By default, each macvlan can communicate with each other, but cannot communicate with the host! !
Main reason: Intercommunication is prohibited for security reasons
For example, if the host pings the IP of the container, even though they belong to the same network segment, they cannot be pinged, and vice versa.
Here are two examples to illustrate how to solve this problem.
Example one
环境说明:
宿主机: 10.0.1.80
容器:10.0.1.2
虚拟 IP(做路由实现通信):10.0.1.8
宿主机物理网卡名称:ens33
# 添加一个虚拟接口桥接到物理网卡
ip link add macvlan-proxy link ens33 type macvlan mode bridge
# 给虚拟接口配置ip
ip addr add 10.0.1.8/32 dev macvlan-proxy
# 启用虚拟接口
ip link set macvlan-proxy up
# 添加到容器网络的静态路由规则
ip route add 10.0.1.2/32 dev macvlan-proxy
此时,就可以实现宿主机和容器通信了
使用 ifconfig 查看是否有 macvlan-proxy 的网卡出现。
使用 route -n 查看是否有相关路由出现
10.0.1.2 0.0.0.0 255.255.255.255 UH 0 0 0 macvlan-proxy
使用 ping 直接测试Example two
环境说明:
宿主机网络:192.168.100.100
容器网络:172.20.0.0/16
虚拟IP:172.20.1.2/16
宿主机物理网卡:ens32
ip link add macvlan-proxy link ens32 type macvlan mode bridge
ip addr add 172.20.1.2/16 dev macvlan-proxy
ip link set macvlan-proxy up
ip route add 172.20.1.2/16 dev macvlan-proxy
此处容器网络和宿主机不同网段,宿主机通过虚拟IP和容器网络进行通信
另一种方式:
环境说明:
宿主机网络:192.168.100.100
容器网络:172.20.0.0/16
虚拟IP:192.168.100.110/32
宿主机物理网卡:ens32
ip link add macvlan-proxy link ens32 type macvlan mode bridge
ip addr add 192.168.100.110/32 dev macvlan-proxy
ip link set macvlan-proxy up
ip route add 172.20.1.2/16 dev macvlan-proxyReferences:
Solve the communication problem between Docker macvlan network and host machine