Long story short, I need a docker container to be able to talk to network devices outside of the docker host by routing and not NATed. If you use a bridged nework, any traffic bound for outside of docker gets NATed as it leaves the docker host. I have some apps that have issues with NAT. Ideally I wanted the containers to be directly exposed on the same physical network as the host. You can do this by creating a network of type “host” but this is not supported on Windows. This is exactly what I want to achieve or the next best thing.

The next best thing is the IPvlan. The documenation here (notice I am referring to the layer 3 type) heavily implies that once a container is attached to a correctly configured ipvlan network it should be able to communicate with the outside world. However, I cannot get this to work. So either the documentation is wrong, or it is unsupported in Window Docker.

Note: I can get two containers to talk to each other through the same IPvlan network which have been assigned to different subnets (I did the example in the doc linked above). In this case the docker host does route traffic correctly. Again though, they cannot talk outside on the host, but if you look at the diagrams it is implied that it is possible; and there is a statement near the end of the section stating:

In order to ping the containers from a remote Docker host or the container be able to ping a remote host, the remote host or the physical network in between need to have a route pointing to the host IP address of the container’s Docker host eth interface.

This is bog standard networking and is expected. So you need to configure routes on your “external” network to tell them that to get to the containers they must route through the docker host. I have added these routes but it still does not work.

Can anyone advise if I have missed something according to the docs?
Can anyone confirm if they have ever had this working using Docker Windows? prefrebly a DEV.
Is there any of the way I can achieve what I want to avoid NATting traffic to my containers in Windows?
thanks,

Just to clarify: Are you running Windows or Linux containers via Docker Desktop? This will help clarify which option to use.

The content of the shared link to the ipvlan documentation pre-dates Docker Desktop.

Docker Desktop runs the docker engine for Linux containers always in a utility vm (on Windows it is a distribution running on the WSL utility vm): as a result host, ipvlan and macvlan use the network interface of the utility vm, and not of the host. Those docker network types are pretty much useless with Docker Desktop running Linux containers.

I can’t say anything about Windows containers.

I am aware that it runs in a VM, I even say this myself in my post. However, it is feasable if you know networking in depth.

I understand that the doco pre-dates Desktop. But it does seem as though it has been updated with references to Desktop. For example, if you read about macvlans and host networks, both pages tell you it is not supported in Desktop - so I would expect the same on the page for Ipvlans if this was the case. It is confusing becasue some pages do say “this is not supported in desktop docker”, so it’s a fair assumption to assume that you can use IPvlans in Desktop. And you can… just not fully. I have a feeling this is meant to work but a bug cause it not to or the devs just assumed it would without testing.

It would be useful if an offical Docker rep could confirm this either way. If it is not supported, then please update the documenation to say so - I spent a good few days exploring this and I could have saved this time if I knew it didn’t work upfront.

Windows Docker with Linux container.