3

Hi I am new in docker network . Basically I want to start a docker container that should be mapped with existing HOST OS network interface .

For e.g. List of HOST OS network interfaces

$>>ip a
1. ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 
4. ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000

Now I want to create a Docker Network Bridge (mapped with ens192/ens224) using

$ docker network create -d bridge my-bridge-network

And then run the container using the docker network

$ docker run -itd --network=my-bridge-network mydocker

But with mentioned steps I am not able to map network interfaces with docker networks.

curiousguy
  • 3,212
  • 8
  • 39
  • 71
  • A design goal of Docker is that containers can't directly access or administer the host interfaces. You might be better off running this process directly on the host. Possibly also see [How to use the host network, and any other user-defined network together in Docker-Compose?](https://stackoverflow.com/questions/47303141/how-to-use-the-host-network-and-any-other-user-defined-network-together-in-dock) (you can't). – David Maze Feb 04 '21 at 17:24
  • 1
    That is correct for layer 3, but using a layer 2 tunnel can connect a container to "the outside network". But since it's barely used there is not much documentation for it... :( – TheClockTwister Feb 23 '21 at 18:26

1 Answers1

2

The goal

Assuming that you want your Docker container to display to the network as an ordinary device, you can "map" a host interface using a macvlan bridge. What you will get:

  • Docker clients receive an IP from the network the host is in
  • Other devices can access the container as if it was in their physical network
  • The container can access the same hosts as its host via the given interface

If that is not what you meant, please leave a comment and further explain your scenario.

How it's done

Check weather macvlan module is installed using

lsmod | grep macvlan

If it is not listed, install it by issuing

modprobe macvlan

Using Docker CLI

Create a network with the interface you want to share and specify subnet and gateway (gateway is optional if you want to use the internet via this network):

docker network create -d macvlan --subnet=1.2.3.4/24 --gateway=1.2.3.1 -o parent=eth0 nice_name

(parent must be changed from eth0 to your interface)

Using Docker-Compose

You can also create those networks on-demand and include them in your docker-compose.yml files like in the following example:

version: '3.3'
services:

  nginx1:
    restart: unless-stopped
    image: nginx:latest
    networks:
      - nice_name

networks:
  private:
  nice_name:
    driver: macvlan
    driver_opts:
      parent: eth0  # change this
    ipam:
      config:
        - subnet: "1.2.3.0/24" # change this
          gateway: "1.2.3.1" # change this (optional)

# Be aware that there is no "-" before "gateway" as it belongs to the subnet!

If you have already created the network outside of Docker-Compose, you can still connect clients to it that use Docker-Compose by using the external parameter:

version: '3.3'
services:

  nginx1:
    restart: unless-stopped
    image: nginx:latest
    networks:
      - nice_name

networks:
  nice_name:
    external: true
TheClockTwister
  • 819
  • 8
  • 21
  • The comment for the `subnet` line says "change this". To what, exactly? – arcanemachine Dec 21 '22 at 07:04
  • 1
    To whatever IP subnet you like. For example: If your local network is the typical 192.168.178.0/24, you should choose something different than 192.168.178.0/24 here to avoid routing conflicts and IP conflicts... – TheClockTwister Dec 22 '22 at 09:50