Docker Networks part 2 – HOST and MACVLAN

37 Comments



MANY THANKS TO ALL MY PATRONS on https://www.patreon.com/onemarcfifty !!!

Part 2 of the Docker Networking series. The docker bridge network is fine for most tasks with docker containers. In this episode we will use Portainer again to define docker containers using the docker host network and the docker MacVLAN Network.

Breakdown of the episode:

01:26 the docker host network
03:30 Performance considerations: Host vs. bridge network
08:10 the Docker MacVlan Network

Portainer Documentation is here: https://documentation.portainer.io/v2.0/deploy/ceinstalldocker/

sudo apt install docker.io
(on a Pi it may be called docker-ce)

One liner to start portainer:

docker run -d -p 8000:8000 -p 9000:9000 –name=portainer –restart=always -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce

(In portainer, click on “Networks” on the left, you’ll see the networks)
(on the command line)

docker network ls

Commands that I use in the video:

(Pulling the image and running it)
docker run -d nginxdemos/hello

with the host network:

docker run –network host -d nginxdemos/hello

creating the macvlan network in a one-liner:

docker network create -d macvlan -o parent=eth0 myMacVlan

In order to execute shell (/bin/bash) in the container on the command line

docker exec -it CONTAINERNAME /bin/bash

Commands I type INSIDE the containers:

ip addr
ping www.google.com

apt update && apt install iperf3

# running iperf3 in server mode

iperf3 -s
# running iperf3 in client mode
iperf3 -c (serverIP) -p (portNumber)
apt update && apt install iproute2 dhcpcd5 iputils-ping

Please support me on patreon: https://www.patreon.com/onemarcfifty
My youtube channel: https://www.youtube.com/onemarcfifty
Marc on Twitter: https://twitter.com/onemarcfifty
Marc on Facebook: https://www.facebook.com/onemarcfifty/
Marc on Reddit: https://www.reddit.com/user/onemarcfifty
Chat with me on Discord: https://discord.com/invite/DXnfBUG

Licence-free music on / Lizenzfreie Musik von https://www.terrasound.de/lizenzfreie-musik-fuer-youtube-videos/Licence-free music on / Lizenzfreie Musik von https://www.terrasound.de/lizenzfreie-musik-fuer-youtube-videos/

The docker logo from Wikimedia Commons By dotCloud, Inc. – File:Docker (container engine) logo.png, Apache License 2.0, https://commons.wikimedia.org/w/index.php?curid=52332268

The Thumbnail of this video is under the Apache 2.0 License: https://www.apache.org/licenses/LICENSE-2.0

source

37 Comments
    • blank
      gotelldonn
      Jun 05, 2022 16:00 pm Reply

      I would like to see comparison of macvlan vs. ipvlan networks in docker, and some practical examples of each. Thanks again for your terrific videos!

    • blank
      Ivan Hansson
      Jun 05, 2022 16:00 pm Reply

      Marc, I really like your videos. But! I have a problem when it comes to get an IP with DHCPCD every time and I went through that section over and over again but with the same results: 
      dhcpcd eth0
      eth0: if_init: Read-only file system
      eth0: interface not found or invalid
      dhcpcd exited
      I can't understand what I'm missing here. Please advice if you can.

    • blank
      Migui Galan
      Jun 05, 2022 16:00 pm Reply

      Hey, would like to know what OS you're using for this demo?

    • blank
      Ismail Anwer
      Jun 05, 2022 16:00 pm Reply

      Very useful, please do how to make firewall containers

    • blank
      Marco Santucci
      Jun 05, 2022 16:00 pm Reply

      Macvlan is supported on cloud instances ex: aws?

    • blank
      Omar Adžagić
      Jun 05, 2022 16:00 pm Reply

      I would like to thank you for this very useful video and wish you good luck in your future work.

    • blank
      Matt Perry
      Jun 05, 2022 16:00 pm Reply

      Hi Marc. Pretty late to the party but ran into a couple of problems with some of the steps in the video whose content I would say is excellent! I am running Docker in VirtualBox on Windows 10 with the adapter in bridged mode. I never was able to resolve the address of client on the Docker container in bridged mode when doing iperf3 -c <docker bridged ip address>. I also never was able to get Docker container to be able to ping an address on the macvlan even after successfully getting a DHCP address from my DHCP server even though the VirtualBox adapter was bridged and set to promiscuous mode. Any thoughts or pointers to where I might be able to resolve these two problems?

    • blank
      Franco Castillo
      Jun 05, 2022 16:00 pm Reply

      I would have liked to see how to connect to the containers from the host using macvlan, but I can understand that it was getting off topic.

    • blank
      Alex Z.
      Jun 05, 2022 16:00 pm Reply

      Marc, thank you for amazing videos that you have made! you made me make my home network a better place for my family :). One question on the topic of this section.
      After I restart the container, the ip address of the eth.x interface is back from the DHCPCD to the MACVLAN that we have created for local use. Do you know if there is a way to set it up so that the machine would always get the Primary LAN ip address? Thanks!

    • blank
      Dennis N
      Jun 05, 2022 16:00 pm Reply

      I liked the video, very informative. But in the video you mentioned about setting a defined mac address for the container, and you don't show how to do that… Such a missed opportunity. You should at least post the commands in the video description.

    • blank
      Árpád Páll
      Jun 05, 2022 16:00 pm Reply

      That it GOLD! literally 3rd video in this topic, finally I understand MACVLANs

      Hi 5 to this guy

    • blank
      Rolli Robert
      Jun 05, 2022 16:00 pm Reply

      I love your tutorials, thanks a lot from Enschede NL !!!

    • blank
      Abdelilah Hmidani
      Jun 05, 2022 16:00 pm Reply

      great 👍 thank you 😊

    • blank
      Kristoff Seisler
      Jun 05, 2022 16:00 pm Reply

      what if i want to use a socks5 proxy to route certain machines from a lan on one subnet through a different gateway on another subnet that only my router-server is connected to via its two nics? how would i go about doing that with docker?

    • blank
      Vlado S
      Jun 05, 2022 16:00 pm Reply

      Thank You. Your way of explanation make me docker networking more interesting.When could we expect more videos about docker swarm with two ore more hosts and overlay and ingress networks?
      Great content that we cannot find anywhere else.

    • blank
      Irtibat Kisileri
      Jun 05, 2022 16:00 pm Reply

      macvlan did not work for me.

    • blank
      Bahman Hatami
      Jun 05, 2022 16:00 pm Reply

      Great job. great content that you can't find maybe anywhere else; because he's mixing something enthusiastic with something scientific.

    • blank
      Irtibat Kisileri
      Jun 05, 2022 16:00 pm Reply

      awesome !!

    • blank
      Mario Veloso
      Jun 05, 2022 16:00 pm Reply

      You have discussed a very useful capability of a docker host/container in MACVLAN… I have not found this searching many tutorials in which I am sure there should be… Imagine a docker firewall inside a host, with all packets passing thru and processed by the docker firewall; even the host should use the guest docker firewall as its gateway to the outside world.

      The security possibilities will be endless in this arrangement, as all services can be made to only have a bridge internal IP, all using the docker firewall. ALL as in all packets inisde or outside should be made to pass only thru the firewall. Since this firewall is a docker instance, everything will be very flexible, easy and secure.

      That is why I have searched for this docker capability, MACVLAN will make this possible.

      Thank you for your good and clear overview. God bless.

    • blank
      bootifulGhost
      Jun 05, 2022 16:00 pm Reply

      Awesome Tutorials, learned a lot in Part 1 and had my head explode in Part 2 :'D. Could you possibly create a tutorial, how to create and configure the docker networks correctly, so you could expose services run in docker to the outside world (ideally with a domain) – so basicly including portforwarding and a reverse proxy?

      I am mainly asking because I have a slight Network related issue or I believe it is. I have 2 physical devices behind my router, that I both want to expose to the internet. One is a Synology-NAS and the other being a NUC-Server with Ubuntu, Docker, Webmin installed (from your other Tutorial). What I'm currently trying is to use nginx or traefik to forward the incoming requests for services run on the NUC-Server correctly. However I might have understood something wrong how to configure the ports in my router or in the docker networks. Right now I have port 80/443 opened which point to my NUC, where I also run nginx reverse proxy and I'm trying to point to various services and the NAS as well. However I really never got everything to work and maybe a tutorial would help.

      Appreciate your tutorials, because they are well structured and very thought through! Thanks

    • blank
      Google User
      Jun 05, 2022 16:00 pm Reply

      Usualy I don't hit the subscribe button very fast, but in this case 2 out of 2 videos where just amazingliy good. Thanks for this easy understandable video with with comprehensible examples!

    • blank
      Henk de Vries
      Jun 05, 2022 16:00 pm Reply

      WOW!! Looked for promox and looked for hours!! Very good job, thank you!!
      Many questions but have to get new hardware first to install proxmox.
      First to ask is: can you convert a running metal machine and convert it into a virtual machine? Very curious in this item!

      Yes, I still use VMWare where 9 servers are running for long time. Also use Parallels on MAC and Virtual box for testing. I was Novell guy since 3.11 (1988) and grew along till 2008. Then changed job and country and got never really back into networks. Too bad, miss it! Time to retire soon and get back into networks and pick up some programming!

    • blank
      Ameen Al-Azzawi
      Jun 05, 2022 16:00 pm Reply

      A testbed of OpenWrt on docker would be great…

    • blank
      Александр Саратовцев
      Jun 05, 2022 16:00 pm Reply

      Great video, thank you!

    • blank
      David Crane
      Jun 05, 2022 16:00 pm Reply

      Really excellent videos – I finally think I'm getting to understand docker networking! I find your explanations and demos very clear (even if I have to watch them a few times). There were a couple of comments about you going too fast, I have to say I didn't find that: I stop try what you've suggested and replay – that works for me.

    • blank
      Kzzzxr
      Jun 05, 2022 16:00 pm Reply

      Hello Marc. Nice two videos for newbies on docker. Keep it up. When possible do OpenWRT on docker with adblock and setup as a gateway pc.

    • blank
      Mingkwan Burckhardt
      Jun 05, 2022 16:00 pm Reply

      Hi, ich habe gesehen, dass du da openwrt als Container hast. Kannst du dazu ein Video machen? Ich bekomme das leider einfach nicht zum laufen…

    • blank
      Daniel Cruz
      Jun 05, 2022 16:00 pm Reply

      Another great video! Thank you for the useful content and keep up the good work. I would love to see more docker networking as well as security. Would be great to see how to segregate services and and access control.

    • blank
      M.Ubaid Ullah Khan
      Jun 05, 2022 16:00 pm Reply

      Really like the way you described it. But frankly while demonstrating, your pace is too fast. Please keep your pace slow, and explain it a little further in-depth.

    • blank
      Anton Popov
      Jun 05, 2022 16:00 pm Reply

      Thanks for the great video! Considering all of the lately topics, have you considered a video on how to configure two routers for high availability? I think it would be useful when having your main router as а VM in Proxmox configured with a backup router when updating the Proxmox host or during debugging.

    • blank
      FA Corner
      Jun 05, 2022 16:00 pm Reply

      Nice

    • blank
      jeytis72
      Jun 05, 2022 16:00 pm Reply

      Of course yes! We are all interested into your next docker networking video!!

    • blank
      TheAkabuck2001
      Jun 05, 2022 16:00 pm Reply

      thanks for the video! very useful and easy to follow for someone just starting out

    • blank
      Sebastián Tobías Castro
      Jun 05, 2022 16:00 pm Reply

      thanks for the video! very useful and super well thought out didactically. I already have material to play for the weekend. thanks again! (sorry for my bad English ;))

    • blank
      Bitter Rotten
      Jun 05, 2022 16:00 pm Reply

      Thank you for making these! I used your macvlan suggestion in another video’s comment section to host two instances of forked-daapd on one server but this is above and beyond. Very informative and I’m looking forward to what you’re going to do next.

    • blank
      Wagner
      Jun 05, 2022 16:00 pm Reply

      Interesting video. Thanks for sharing this.

    • blank
      Arnold Adame Jr
      Jun 05, 2022 16:00 pm Reply

      Love your videos! Keep up the excellent work!

Leave us a comment