meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
linux:docker [2019/01/29 12:19] – [Network] niziaklinux:docker [2019/03/28 09:19] – [Linux Kernel drivers] niziak
Line 136: Line 136:
       * Many NICs have a limit on the number of MAC addresses they support in hardware. Exceeding the limit may affect the performance.       * Many NICs have a limit on the number of MAC addresses they support in hardware. Exceeding the limit may affect the performance.
       * IEEE 802.11 doesn’t like multiple MAC addresses on a single client. It is likely macvlan sub-interfaces will be blocked by your wireless interface driver, AP or both       * IEEE 802.11 doesn’t like multiple MAC addresses on a single client. It is likely macvlan sub-interfaces will be blocked by your wireless interface driver, AP or both
 +      * **Note**: Linux Macvlan interface types are not able to ping or communicate with the default namespace IP address. For example, if you create a container and try to ping the Docker host's eth0 it will not work. That traffic is explicitly filtered by the kernel to offer additional provider isolation and security. This is a common gotcha when a user first uses those Linux interface types since it is natural to ping local addresses when testing.
 +
   * **ipvlan** - [[https://www.kernel.org/doc/Documentation/networking/ipvlan.txt|ipvlan.txt]] similar to macvlan, but endpoints have the same MAC address. Ipvlan has two modes of operation. Only one of the two modes can be selected on a single parent interface. All sub-interfaces operate in the selected mode:   * **ipvlan** - [[https://www.kernel.org/doc/Documentation/networking/ipvlan.txt|ipvlan.txt]] similar to macvlan, but endpoints have the same MAC address. Ipvlan has two modes of operation. Only one of the two modes can be selected on a single parent interface. All sub-interfaces operate in the selected mode:
     * **L2** - bridge mode (requires external router if endpoints are in different networks)     * **L2** - bridge mode (requires external router if endpoints are in different networks)
Line 146: Line 148:
  
  
 +==== macvlan ====
 +
 +There can be only one macvlan network with the same subnet and gateway. So better is to create network manually:
 +<code bash>
 +docker network create --driver=macvlan \
 +-o parent="br0" \
 +--subnet="192.168.0.0/22" \
 +--gateway="192.168.0.1" \
 +${NETWORK_NAME}
 +</code>
 +
 +and then attach containers to existing network:
 +<file yaml docker-compose.yml>
 +version: '2'
 +
 +services:
 +  myservice:
 +    networks:
 +      lan:
 +         ipv4_address: "192.168.0.241"
 +
 +networks:
 +   lan:
 +        external:
 +            name: real_lan
 +</file> 
 +
 +or
 +<code bash>docker network connect --ip="192.168.0.241" real_lan myservice</code>
  
 ====== data persistence in swarm ====== ====== data persistence in swarm ======