0

Using https://lab4me.xyz/books/linux/page/how-to-create-and-use-macvlan-network-in-docker, I create a Docker macvlan network:

### create mac-vlan network docker network create \ -d macvlan \ --subnet=192.168.123.0/24 \ --gateway=192.168.123.1 \ -o parent=enp0s31f6 \ demo-macvlan-net

and start a container on that network:

docker run --rm -itd \ --name alp1 \ --network=demo-macvlan-net \ --ip=192.168.123.111 \ alpine:latest \ /bin/sh

All works fine, but as it says, we can't communicate from the Docker host to the container (though we can reach the container from anywhere else on the 192.168.123.0/24 subnet).

You can enable communication from the host via:

sudo ip link add mycool-net link enp0s31f6 type macvlan mode bridge sudo ip addr add 192.168.123.50/32 dev mycool-net sudo ip link set mycool-net up sudo ip route add 192.168.123.0/24 dev mycool-net

(Actually, you can use sudo ip route add 192.168.123.111/32 dev mycool-net instead of the last command)

My most recent attempt using nmcli was:

nmcli connection add type macvlan ifname test mode bridge dev enp0s31f6 -- +ipv4.method manual ipv4.addresses 192.168.123.111 ipv4.gateway 192.168.123.1

which gives me an ip route of:

192.168.2.1 dev test proto static scope link metric 411

So, via the gateway, not the container's IP. If I don't specify the gateway, no route is created at all.

How can I create this macvlan in NetworkManager? Essentially, I need those last ip commands using nmcli (to make it possible to just activate a saved NM connection whenever I need it).

Improve this question
6
  • 1
    You should really have 192.168.123.50/24 as the ipv4.addresses (or, whatever address and prefix length that was configured on enp0s31f6), and make Network Manager not configure anything on enp0s31f6. Commented Oct 4 at 2:34
  • @TomYan Explain, please? One of us doesn't understand, and it's entirely possible that it's me. Tbh, I don't even understand why that sequence of ip commands works, because the macvlan bridge doesn't even reference the docker container's network! I want to use NetworkManager because ip link is not persisted. This method is the only one I've found to work, and it absolutely must be possible to duplicate it with nmcli. I could certainly just write a script to do the ip commands whenever I needed it, but that's far too easy! Commented Oct 4 at 15:23
  • Bridge-mode MACVLANs attached to the same "link" (such as enp0s31f6) are like bridge ports (that belong to the same bridge), that's why adding a MACVLAN to the "host side" ("default" network namespace) allows the host-container communication. And if you have a MACVLAN on the host side, you can/should just configure it as if it is its "link" (enp0s31f6), and leave the latter unconfigured (but only brought up). Commented Oct 4 at 15:36
  • When you only have the link on the host side, traffics from other network namespaces (that has one of the link's MACVLANs) will only "go out" to the network via the link. (Probably traffics from the host side will only do that as well in that case.) Therefore, while the other network namespaces can reach each other and other hosts in the network, they cannot reach the "host side", and the "host side" can only reach the other hosts in the network, but not any of the other network namespaces, whereas traffics from the other hosts can go to all of them. Commented Oct 4 at 15:46
  • I guess you can think of it as digging a hole that leads to the other MACVLANs (of the same link), and that hole can also lead to the "external sub-segment" attached to the link, just like the link interface itself, so you can/should configure IP on that hole. Commented Oct 4 at 15:59

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.