Scribd
Upload
274 views7 pages

Assign External Network Public or Private IP Address To Docker Container Without Port Binding

This document discusses assigning external network IP addresses to Docker containers without port binding by using Linux bridges and macvlan networking. It describes creating virtual network interfaces with different MAC addresses on the host system and using them to set up macvlan networks for Docker. This allows assigning both local private and public IP addresses directly to containers, providing access between containers on different Docker hosts without port bindings.

Uploaded by

Saminadane Thiyagarajan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
274 views7 pages

Assign External Network Public or Private IP Address To Docker Container Without Port Binding

This document discusses assigning external network IP addresses to Docker containers without port binding by using Linux bridges and macvlan networking. It describes creating virtual network interfaces with different MAC addresses on the host system and using them to set up macvlan networks for Docker. This allows assigning both local private and public IP addresses directly to containers, providing access between containers on different Docker hosts without port bindings.

Uploaded by

Saminadane Thiyagarajan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

ASSIGN EXTERNAL NETWORK PUBLIC OR PRIVATE IP ADDRESS TO DOCKER

CONTAINER WITHOUT PORT BINDING

Using the default docker0 Bridge and the port mapping works for most of the scenarios, but not all the
scenarios, for example, you want to put all the docker containers in a flat network to provide full-access
between the containers on different docker hosts. There are several ways to configure the docker multi-
host networking.

In this post will cover one of these ways: using Linux bridge to directly bridge the docker containers to
the external network.

1- Verify Docker Version & Services

[root@lb-01 ~]# docker –v

Docker version 1.12.6, build ec8512b/1.12.6

[root@lb-01 ~]# systemctl status docker

2- Enable IPv4 Forwarding

[root@lb-01 ~]# vim /etc/sysctl.conf

net.ipv4.ip_forward = 1

Note- We are setting up a Linux router/gateway or maybe a VPN server (pptp or ipsec) or just a plain
dial-in server then we will need to enable forwarding.
[root@lb-01 ~]# sysctl –p

net.ipv4.ip_forward = 1  Output

3- Macvlan

For this we are using macvlan based connectivity with macvlan bridge mode.

MACVLAN creates multiple virtual network interfaces with different MAC addresses. This way if your
system has multiple IP addresses with MAC addresses then we can create multiple virtual network
interfaces each having their own IP address and MAC address.

MACVLAN doesn’t need to learn(identify) mac addresses of the systems within the network to distribute
traffic as it know’s every mac address, this makes it fast and easy to setup than bridge type networking.

Disadvantage of Port Binding-


 If a container uses port 8000 of host then no other containers can use that port.
 Binding multiple ports to container can be done by specifying port range but this operation
takes more time depending on no. of ports to bind.
 IPTables rules become cumbersome as no. of bindings increase.

Advantages of MACVLAN-
 IPTables aren’t affected.
 No port binding.
 Easy to setup.
 Faster than bridge networking.

4- First confirming that your Linux distribution has support for macvlan interfaces.

[root@lb-01 ~]# lsmod | grep macvlan

5- Verify Network Interfaces And Create virtual interfaces with different MAC addresses

[root@lb-01 ~]# ifconfig


Above output display available network interfaces (docker01 and eno1) on server and this network
interfaces already use….

Now we are creating virtual interfaces (eno1.1 for local ip and eno1.2 for public ip) with different mac
address (define any mac address) for macvlan bridge connection..

[root@linux-lb1 ~]# ip link add link eno1 address 08:00:27:f9:d6:c1 eno1.1 type macvlan

[root@linux-lb1 ~]# ip link add link eno1 address 08:00:27:f9:d6:c3 eno1.2 type macvlan

Check network interface (eno1.1 and ano1.2) created or not..

[root@lb-01 ~]# ifconfig eno1.1

[root@lb-01 ~]# ifconfig eno1.2

Create network interface (eno1.1 and eno1.2) file in (/etc/sysconfig/network-scripts/) Directory.

[root@lb-01 ~]# cd /etc/sysconfig/network-scripts/

[root@lb-01 network-scripts]# vim ifcfg-eno1.1

DEVICE=eno1.1
BOOTPROTO=none
ONBOOT=yes
NM_CONTROLLED=no
TYPE=macvlan
[root@lb-01 network-scripts]# vim ifcfg-eno1.2

DEVICE=eno1.2
BOOTPROTO=none
ONBOOT=yes
NM_CONTROLLED=no
TYPE=macvlan

[root@lb-01 network-scripts]# systemctl restart network

6- Creating MACVLAN network

In my Scenario-

Virtual Interface IP Public / Private Network Name Docker Container Name


eno1.1 172.16.10.24/16 Macvlan-Local Local-IP-Con
eno1.2 59.180.229.222/24 Macvlan-Public Public-IP-Con

Example-1 Create a macvlan network and assign local ip address to container

[root@lb-01 ~]# docker network create -d macvlan --subnet=172.16.10.0/16 --ip-


range=172.16.10.24/16 --gateway=172.16.10.10 -o macvlan_mode=bridge -o parent=eno1.1
Macvlan-Local

Verify docker network

[root@lb-01 ~]# docker network ls

‘Macvlan-Local’ docker network successfully created.

Running docker container with ‘Macvlan-Local’ network and ip 172.16.10.24.

[root@lb-01 ~]# docker run --name Local-IP-Con --net=Macvlan-Local --ip 172.16.10.24 -tid
ubuntu:14.04
Verify Docker Container and IP Address accessible form outside or not.

[root@lb-01 ~]# docker ps

[root@lb-01 ~]# docker exec -it c1074f65b191 bash

root@c1074f65b191:/# ifconfig eth0

root@c1074f65b191:/# ping 172.16.10.10  Verify Gateway – Check Ping

Verify from outside in local ip range network.


Now this container u can access anywhere in the private network range..

Example-2 Create a macvlan network and assign public ip address to container (Follow above setup )

[root@lb-01 ~]# docker network create -d macvlan --subnet=59.180.229.0/24 --ip-


range=59.180.229.222/24 --gateway=59.180.229.217 -o macvlan_mode=bridge -o parent=eno1.2
Macvlan-Public

Verify Docker Network

[root@lb-01 ~]# docker network ls

Running docker container with ‘Macvlan-Public’ network and ip 59.180.229.222.

Note- In This Example we r creating nginx container and verify access from anywhere.

[root@lb-01 ~]# docker run --name Public-IP-Con --net=Macvlan-Public --ip 59.180.229.222 -tid nginx

[root@lb-01 ~]# docker ps

[root@lb-01 ~]# docker exec -it bcdd781624be bash

root@bcdd781624be:/# hostname –I  Check IP Address


59.180.229.222
Now nginx container with ip ’59.180.229.222’ successfully running.

You can verify by hitting ‘59.180.229.222’ where you will be welcomed with nginx page.

Successfully Assigned The External Public Ip and Local Ip Address to Docker Container..!!

Reference- Ashutosh
https://github.com/docker/libnetwork/blob/master/docs/macvlan.md

You might also like