1. Did the following step (not sure if that is really needed):
sudo iptables -P FORWARD ACCEPT
2. Make sure that each network card is in Promiscuous mode
3. Docker service needs to be configured to have the following:
--experimental=true
This is due to the problem that ipvlan is still experimental
4. Create a network using ipvlan:
docker network create -d ipvlan --subnet=192.168.0.0/24 --ip-range=192.168.0.208/28 --gateway=192.168.0.1 -o ipvlan_mode=l2 -o parent=enp0s3 ipvlan70
This assumes that the entire network is on 192.168.0.0/24, the range for this node is 192.168.0.208/28, the gateway is the gateway for the network. The ipvlan mode is l2 and use one of the network card of the machine. the name of the ipvlan is called ipvlan70
If everything is working, then you can create a container like this to test its connectivity:
docker run --net=ipvlan70 -it --name ipvlan70_2 --rm alpine /bin/sh
This container should be able to access internet and other containers on the same network but not the host IP, that is on purpose.
The following procedure is to setup macvlan
docker network create -d macvlan --subnet=192.168.0.0/24 --ip-range=192.168.0.208/28 -o macvlan_mode=bridge -o parent=enp0s3.70 macvlan70
No comments:
Post a Comment