Multiple networks in one container

I have a Fedora 23 host with two networks and I want to run a container that can participate in both of them. The host defines these two networks (and a gateway on a third network),

$ route -n
Destination Gateway    Genmask        ...  Iface
default     w.x.y.254  0.0.0.0        ...  eth0
a.b.c.0     0.0.0.0    255.255.255.0  ...  eth2
e.f.g.0     0.0.0.0    255.255.255.0  ...  eth3

So far for Docker, I have,

(1) $ docker network create --subnet a.b.c.0/24 --gateway a.b.c.254 eth2
(2) $ docker network create --subnet e.f.g.0/24 --gateway e.f.g.254 eth3
(3) $ docker create --network=eth2 --ip=a.b.c.1 container program
(4) $ docker network connect --ip=e.f.g.1 eth3 container
(5) $ docker start container
    # (With a few more arguments in real life.)

This gets me most of what I want except the ability to actually participate in the host's networks. I understand I must somehow map the container's networks to the host's networks. But I'm having trouble learning how to do that.

I can map the first network, I think. Instead of line (3) above, I try,

(6) $ docker create --network=eth2 --ip=a.b.c.1 \
      -p a.b.c.d:1-65535:1-65535/tcp -p a.b.c.d:1-65535:1-65535/udp \
      container program

But I don't see how to map the sec    ond network since the -p option is not available for "docker network connect" (or for "docker start"). Of course, using -p might not be the proper solution, anyway. Is it possible to do what I want?

    I'm using RPM docker-engine-1.12.6-1.fc23.x86_64 and associated packages from Docker, not Fedora's Docker packages.

I wrote:

I have a Fedora 23 host with two networks and I want to run a
container that can participate in both of them. The host defines
these two networks (and a gateway on a third network),
$ route -n
Destination Gateway Genmask … Iface
default w.x.y.254 0.0.0.0 … eth0
a.b.c.0 0.0.0.0 255.255.255.0 … eth2
e.f.g.0 0.0.0.0 255.255.255.0 … eth3

So far for Docker, I have,

(1) $ docker network create --subnet a.b.c.0/24 --gateway a.b.c.254 eth2
(2) $ docker network create --subnet e.f.g.0/24 --gateway e.f.g.254 eth3
(3) $ docker create --network=eth2 --ip=a.b.c.1 container program
(4) $ docker network connect --ip=e.f.g.1 eth3 container
(5) $ docker start container
# (With a few more arguments in > real life.)

This gets me most of what I want except the ability to actually
participate in the host’s networks. I understand I must somehow map
the container’s networks to the host’s networks. But I’m having
trouble learning how to do that.

I can map the first network, I think. Instead of line (3) above, I
try,

(6) $ docker create --network=eth2 --ip=a.b.c.1
-p a.b.c.d:1-65535:1-65535/tcp -p a.b.c.d:1-65535:1-65535/udp
container program

But I don’t see how to map the second network since the -p option is
not available for “docker network connect” (or for “docker start”).
Of course, using -p might not be the proper solution, anyway. Is it
possible to do what I want?

I’m using RPM docker-engine-1.12.6-1.fc23.x86_64 and associated
packages from Docker, not Fedora’s Docker packages.|
I’m now very disappointed in this forum. After five days, not even a
suggestion that I take the question elsewhere. Doesn’t anybody run
multiple networks in a container?

Hi
Docker container runs in its own networking namespace which is different from the host network. You cannot map the 2 networks. “-p” or “-P” option when starting a container allows us to expose container services in host machine. To allow containers to use host network directly, there are 2 options:

  1. Use driver host while creating containers. This will allow containers to have same network namespace as host.
  2. Use macvlan driver for containers. This allows containers to connect to underlay or host network directly.

I did a presentation recently(https://www.slideshare.net/SreenivasMakam/docker-networking-overview). This might help for some of your questions.

Regards
Sreenivas

Sreenivas Makam wrote:

To allow containers to use host network directly, there are 2
options:

  1. Use driver host while creating containers. This will allow
    containers to have same network namespace as host.
  2. Use macvlan driver for containers. This allows containers to
    connect to underlay or host network directly.

Thank you. That was exactly the clue I needed. The change to my setup
was trivial. Instead of,

(2) $ docker network create --subnet e.f.g.0/24 --gateway e.f.g.254 eth3

I now use,

(2) $ docker network create -d macvlan -o parent=eth3
–subnet e.f.g.0/24 --gateway e.f.g.254 eth3

Everything else remained exactly as I had it before.