Deploying Docker Containers on an IPvlan Network

Pratyukt WritesPratyukt Writes
4 min read

Table of contents

Introduction

Hey there! If you’ve been exploring Docker and its networking modes, you might have come across the IPvlan network driver. It’s pretty cool and can simplify some complex networking scenarios. Today, I’m going to walk you through setting up an IPvlan network and deploying two containers on it using MARVEL comics characters where Wolverine and Deadpool are both Mutants so they will be in "Mutant" network. Plus, I’ll share some challenges I faced due to pfSense, our company’s firewall setup. Let’s dive in!

1. Introduction

Docker’s networking options are pretty diverse, and one of the standout modes is IPvlan. It lets containers connect directly to the host’s network, making them appear as if they’re on the same physical network. This can be super handy for certain setups. In this post, I’ll guide you through creating an IPvlan network and deploying two containers—Wolverine and Deadpool. Along the way, I’ll also explain the difference between IPvlan and the default bridge network driver.

2. Bridged vs. IPvlan Networks

Let’s break down how bridge and ipvlan networks stack up:

  • Bridge Network:

    • Default Mode: This is Docker’s go-to networking mode.

    • Private Network: Creates a private network on your host for containers.

    • Limited Access: Containers get IPs from a private subnet and need port forwarding to talk to the outside world.

    • Simple Setup: Great for basic use, but might not cover all your needs.

  • IPvlan Network:

    • Direct Access: Gives containers a direct line to the host’s network interface.

    • No NAT: Containers are directly reachable, which makes network management a bit smoother.

    • Same Network as Host: Containers look like they’re on the same network as the host, which can simplify things.

    • Advantages:

      • Smoother Networking: No need for NAT, which means less hassle with IP addressing and routing.

      • Direct Communication: Containers can chat with other devices on the same network just like physical devices.

      • Better Performance: Potentially quicker network performance since there’s no middleman.

    • Limitations:

      • No Custom MAC Addresses: IPvlan doesn’t let you set custom MAC addresses. If your network needs unique MACs, IPvlan might not be the best fit.

3. Creating the IPvlan Network

To get started, I created an IPvlan network called mutants. Here’s how you can set up an IPvlan network:

sudo docker network create --driver ipvlan --subnet=192.168.10.0/24 mutants

This command:

  • Uses ipvlan as the network driver.

  • Sets up the subnet as 192.168.10.0/24.

  • Names the network mutants.

4. Deploying the Containers

With the network ready, it’s time to run some containers! I deployed two containers—Wolverine and Deadpool—on the mutants network. Docker takes care of assigning IP addresses automatically. Here’s how I did it:

sudo docker run --net mutants --name wolverine -it busybox sh
sudo docker run --net mutants --name deadpool -it busybox sh

In these commands:

  • --net mutants: Connects the containers to the mutants network.

  • --name wolverine and --name deadpool: Names the containers.

  • -it busybox sh: Runs the busybox image with an interactive shell.

Docker automatically assigns IP addresses to these containers, so you don’t have to worry about manual configuration.

5. Inspecting the Network and Containers

To check if everything was set up correctly, I inspected the network. Here’s how it looked:

sudo docker network inspect mutants

The output showed that both containers were on the mutants network with automatically assigned IP addresses:

jsonCopy code{
    "Name": "mutants",
    "Id": "fd45c9c68302cd70ef12b1785bae82bf67f99f9b5821db648d14388431ee7936",
    "Created": "2024-08-16T20:12:40.374345592+05:30",
    "Scope": "local",
    "Driver": "ipvlan",
    "IPAM": {
        "Driver": "default",
        "Config": [
            {
                "Subnet": "192.168.10.0/24"
            }
        ]
    },
    "Containers": {
        "5a5d5d1e3bb842f58f0e6f4138713fb7239635d0b6650c8696e76824543cb0cf": {
            "Name": "wolverine",
            "EndpointID": "16839c03b4f942957f11c8200f31fca4de23600241522866696661ece910cea0",
            "IPv4Address": "192.168.10.2/24"
        },
        "5cb85091e907636beff3b1faa68fd22dec77e43ff4aa34815206a570fe459be2": {
            "Name": "deadpool",
            "EndpointID": "f7df8a04f248769e846da4ddec37445af8756be7f6313c168c5a0db1cd3adf02",
            "IPv4Address": "192.168.10.3/24"
        }
    }
}

6. Challenges with pfSense network rules

Here’s where things got a bit tricky. Our company uses pfSense, and it has some network rules that prevent multiple containers from having the same MAC address. Since IPvlan mode doesn’t support custom MAC address assignment, each container on the mutants network needed a unique MAC address. This was in line with pfSense’s policies, which avoid MAC address duplication.

7. Conclusion

Setting up an IPvlan network and deploying containers on it can be a great way to simplify network management and provide direct access. However, it’s important to be aware of any network policies or constraints that might impact your setup, like those from pfSense. Understanding these can help you plan and configure your Docker networks more effectively.

If you’ve had similar experiences or have any questions about Docker networks and pfSense, feel free to drop a comment or reach out!

0
Subscribe to my newsletter

Read articles from Pratyukt Writes directly inside your inbox. Subscribe to the newsletter, and don't miss out.

ipvlanDevopsDockernetworkingNetwork EngineeringcontainersTechnical Blogging#DockerTips hashtag#Containerization hashtag#DevOps hashtag#DockerTricks hashtag#ContainerManagement hashtag#DockerInsights hashtag#TechHacks hashtag#DevCommunity hashtag#CodeOptimization hashtag#InfrastructureAsCode hashtag#ContainerSecurity hashtag#ContinuousIntegration hashtag#TechInnovation hashtag#ProgrammingTips hashtag#DeveloperLife

Written by

Pratyukt Writes
Pratyukt Writes