MacVLAN not respecting aux_addresses in Compose

Docker Engine Compose
1

I have a compose file with the following:

networks:
  backend:
    driver: bridge
    internal: "true"
  frontend:
    driver: bridge
  dmz:
    driver: macvlan
    driver_opts:
      parent: ens2
    ipam:
      config:
       - subnet: 192.168.0.0/24
         gateway: 192.16.0.1
         aux_addresses:
           localhost: 192.16.0.2

However when I run docker compose up -d, the network does NOT get built with aux_addresses reserved! If I start a container and connect it to the network, that container gets assigned the reserved IP of 192.168.0.1. Why does this happen, and how can I reserve an IP so it is not assigned from within Compose?

2

Apparent solution - I had no services attached to my DMZ network. This prevented Compose from building it since it was “unused”. Solution: use the network, or declare outside of compose.

3

The network declaration, and your expectation don’t align, because 192.16.0.1 is not added to the aux_addresses map.

Of course it’s going to assign every existing ip address from the subnet, starting from the first ip, up to the last ip of the subnet, excluding ips that are in the aux_addresses link

Furthermore, you can carve out an ip-range within the subnet if wanted: e.g. ip_range: "192.16.0.64/26", resuting in the range 192.16.0.64 - 192.16.0.127. Make sure this range is outside the range of any dhcp server.

4

In all my testing, the DHCP never assigned the gateway address. But noted, thanks. I looked at ip_range, however the ranges all seemed to be in subnet sized blocks which seemed un-useful when I only wished to reserve one or two addresses. Carving up the subnet further just wasted IPs.

Any 192.16 was a typo - this should all live on 192.168.x.x

5

Got it.

Would you mind responding to the first sentence?

right. I missed the inconsistency between the subnet and the gateway ip. Makes more sense is everything is in the subnet 192.168.0.0/24. If you really want 192.168.x.x, shouldn’t it use a /16 bitmask?

6

The network declaration, and your expectation don’t align, because 192.16.0.1 is not added to the aux_addresses map.

Thats the thing - I didn’t think I also needed to add my gateway. When deployed via “docker network create” it reserved both 192.168.0.1 and 192.168.0.2. When created via “docker compose” it reserved just 192.168.0.1. The first container added was assigned 192.168.0.2. I certainly can add that gateway address as a second entry though.

As for the IP, its just sample ranges. 192.168.0.x/24 for simplicity’s sake.