Traffic egressing from different interface than one specified in compose file

connorc0405 · October 23, 2022, 5:28pm

I have a host which is connected to a trunk port on my switch. It carries 4 VLANs (10,20,30,40). I wanted to hook up an interface on a service to a specific VLAN, so I used MACVLAN. This is my relevant docker compose bit:

ddns:
  image: ddns:latest
  build: ./route53-ddns-docker
  environment:
    - DOMAIN=mydomain
    - ZONEID=myzoneid
  volumes:
    - /path/to/.aws:/root/.aws
  networks:
    mgmt_vlan:
      ipv4_address: 192.168.20.8
  restart: always

...

networks:
  mgmt_vlan:
    driver: macvlan
    driver_opts:
      parent: enp1s0.20
    ipam:
      driver: default
      config:
        - subnet: 192.168.20.0/24
          gateway: 192.168.20.1

...

I start the docker compose service and open tshark. To my surprise, traffic is flowing from IPs in ALL 4 VLANS (10, 20, 30, 40), and the traffic from VLAN 20 isn’t even using the IP I statically assigned in the compose file. I exec-ed into the container and ran ifconfig, and only two interfaces showed up: eth0, with the correct IP address, and lo.

   69 2.118645924 [192.168.40.248](https://192.168.40.248) → [192.168.40.1](https://192.168.40.1) DNS 96 Standard query 0xf083 A [checkip.amazonaws.com](https://checkip.amazonaws.com) OPT
   70 2.118757657 [192.168.30.10](https://192.168.30.10) → [192.168.30.1](https://192.168.30.1) DNS 85 Standard query 0x452e A [checkip.amazonaws.com](https://checkip.amazonaws.com)
   71 2.118864200 [192.168.20.5](https://192.168.20.5) → [192.168.20.1](https://192.168.20.1) DNS 96 Standard query 0x8cef A [checkip.amazonaws.com](https://checkip.amazonaws.com) OPT
   72 2.118968564 [192.168.10.10](https://192.168.10.10) → [192.168.10.1](https://192.168.10.1) DNS 85 Standard query 0x5eae A [checkip.amazonaws.com](https://checkip.amazonaws.com)


root@9a0baaf362df:/# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
inet 192.168.20.8  netmask [255.255.255.0](https://255.255.255.0)  broadcast 192.168.20.255
ether 02:42:c0:a8:14:08  txqueuelen 0  (Ethernet)
RX packets 683  bytes 280394 (280.3 KB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 761  bytes 60894 (60.8 KB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
inet 127.0.0.1  netmask 255.0.0.0
loop  txqueuelen 1000  (Local Loopback)
RX packets 433  bytes 70060 (70.0 KB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 433  bytes 70060 (70.0 KB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Can anyone tell me why my interface assignment doesn’t seem to stick? It seems so weird that `ifconfig` lists one real interface, while traffic is leaving from all four. It’s almost like it’s confused as to which to use: The default bridge interface, or the MACVLAN one. Am I missing something?? Thanks!