libnetwork icon indicating copy to clipboard operation
libnetwork copied to clipboard

Published 20 hours ago verified publisher icon moby

[macvlan] Same parent and gateway for multiple networks

Open bodji opened this issue 6 years ago • 4 comments
trafficstars

Hi,

We are struggling with an issue with macvlan driver.

We wonder why we can't have multiple macvlan docker network with the same parent ?

This check forbids it in libnetwork/drivers/macvlan/macvlan_network.go :

 func (d *driver) createNetwork(config *configuration) error {
       networkList := d.getNetworks()
       for _, nw := range networkList {
               if config.Parent == nw.config.Parent {
                       return fmt.Errorf("network %s is already using parent interface %s",
                               getDummyName(stringid.TruncateID(nw.config.ID)), config.Parent)
               }
       }

And, also, why we can't have the same gateway for multiple macvlan docker networks ?

// Convert IP ordinal for this subnet into IP address
               return generateAddress(ordinal, base), nil
        case bitseq.ErrBitAllocated:
               return nil, ipamapi.ErrIPAlreadyAllocated

Our use case is the following :

  • 3 dockers nodes in Swarm mode
  • A public /28 RIPE routed to a private virtual network on each node
  • Mount public IP directly in containers

Our problem :

  • We want to specify the public IP of a container. -> IPAM in Swarm does not allow to specify ipv4_address param in compose file (normal behaviour with --scale)

    -> So we thought about creating one macvlan network with same parent interface, same gateway, and an --ip-range with the /32 we want.

We made some patch on the two files specified, and it works.

Is it a viable solution, and could we remove safely those checks?

Thank you !

bodji avatar May 28 '19 10:05 bodji

I have same issue. My workaround is to create macvlan network with multiple subnet's and then force ip for each container.

dummy docker-compose to create network

version: '2'
services:
 test:
  image: 'testenv:latest'
  networks:
   - public
  command: /bin/true
networks:
 public:
   driver: macvlan
   driver_opts:
     parent: br0
   ipam:
    config:
     - subnet: aaa.aaa.aaa.aaa/24
       gateway: aaa.aaa.aaa.254
       ip_range: aaa.aaa.aaa.aaa/32
     - subnet: bbb.bbb.bbb.bbb/24
       gateway: bbb.bbb.bbb.254
       ip_range: bbb.bbb.bbb.bbb/32

One of containers

version: '2'
services:
 test:
  image: 'testenv:latest'
  mac_address: xx:xx:xx:xx:xx:xx
  networks:
   somenet:
    ipv4_address: aaa.aaa.aaa.aaa
  command: curl https://ipinfo.io/ip
networks:
 somenet:
  external:
      name: testnet_public

Any other ways of having public IP's for multiple containers ?

kaweksl avatar Jun 19 '19 15:06 kaweksl

The check preventing multiple networks with the same parent interface only makes sense if Docker automatically created the parent interface. I think the check should be kept, but only be enforced if config.CreatedSlaveLink = true

haboustak avatar Jul 25 '20 13:07 haboustak

Hello @bodji and @haboustak . I'm in the same boat (want to give fixed ip to the containers in docker swarm with multple macvlan configs and networks) and also got "ailed to allocate gateway (192.168.114.1): Address already in use" message when tried to start third container on third netwok (we only have 2 node swarm, this is why the first two starts, first on docker01 second on docker02).

Can anybody guid me, how can I 'patch' the docker, or use config.CreatedSlaveLink option to make it working?

Any help would be very appreciated! Regards: Norbert

ceeeru avatar Feb 25 '22 13:02 ceeeru

Another possible workaround for this issue is to create macvlan interfaces on the host (eg. using nmcli), and then assign the docker macvlan networks to the macvlan interfaces.

DavidAlexanderW avatar May 08 '24 14:05 DavidAlexanderW