How to setup the Docker network to enable communication between the host and docker containers?

General
,
1

I have been struggling for weeks about setting up the network between the host and docker containers. What I am aiming to do as an overall is shown below:

image

So, I am currently just working on this part

image

where the host VM communicates with the containers, however, I am struggling to even ping the containers from the host VM and vice versa.

I created a VLAN in the Linux VM using advanced network configuration. I am linking it with the eth0 and using the following IP address:

image
(keeps reverting the netmask to 22)

I used ifconfig in the host VM, I got the following

docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:58:c7:8f:b6  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.3.24  netmask 255.255.252.0  broadcast 192.168.3.255
        ether 00:15:5d:02:15:5f  txqueuelen 1000  (Ethernet)
        RX packets 10267737  bytes 2280725279 (2.2 GB)
        RX errors 0  dropped 5548  overruns 0  frame 0
        TX packets 159917  bytes 342429864 (342.4 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0.15: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.5.2  netmask 255.255.252.0  broadcast 192.168.7.255
        inet6 fe80::dcf6:665b:33af:6200  prefixlen 64  scopeid 0x20<link>
        ether 00:15:5d:02:15:5f  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 910  bytes 57254 (57.2 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 49746  bytes 13039986 (13.0 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 49746  bytes 13039986 (13.0 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

macvlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.5.10  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::f8e9:46ff:fe79:bac  prefixlen 64  scopeid 0x20<link>
        ether fa:e9:46:79:0b:ac  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 131  bytes 12006 (12.0 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

I tried to use create a network in docker,

docker network create -d ipvlan \
    --subnet=192.168.5.0/24 \
    --gateway=192.168.5.1 \
    -o parent=eth0.15 \
    ipvlan_net

and created a simple container to test

docker run -it --rm --network ipvlan_net --name ipvlan_container --ip 192.168.5.3 --cap-add=all alpine /bin/sh

/ # ifconfig
eth0      Link encap:Ethernet  HWaddr 52:54:00:12:34:56  
          inet addr:192.168.5.3  Bcast:192.168.5.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:378 (378.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:12 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1344 (1.3 KiB)  TX bytes:1344 (1.3 KiB)

/ # ping 192.168.5.2
PING 192.168.5.2 (192.168.5.2): 56 data bytes
^C
--- 192.168.5.2 ping statistics ---
12 packets transmitted, 0 packets received, 100% packet loss

if I run ping from the host VM:

ping 192.168.5.3
PING 192.168.5.3 (192.168.5.3) 56(84) bytes of data.
From 192.168.5.10 icmp_seq=1 Destination Host Unreachable
From 192.168.5.10 icmp_seq=2 Destination Host Unreachable
From 192.168.5.10 icmp_seq=3 Destination Host Unreachable
From 192.168.5.10 icmp_seq=4 Destination Host Unreachable
From 192.168.5.10 icmp_seq=5 Destination Host Unreachable
From 192.168.5.10 icmp_seq=6 Destination Host Unreachable
From 192.168.5.10 icmp_seq=7 Destination Host Unreachable
From 192.168.5.10 icmp_seq=8 Destination Host Unreachable
From 192.168.5.10 icmp_seq=9 Destination Host Unreachable
^C
--- 192.168.5.3 ping statistics ---
10 packets transmitted, 0 received, +9 errors, 100% packet loss, time 9205ms
pipe 4

what am I doing wrong here? Also, for this case which network would be best, as I am struggling with MACVlan and IPVlan?

1 Like
2

MacVLAN is for assigning LAN IPs to containers, but that also means you will not be able to access the container from the host. I really never missed MacVLAN as containers are not VMs and processes on a normal machines wouldn’t have thei own IP address anyway. The default bridge network would work. If you still want to use MacVLAN, @meyay wrote about a solution here:

2 Likes
3

A kernel security restriction does not allow communication between a container macvlan ip and the parent host ip.

You either need to use an ip of another host interface, or you need to introduce a macvlan child interface on your host as well, and use its ip for communication from container to the host.

The link @rimelek shared shows how a macvlan child interface can be added to the host.

2 Likes