Hello, I have a doubt concerning the IPVLAN config of one of my docker. I would like to move my Guacamole docker to a VLAN number 222.

On the host:

> 2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
>     link/ether bc:24:11:47:b4:e0 brd ff:ff:ff:ff:ff:ff
>     altname enp0s18
>     inet 192.168.206.40/26 metric 100 brd 192.168.206.63 scope global dynamic ens18
>        valid_lft 77508sec preferred_lft 77508sec
>     inet6 fe80::be24:11ff:fe47:b4e0/64 scope link
>        valid_lft forever preferred_lft forever
> 3: vlan.222@ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
>     link/ether bc:24:11:47:b4:e0 brd ff:ff:ff:ff:ff:ff
>     inet 192.168.222.208/28 brd 192.168.222.207 scope global vlan.222
>        valid_lft forever preferred_lft forever
>     inet6 fe80::be24:11ff:fe47:b4e0/64 scope link

For the docker

I have first created a network with this command:

docker network create -d ipvlan --subnet=192.168.222.0/28 --gateway=192.168.222.11 -o ipvlan_mode=l2 -o parent=ens18 vlan.222-guac

Then I have “attached” this network to my Guacamole network:

> guacamole:
>     container_name: guacamole
>     image: guacamole/guacamole:1.5.5
>     restart: unless-stopped
>     networks:
>         -  vlan.222-guac
> 
> 
> networks:
>   vlan.222-guac:
>     driver: ipvlan
>     external: true

When inspected my docker network vlan:

> "Name": "vlan.222-guac",
>         "Id": "eeef8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx809ab4",
>         "Created": "2025-03-17T06:27:10.336062817+02:00",
>         "Scope": "local",
>         "Driver": "ipvlan",
>         "EnableIPv4": true,
>         "EnableIPv6": false,
>         "IPAM": {
>             "Driver": "default",
>             "Options": {},
>             "Config": [
>                 {
>                     "Subnet": "192.168.222.0/28",
>                     "Gateway": "192.168.222.11"
>                 }
>             ]
>         },
>         "Internal": false,
>         "Attachable": false,
>         "Ingress": false,
>         "ConfigFrom": {
>             "Network": ""
>         },
>         "ConfigOnly": false,
>         "Containers": {
>             "67e87494exxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx2181e": {
>                 "Name": "guacamole",
>                 "EndpointID": "0461fb4xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx23ebba3e0",
>                 "MacAddress": "",
>                 "IPv4Address": "192.168.222.1/28",
>                 "IPv6Address": ""
>             }
>         },
>         "Options": {
>             "ipvlan_mode": "l2",
>             "parent": "ens18"

Is it correct ?

Is my configuration correct ?

The parent interface must already include the vlan id: -o parent=ens18.222.

See example usage in the docs:
https://docs.docker.com/engine/network/drivers/ipvlan/#ipvlan-8021q-trunk-l2-mode-example-usage

I have remove the docker network “vlan.222-guac” to do it again with the right value

docker network create -d ipvlan --subnet=192.168.222.0/28 --gateway=192.168.222.11 -o ipvlan_mode=l2 -o parent=ens18.222 ipvlan222

But I do have this error:

Error response from daemon: failed to create ens18.222 vlan link: file exists

Do I need to re-do the VLAN on my host ?

Thx

According to the docs it should not matter whether the vlan sub-interface exists and is “up” or is created by the docker network create command.

I would try removing static configuration for the ipvlan sub interface, restart hoping that it cleans up whatever leftovers cause the error, and only use docker network create

If it’s not working, I would suggest raising an issue in the Moby GIthub project: https://github.com/moby/moby/issues

I have removed the vlan host config. Recreate the docker network ipvlan222

docker network create -d ipvlan --subnet=192.168.222.0/28 --gateway=192.168.222.11 -o ipvlan_mode=l2 -o parent=ens18.222 ipvlan222

I was able to do it.
I have inspected the docker (network)

"ipvlan222": {
                "Aliases": [
                    "guacamole",
                    "guacamole"
                ],
                "DNSNames": [
                    "guacamole",
                    "1dxxxxxxxx7a"
                ],
                "DriverOpts": null,
                "EndpointID": "181df8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx196bb",
                "Gateway": "192.168.222.11",
                "GlobalIPv6Address": "",
                "GlobalIPv6PrefixLen": 0,
                "GwPriority": 0,
                "IPAMConfig": null,
                "IPAddress": "192.168.222.1",
                "IPPrefixLen": 28,
                "IPv6Gateway": "",
                "Links": null,
                "MacAddress": "",
                "NetworkID": "5d85351axxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx31149"
            }
        },

But I do not find this IP number (222.1) in my LAN network … What can I do to be sure that it is in the right network ?
Thx

Can you provide more context, I have no idea what this is supposed to mean:

Some ideas about what to check:

• Inspect the ipvlan network and check whether it uses the correct parent interface
• Check your host’s interfaces: is the interface ens18.222@ens18 created?
• Does your service in the compose file use the ipvlan network?
• Start a temporary container attached to the ipvlan and try pinging the gateway of the vlan.

I have inspected the ipvlan network on my previous post. I do not see if it use the correct parent interface.
Yes the ens18.222 has been created on my host interface.
Yes Guacamole is using the ipvlan:

guacamole:
    container_name: guacamole
    image: guacamole/guacamole:1.5.5
    restart: unless-stopped
    networks:
      - ipvlan222

and

networks:
  ipvlan222:
    external: true

A container with the same networks config can ping the GW of this vlan.
But I do not see this container appearing on my local network as client.

Using Unifi networks, clients are the things connected to the above such as PC’s, phones, tablets, Xbox, IOT, etc

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.