Hello,

I’m trying to create an ipvlan l3 network and I seem to be stuck a little bit. I’m using the Youtube video called Docker networking is CRAZY!! (you NEED to learn it) from NetworkChuck as reference.

When I do an ifconfig on my host Ubuntu, I find out that my network driver name for that host is enp1s0f0 with the IP 192.168.1.8.

enp1s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.8  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 _____  prefixlen 64  scopeid 0x20<link>
        ether _____  txqueuelen 1000  (Ethernet)
        RX packets 9020  bytes 8697667 (8.6 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4155  bytes 703040 (703.0 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 16  

So then using that knowledge, I then create the docker network by doing

docker network create -d ipvlan \
  --subnet 192.168.94.0/24 \
  -o parent=enp1s0f0 -o ipvlan_mode=l3 \
  --subnet 192.168.95.0/24 \
  localLab

Then I create 2 containers just to test everything out.

docker run -itd --rm --network localLab --ip 192.168.94.7 --name container1 busybox

and

docker run -itd --rm --network localLab --ip 192.168.94.8 --name container2 busybox

So if I get into container1 and then ping for container2, I get this result

/ # ping container2
PING container2 (192.168.94.8): 56 data bytes
64 bytes from 192.168.94.8: seq=0 ttl=64 time=0.092 ms
64 bytes from 192.168.94.8: seq=1 ttl=64 time=0.109 ms
64 bytes from 192.168.94.8: seq=2 ttl=64 time=0.161 ms
^C
--- container2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.092/0.120/0.161 ms
/ # 

Which is good since I know container1 and container2 can talk to each other. So when I try to go out to the internet by pinging google.com, I get

/ # ping google.com
PING google.com (142.250.191.174): 56 data bytes
^C
--- google.com ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
/ # 

So I know I need to setup the static routes. My router is a Netgear R6020 so when I go to setup, this is how my static routes look like.

Screen Shot 2023-10-28 at 12.57.13 PM1418×454 18.1 KB

So when I go into container1 and try to ping Google again, I still get

/ # ping google.com
PING google.com (142.250.190.142): 56 data bytes
^C
--- google.com ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
/ # 

So my question is, what am I doing wrong here? I’m looking at this blog post and it looks very very similar to mine except his router is different.

https://4sysops.com/archives/configuring-ipvlan-networking-in-docker/

I’m stuck and I need a little help. I’ve changed the IP Subnet Mask multiple times from 255.255.255.255 to 255.255.255.0 and even did 255.255.0.0 with no dice. Same for the Gateway IP Address. I changed it from 192.168.1.2 to 192.168.1.0 to even 192.168.1.1 and nothing seems to be allowing me to ping the internet from my containers. The containers are able to talk to each other which is fine, but now I need to get to the internet so I can run things like apt-get -y update and apt-get -y install and what not on my other containers.

CIDR LAN: 192.168.1.0/24 → Route to 192.168.94.0/24 using gw 192.168.1.8
CIDR IPVLAN: 192.168.94.0/24 + 192.168.95.0/24 (why the second subnet?) → Route ??? using gw ???

I never thought about creating a macvlan/ipvlan with a separate subnet range than the lan range… … because I don’t use macvlan/ipvlan, as both tend to cause more headaches than provide benefit. I never actually needed either one of them in the last 8-9 years.

Try a traceroute from a container to those hosts. The nicolaka/netshoot image is quite useful in this context, as it provides plenty of network troubleshooting tools. I can only assume that your network lacks a gateway (=--gateway=192.168.94.x) and therefore the traffic is simply not routed.

Update: never mind. According docs the ip of the parent interface will act as the gateway when ipvlan_mode=l3 is used.

The second subnet is for extra routing. So I have about 6 physical home servers. I want to have multiple subnets going unless it makes more sense to have each physical home server have their own “unique” subnet and don’t dive into 1 physical home server having multiple subnets.

I’ll try that out and get back to you.

Ok, coming back to confirm. It is because of the router I have.

I went over to my brother’s house with one of my home servers and asked him if I could try setting up a few static routes. He’s got an ASUS RT-AX58U, much better than my cheap Netgear. I did the same exact things, exact I changed the IP subnet mask to 255.255.255.0 and this is the response I got.

/ # ping google.com
PING google.com (142.250.191.206): 56 data bytes
64 bytes from 142.250.191.206: seq=0 ttl=58 time=16.971 ms
64 bytes from 142.250.191.206: seq=1 ttl=58 time=15.864 ms
64 bytes from 142.250.191.206: seq=2 ttl=58 time=21.902 ms
64 bytes from 142.250.191.206: seq=3 ttl=58 time=16.259 ms
^C
--- google.com ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 15.864/17.749/21.902 ms
/ # 

So I’ll definitely have to invest in a new router since mine is pretty old. I bought it back in 2016 I believe. Thanks for your help.

Uh, I didn’t spot that you used a 255.255.255.255 subnet mask. It made the route valid for a single(!) ip, which explains pretty much why things didn’t work.

It should work if you change the subnet mask to 255.255.255.0.

The ip protocol is roughly 30 years old now. I think a device from 2016 isn’t that old, when you consider how old the protocols it supports are ^^

Yeah, I actually attempted to use multiple different subnet mask. I said that in my OP. None of it worked for my router. I went back and forth with so many combinations for my Netgear router as an attempt to “get it working”. I’ll have to invest in a new router later tonight since I have the money for it. Thanks for your help.