Share and learn in the Docker community.
Usually when creating a docker, the docker host NATs the interface of the docker behind the bridge. And the documentation of docker goes into great detail about describing all the possibilities of how to expose the ports of a container.
What I’m looking for is how do I give a container it’s own interface, that is not NATed by the docker host. It gets it’s ip address from my dhcp server directly.
Thanks in advance.
Use Docker Macvlan network driver for the use case you described.
For more details, pls refer to my blogs(https://sreeninet.wordpress.com/2016/05/29/macvlan-and-ipvlan/, https://sreeninet.wordpress.com/2016/05/29/docker-macvlan-and-ipvlan-network-plugins/)
Sreenivas
Thank you for the links. I still have a few questions though. In one of the links you have a paragraph titled ‘Comparing Macvlan to Bridge’, you said in one sentence that Macvlan is used for more simple scenarios like exposing the endpoints (docker container’s nic, I’d guess) directly to the external network. In the next sentence you wrote
With Bridge, it is needed to use NAT for external connectivity.
I gained lots of experience with virtualbox, and there you have a bridged interface and a NATted one, which collides of what I know from virtualbox. Maybe you can help me sort things out.
Thanks in advance.
Virtualbox bridge and NAT networking modes are different from bridge and NAT used in this context for Docker containers. There are some similarities, but its used differently. I agree that its little confusing…
In Virtualbox:
NAT mode:
VM is in a private network and Virtual box does the NAT translation to outside world.
Bridged mode:
VM gets the ip address from the same gateway as host and will be in same network as host
In Docker container side:
Bridged mode:
Docker containers are connected to bridge in host. They are not in same network as host but they are in their own internal network.
NAT is not a mode in Docker container. NAT can be used for external connectivity in any networking driver mode in Docker.
Based on your usecase mentioned in the first mail, I thought macvlan makes more sense for your usecase.
Thank you for clearing things up for me. This information is vital and should be put into the documentation. I hope to see that there in the future.
Again thanks alot.
Great. I will give the feedback to Docker team. I will also clarify some of these points in my blogs. 1 of my responsibilities as Docker captain is to get the feedback from community going in both directions…