter@peter-KVM ~ [host1]]$ [peter@peter-KVM ~ [host2]]$ docker run -itd --name bbox12 --ip=172.16.10.12 --network mac_net10 busybox 68778ee57b70d41981e80ec0eab328a60dbe35f95288740bf9e9f6858821a097 [peter@peter-KVM ~ [host2]]$ [peter@peter-KVM ~ [host2]]$ docker run -itd --name bbox22 --ip=172.16.20.22 --network mac_net20 busybox 4ee35b70f6521cbc273290e82dd730dc3cd3c026b6b51c3acaa3e226d2c71b25 [peter@peter-KVM ~ [host2]]$
7. Verify. bbox12 (172.16.10.12) can ping bbox11 (172.16.10.10) but cannot ping hostname.
bbox22 (172.16.20.22) can ping bbox21 (172.16.20.10) but cannot ping hostname.
[peter@peter-KVM ~ [host2]]$ docker exec bbox12 ping -c 2 172.16.10.10 PING 172.16.10.10 (172.16.10.10): 56 data bytes 64 bytes from 172.16.10.10: seq=0 ttl=64 time=2.755 ms 64 bytes from 172.16.10.10: seq=1 ttl=64 time=0.474 ms --- 172.16.10.10 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.474/1.614/2.755 ms [peter@peter-KVM ~ [host2]]$ [peter@peter-KVM ~ [host2]]$ docker exec bbox12 ping -c 2 bbox11 ping: bad address 'bbox11' [peter@peter-KVM ~ [host2]]$ [peter@peter-KVM ~ [host2]]$ docker exec bbox22 ping -c 2 172.16.20.10 PING 172.16.20.10 (172.16.20.10): 56 data bytes 64 bytes from 172.16.20.10: seq=0 ttl=64 time=1.830 ms 64 bytes from 172.16.20.10: seq=1 ttl=64 time=0.510 ms --- 172.16.20.10 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.510/1.170/1.830 ms [peter@peter-KVM ~ [host2]]$ [peter@peter-KVM ~ [host2]]$ docker exec bbox22 ping -c 2 bbox21 ping: bad address 'bbox21' [peter@peter-KVM ~ [host2]]$
Reference:
1. Use macvlan networks
https://docs.docker.com/network/macvlan/
最初發表 / 最後更新: 2019.06.18 / 2019.06.18
0 comments:
張貼留言