0

When I tried to connect macvlan to the internet and it was not successful. I used namespace to accomplish that. I also checked the comments on this question - How to connect macvlan to the internet?

I have EC2 (Ubuntu 20.04) virtual machine of AWS, where I executed the following commands:

sudo ip netns add net1;
sudo ip link add macvlan1 link eth0 type macvlan mode bridge;
sudo ip link set macvlan1 netns net1;
sudo ip netns exec net1 ip address add 172.31.20.45 peer 172.31.16.1/32 dev macvlan1;
sudo ip netns exec net1 ip link set macvlan1 up; sudo ip netns exec net1 ip link set lo up;
sudo ip netns exec net1 ip route add default via 172.31.16.1;
sudo ip netns exec net1 su -c "screen";

Trying to ping DNS server of Google from the namespace (connect to the internet)

root@aws:/home/meliwex# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 172.31.20.45 icmp_seq=1 Destination Host Unreachable

Trying to ping the gateway

root@aws:/home/meliwex# ping 172.31.16.1
PING 172.31.16.1 (172.31.16.1) 56(84) bytes of data.
From 172.31.20.45 icmp_seq=1 Destination Host Unreachable

Output of ifconfig in the host (I keep the output simple):

docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9001
        inet 172.31.20.45  netmask 255.255.240.0  broadcast 172.31.31.255
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0

The routing table of the host:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.31.16.1     0.0.0.0         UG    100    0        0 eth0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
172.31.16.0     0.0.0.0         255.255.240.0   U     0      0        0 eth0
172.31.16.1     0.0.0.0         255.255.255.255 UH    100    0        0 eth0

Output of ifconfig in the namespace (I keep the output simple):

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
macvlan1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9001
        inet 172.31.20.45  netmask 255.255.255.255  broadcast 0.0.0.0

The routing table of the namespace:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.31.16.1     0.0.0.0         UG    0      0        0 macvlan1
172.31.16.1     0.0.0.0         255.255.255.255 UH    0      0        0 macvlan1

So is it possible to fix this?

Hayk
  • 1
  • what is the business related question or issue you are facing? – djdomi Apr 09 '22 at 11:14
  • @djdomi I just wanted to test "macvlan" network driver in Docker, but when I tested I faced the problem that the container cannot connect to the internet. – Hayk Apr 10 '22 at 17:06
  • yoz did not answer the question i had – djdomi Apr 10 '22 at 19:36
  • @djdomi the issue is that the container in "macvlan" network cannot connect to computers in my physical network (ping doesn't work) In the documentation of "macvlan" network driver (https://docs.docker.com/network/macvlan/) it says: you can use the macvlan network driver to assign a MAC address to each container’s virtual network interface, making it appear to be a physical network interface directly connected to the physical network. I just wanted to test whether I can mask my host's MAC by using Docker container in my physical network. – Hayk Apr 11 '22 at 07:12
  • You should try the same test outside of AWS to validate it doesn't come from your system. It's quite possible the AWS environment restricts the use of MAC addresses. – A.B Apr 11 '22 at 11:35

0 Answers0