MACVlan Networks - unable to connect to HOST from Container

vkhurana · May 25, 2018, 6:14pm

Hi,

I’m pretty new to docker, and I have a few containers going. It works amazing for the most part, but I noticed one issue and I’m hoping someone can help me figure it out.

I run my containers with a macvlan network, because I wanted to be able to run miltiple containers on port 80 (or other ports).

The problem I have is that I’m unable to connect to the docker host from one of the contianers. As an example:

+---------------Host (192.168.1.100)-------------+
|                                                |
| +---(192.168.1.102)--+  +--(192.168.1.103)---+ |
| |  Container 1       |  |  Container 2       | |
| +--------------------+  +--------------------+ |
+------------------------------------------------+

When I try to ping the Host (192.168.1.100) from Container 1 (192.168.1.102), I don’t get a response, no packets seem to reachable from any of the containers, but other machines on the network (outside of the host) work fine.

Is there a way I can configure MacVlan to allow talking to the host from the conatiner?

dmaze · May 25, 2018, 7:13pm

You can do this with the standard Docker networking setup easily enough:

docker run -d -p8000:80 --name web_1 whatever
docker run -d -p8001:80 --name web_2 whatever
...

The containers will be accessible via the host’s DNS name or IP address on ports 8000, 8001, or whatever is on the left-hand side of the -p option, even though the processes inside the container are serving on port 80 (the right-hand side of the -p option must match this but it’s under the process’s control).

You shouldn’t worry about the internal IP addresses containers happen to have; setting up routing for these is very difficult. If you’re communicating between containers, set up a non-default network (just docker network create net_name will do) and attach all the containers to that, and Docker will provide a DNS service so that you can refer to the other containers by name.

vkhurana · May 25, 2018, 8:25pm

Thanks! I’ll give that a shot and see if that works out.

Additionally, Is there a reason the host is unreachable by the container? Rather than container - container communication, the container - host communication seems to be blocked.

vkhurana · June 17, 2018, 4:53pm

Does anyone else have the same issue? Where containers can’t connect to the host? Is this by design or a bug?

meyay · December 22, 2018, 10:18pm

Older versions of the Docker documentation pointed it out:

Note : In Macvlan you are not able to ping or communicate with the default namespace IP address. For example, if you create a container and try to ping the Docker host’s eth0 it will not work. That traffic is explicitly filtered by the kernel modules themselves to offer additional provider isolation and security.

Source: Macvlan network driver | Docker Docs

Though, there are ways to work around the limitation:

Topic		Replies	Views
How do I access container from different host on same network when using macvlan driver General docker	0	1960	November 4, 2018
Can reach container on MACVLAN from host, but not from rest of network General	1	3633	April 8, 2021
Containers unable to access network resources with Macvlan driver and vice versa General docker	6	9957	October 13, 2021
Unable to Access Docker Host from MacVLAN General	4	5071	June 17, 2021
Macvlan network and host to container connectity General	3	16752	May 21, 2020

MACVlan Networks - unable to connect to HOST from Container

Related topics