Introduction
Hey there! If you’ve been exploring Docker and its networking modes, you might have come across the IPvlan network driver. It’s pretty cool and can simplify some complex networking scenarios. Today, I’m going to walk you through setting up an IPvlan network and deploying two containers on it using MARVEL comics characters where Wolverine and Deadpool are both Mutants so they will be in "Mutant" network. Plus, I’ll share some challenges I faced due to pfSense, our company’s firewall setup. Let’s dive in!
1. Introduction
Docker’s networking options are pretty diverse, and one of the standout modes is IPvlan. It lets containers connect directly to the host’s network, making them appear as if they’re on the same physical network. This can be super handy for certain setups. In this post, I’ll guide you through creating an IPvlan network and deploying two containers—Wolverine and Deadpool. Along the way, I’ll also explain the difference between IPvlan and the default bridge
network driver.
2. Bridged vs. IPvlan Networks
Let’s break down how bridge
and ipvlan
networks stack up:
Bridge Network:
Default Mode: This is Docker’s go-to networking mode.
Private Network: Creates a private network on your host for containers.
Limited Access: Containers get IPs from a private subnet and need port forwarding to talk to the outside world.
Simple Setup: Great for basic use, but might not cover all your needs.
IPvlan Network:
Direct Access: Gives containers a direct line to the host’s network interface.
No NAT: Containers are directly reachable, which makes network management a bit smoother.
Same Network as Host: Containers look like they’re on the same network as the host, which can simplify things.
Advantages:
Smoother Networking: No need for NAT, which means less hassle with IP addressing and routing.
Direct Communication: Containers can chat with other devices on the same network just like physical devices.
Better Performance: Potentially quicker network performance since there’s no middleman.
Limitations:
- No Custom MAC Addresses: IPvlan doesn’t let you set custom MAC addresses. If your network needs unique MACs, IPvlan might not be the best fit.
3. Creating the IPvlan Network
To get started, I created an IPvlan network called mutants
. Here’s how you can set up an IPvlan network:
sudo docker network create --driver ipvlan --subnet=192.168.10.0/24 mutants
This command:
Uses
ipvlan
as the network driver.Sets up the subnet as
192.168.10.0/24
.Names the network
mutants
.
4. Deploying the Containers
With the network ready, it’s time to run some containers! I deployed two containers—Wolverine and Deadpool—on the mutants
network. Docker takes care of assigning IP addresses automatically. Here’s how I did it:
sudo docker run --net mutants --name wolverine -it busybox sh
sudo docker run --net mutants --name deadpool -it busybox sh
In these commands:
--net mutants
: Connects the containers to themutants
network.--name wolverine
and--name deadpool
: Names the containers.-it busybox sh
: Runs thebusybox
image with an interactive shell.
Docker automatically assigns IP addresses to these containers, so you don’t have to worry about manual configuration.
5. Inspecting the Network and Containers
To check if everything was set up correctly, I inspected the network. Here’s how it looked:
sudo docker network inspect mutants
The output showed that both containers were on the mutants
network with automatically assigned IP addresses:
jsonCopy code{
"Name": "mutants",
"Id": "fd45c9c68302cd70ef12b1785bae82bf67f99f9b5821db648d14388431ee7936",
"Created": "2024-08-16T20:12:40.374345592+05:30",
"Scope": "local",
"Driver": "ipvlan",
"IPAM": {
"Driver": "default",
"Config": [
{
"Subnet": "192.168.10.0/24"
}
]
},
"Containers": {
"5a5d5d1e3bb842f58f0e6f4138713fb7239635d0b6650c8696e76824543cb0cf": {
"Name": "wolverine",
"EndpointID": "16839c03b4f942957f11c8200f31fca4de23600241522866696661ece910cea0",
"IPv4Address": "192.168.10.2/24"
},
"5cb85091e907636beff3b1faa68fd22dec77e43ff4aa34815206a570fe459be2": {
"Name": "deadpool",
"EndpointID": "f7df8a04f248769e846da4ddec37445af8756be7f6313c168c5a0db1cd3adf02",
"IPv4Address": "192.168.10.3/24"
}
}
}
6. Challenges with pfSense network rules
Here’s where things got a bit tricky. Our company uses pfSense, and it has some network rules that prevent multiple containers from having the same MAC address. Since IPvlan mode doesn’t support custom MAC address assignment, each container on the mutants
network needed a unique MAC address. This was in line with pfSense’s policies, which avoid MAC address duplication.
7. Conclusion
Setting up an IPvlan network and deploying containers on it can be a great way to simplify network management and provide direct access. However, it’s important to be aware of any network policies or constraints that might impact your setup, like those from pfSense. Understanding these can help you plan and configure your Docker networks more effectively.
If you’ve had similar experiences or have any questions about Docker networks and pfSense, feel free to drop a comment or reach out!