I'll try again
I have this simple simulated configuration. OpenWRT has three relevant interfaces:
- vlan60 is eth0.60, is set up as a VLAN
- vlan70 is eth0.70, is set up as a MACVLAN
- vlan80 is eth0.80, is set up as an IPVLAN
Each is set up with a DHCP server, giving away addresses in 10.xx.xx.0/24.
I also have a machine that also has three relevant interfaces, each acts as a DHCP client:
- eth60 is eth0.60
- eth70 is eth0.70
- eth80 is eth0.80
DHCP isn't required, but it's the easiest way to check connectivity.
So when I boot my second machine is shows me this (loopback & eth0 omitted):
3: eth60@if109: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 9e:d6:2d:8f:0a:e5 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.60.60.245/24 metric 1024 brd 10.60.60.255 scope global dynamic eth60
valid_lft 43188sec preferred_lft 43188sec
4: eth70@if113: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether c6:ef:54:85:12:23 brd ff:ff:ff:ff:ff:ff link-netnsid 0
5: eth80@if117: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 9a:86:ba:31:3f:25 brd ff:ff:ff:ff:ff:ff link-netnsid 0
In other words, VLAN interface is reachable from my local network, but neither MACVLAN nor IPVLAN are, despite having also been set up as VLANs.
So my question: is this the expected behavior? And if not, how do I fix this?
Here is my
I'm by no means an expert so take it with a grain of salt.
But only the VLAN60 device is of type
VLAN (802.1q), device VLAN70 is of type
MAC VLAN and device VLAN80 is of type
ipvlan (is that a real type?).
Personally I'd set all three to
option type '8021q', that's the only type of VLAN I work with.
Forget what I wrote, I guess you know what you are doing with the different types of VLAN and with that I'm out of my depth since I know of only two types of VLAN, 802.1q and 802.1ad.
I dont get it how u espect a macvlan to host dhcp server when
Macvlan is a virtual LAN that you can use if you want to assign several IP addresses to the same network interface, basically splitting up the network interface into several sub-interfaces with their own IP addresses. You can then assign IP addresses based on the randomly generated MAC addresses.
And they are ment to be used with a parent interface, lets say you want your wan to get several public ip addresses you use macvlan to do that.
The same story with ipvlan, its used as L3 wich allows multiple IP addresses to be associated with a single physical interface, while each virtual interface will have its own unique IP address and share the same mac address as the parent interface
And the last is just the normal vlan wich is used to isolate trafic betwean networks, sharing the same physical network
VLAN60 is only there to show that the system is configured properly. Yes, it is a normal VLAN.
As I said in the very beginning, DHCP is simply the easiest way to check for connectivity. No DHCP = no connectivity.
Suppose docker (using MACLAN) creates a docker network that has its parent interface defined as eth0.70. In this setup, it should be part of VLAN70. Well, it isn't - no device in the VLAN with tag 70 can communicate with docker-created IP addresses in this network. I am trying to understand why.
This is just dont posible becuse vlan 70 its a macvlan, macvlan needs a parent physical interface to route trafic through
|| the docker to internet
| macvlan |
/_ the brige betwean the physical interface and the macvlan
| the physical port |
| + the macvlan | ↓ to the rest of the network
/_ the physical connection
| evry other device: |
| see them as sepparete devices |
You just dosent understand how the macvlan and the ipvlan work
I didn't understand a word you just said, sorry.
In shorts difrent types ov vlans are used for difrent aplications ipvlan and macvlan are used as client vlans they are not ment to host a dhcp server
Wether in VLAN (802.1q) its ment for server side, and client side it isoletes the physical network in to logical separetion
I've been playing some more with my test setup.
After tweaking it (and discovering a bug in my configuration), I managed to make it work - sorta.
After fixing a bug, I discovered that if I just leave the IPVLAN part (for clarity), it actually works - the client machine receives an address in vlan80! So an IPVLAN network created in OpenWRT and using a vlan=80 is visible to other machines in the same VLAN (as opposed to a MACVLAN setup).
option type 'ipvlan'
option ifname 'eth1'
option mode 'bridge'
option name 'eth1.80'
option ipv6 '0'
config interface 'vlan80'
option proto 'static'
option device 'eth1.80'
option ipaddr '10.80.80.1'
option netmask '255.255.255.0'
option force_link '0'
So I disabled DHCP on that interface (since docker uses its own), then in docker, I created an IPVLAN docker-network using
parent: eth1.80, and created a
whoami container using this same IPVLAN docker network, with an address 10.80.80.201.
- subnet: 10.80.80.0/24
The client machine that uses the same vlan=80 can ping it, and curl works.
However, the host machine (OpenWRT, running docker) can't access the container. Need to dig into it some more, but it's progress!
You are using ipvlan as normal vlan?