Problem: my macvlan isn't acting like a vlan.
Let me explain:
- I have VLAN30 configured on an OpenWRT machine, DHCP configured:
config:
config device
option type '8021q'
option ifname 'eth0'
option vid '30'
option name 'eth0.30'
option ipv6 '0'
option macaddr '02:11:32:2E:5F:DC'
config interface 'IoT'
option proto 'static'
option device 'eth0.30'
option netmask '255.255.255.0'
option ipaddr '10.30.30.1'
- I also have device with statically assigned IP address in this network:
- I'm using Hyper-V VMs for testing. One has two interfaces, the second one tagged with VLAN=30:
It gets IP from the DHCP server, no problem:
13:53:26 chuck@u-metal:~$ ip a|grep eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 10.30.30.133/24 brd 10.30.30.255 scope global dynamic noprefixroute eth1
- Now I do traceroute and everything is as it should be: no routing since they are all in the same vlan.
13:53:30 chuck@u-metal:~$ traceroute 10.30.30.1
traceroute to 10.30.30.1 (10.30.30.1), 64 hops max
1 10.30.30.1 1,639ms 0,390ms 0,668ms
13:53:55 chuck@u-metal:~$ traceroute 10.30.30.10
traceroute to 10.30.30.10 (10.30.30.10), 64 hops max
1 10.30.30.10 2,170ms 1,647ms 1,562ms
- Ping works as well:
13:53:57 chuck@u-metal:~$ ping 10.30.30.10
PING 10.30.30.10 (10.30.30.10) 56(84) bytes of data.
64 bytes from 10.30.30.10: icmp_seq=1 ttl=64 time=2.40 ms
64 bytes from 10.30.30.10: icmp_seq=2 ttl=64 time=2.06 ms
64 bytes from 10.30.30.10: icmp_seq=3 ttl=64 time=2.04 ms
^C
--- 10.30.30.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 2.041/2.167/2.401/0.165 ms
-
To summarize, VLAN30 is set up, and my VM running under Hyper-V communicates normally with it. There are no network issues.
-
Now I also have a MACVLAN set up on my OpenWRT machine, no DHCP:
here's the config:
config interface 'mydocker'
option proto 'static'
option device 'eth0.40'
option ipaddr '10.40.40.1'
option netmask '255.255.255.0'
config device
option type 'macvlan'
option ifname 'eth0'
option mode 'bridge'
option name 'eth0.40'
option acceptlocal '1'
option ipv6 '0'
option macaddr '82:ff:00:00:00:DC'
Note it has 'eth0.40' as a parent.
- I run docker on OpenWRT, and create a bunch of containers:
These containers are visible from LAN (same firewall zone).
The docker network serving these containers (note the parent - eth0.40):
root@openwrt-synology:~# docker network inspect mystack_default
[
{
"Name": "mystack_default",
"Id": "446e6ef5975368bd205075da2c4d625faf559cc03de3fdc7804d331f41a611ae",
"Created": "2023-02-13T18:31:53.028069933Z",
"Scope": "local",
"Driver": "macvlan",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "10.40.40.0/24",
"Gateway": "10.40.40.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"42cf3816441753e49268292f35f4ddaabea616a573c6d74f7e598a411daa2f2d": {
"Name": "hello",
"EndpointID": "bc7e8dd285588586598f3ccea36cd2307dcbc841202e269afb07f74baf6f32ac",
"MacAddress": "02:42:0a:28:28:cb",
"IPv4Address": "10.40.40.203/24",
"IPv6Address": ""
},
"4a2afa0e607c0632e8361afb98fc24d4fc88f89b52ce9458bbf12dd79aa4f4e2": {
"Name": "blocky",
"EndpointID": "5d79b594ca883fdf4ecf25710a8ceebd5c9c608e5aa32e98e0c1a7286e6c788d",
"MacAddress": "02:42:0a:28:28:c9",
"IPv4Address": "10.40.40.201/24",
"IPv6Address": ""
},
"b5464104869210134b5d4fed1178502b69a60b0c3e20993f72afadc1d45cd178": {
"Name": "traefik",
"EndpointID": "247e78e623ff93977727e8723b09748edb598c1920ac1a144774c9085cff8a87",
"MacAddress": "02:42:0a:28:28:c8",
"IPv4Address": "10.40.40.200/24",
"IPv6Address": ""
},
"c92f3c282309b306e9d6b9dd1074cd9c3c38f1ca70578551bd0a1e76078c9163": {
"Name": "whoami",
"EndpointID": "21afdb0695a8d0764b5d94a2562fb3e62256b06a34f6fe01295cd99adaaab033",
"MacAddress": "02:42:0a:28:28:ca",
"IPv4Address": "10.40.40.202/24",
"IPv6Address": ""
}
},
"Options": {
"parent": "eth0.40"
},
"Labels": {
"com.docker.compose.network": "default",
"com.docker.compose.project": "mystack",
"com.docker.compose.version": "2.15.1"
}
}
]
- Now back to my Hyper-V VM, I change tagging from 30 to 40:
-
Now I expected to get the same as with vlan30 - direct access to containers in vlan40. However, it's not the case.
-
The interface is there:
14:00:07 chuck@u-metal:~$ ip a|grep eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:15:5d:0e:cb:11 brd ff:ff:ff:ff:ff:ff
And it doesn't have an IP address, as expected - vlan40 doesn't have a DHCP server.
- I assign an address:
14:02:14 chuck@u-metal:~$ sudo ip address add 10.40.40.88/24 dev eth1
14:04:52 chuck@u-metal:~$ ip a|grep eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:15:5d:0e:cb:11 brd ff:ff:ff:ff:ff:ff
inet 10.40.40.88/24 scope global eth1
valid_lft forever preferred_lft forever
Routing appears:
14:05:34 chuck@u-metal:~$ ip r
default via 192.168.11.1 dev eth0 proto dhcp metric 100
10.40.40.0/24 dev eth1 proto kernel scope link src 10.40.40.88
******
But traceroute doesn't work, neitheter does ping:
traceroute 10.40.40.201
traceroute to 10.40.40.201 (10.40.40.201), 64 hops max
1 * 10.40.40.88 63,354ms !H 0,003ms !H
What am I missing? Does the macvlan on OpenWRT behave in some special manner so that VLAN isn't functioning?
I want to be able to have multiple docker machines in my network, all talking via the same VLAN.
P.S. I got the idea from this article. Everything works as described in it, but I want more 