# 使用MacVlan(建議使用) VirtualBox使用注意,需開啟橋接網路混雜模式
``` sudo modprobe macvlan sudo ip link set enp0s3 promisc on ifconfig enp3s0 enp3s0: flags=4355 mtu 1500 ether a8:1e:84:35:9f:fe txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 docker network create -d macvlan --subnet 192.168.43.0/24 --gateway 192.168.43.1 -o parent=enp0s3 -o macvlan_mode=bridge macnet docker network ls docker run -id --net macnet --ip 192.168.43.5 --name c1 busybox sh # 查看容器IP $ docker exec c1 ip a ``` macvlan是kernel的模組 \ 192.168.43.0/24是宿主機所在網段\ 192.168.43.1是gateway\ enp3s0是宿主機接入192.168.43.0/24的網路介面 容器主機上使用enp3s0網卡創建一個192.168.43.0網段的macvlan網絡,macvlan驅動實際上是利用的Linux macvlan內核驅動,這意味著這樣子運行的容器,網路通訊將會直接送到下層vlan。這是目前最高網路效率的驅動。這裡沒有NAT,沒有端口映射,通訊直接通過VLAN送出。 ![](/files/-LkMLzF0HhwI1K3kgzsZ) ![](/files/-LkMM9TY6m3wPAk4PzVU) 容器可以接通往機網路,也能被網際網路access,但是ping HOST機卻不通 ``` docker exec c1 ping -c3 192.168.43.65(HOST IP) PING 192.168.43.65 (192.168.43.65): 56 data bytes --- 192.168.43.65 ping statistics --- 3 packets transmitted, 0 packets received, 100% packet loss ``` 移除舊 macnet 的 docker network ![](/files/-LkRs5veCv4neAZyUQ1X) ``` sudo modprobe macvlan sudo ip link set enp0s3 promisc on #建立新的macvlan network docker network create -d macvlan --subnet 192.168.43.0/24 --gateway 192.168.43.1 --ip-range 192.168.43.192/27 --aux-address 'host=192.168.43.65' -o parent=enp0s3 -o macvlan_mode=bridge macnet sudo ip link add serverFarm link enp0s3 type macvlan mode bridge sudo ip link set serverFarm up sudo ip route add 192.168.43.192/27 dev serverFarm docker run -id --net macnet --name c1 busybox sh docker exec c1 ping 192.168.43.65 sudo apt install sipcalc #計算CIDR可用IP範圍 sipcalc 192.168.43.192/27 Usable range - 192.168.43.193 - 192.168.43.222 #指定容器使用的IP(需在 192.168.43.192/27 範圍中) docker run -id --net macnet --ip 192.168.43.195 --name c2 busybox sh ``` ![](/files/-LkRwRjHU0VDNF5XOyRZ) 請注意,此處顯示的接口和路由配置不是永久性的 - 如果您要重新啟動主機,則會丟失。如何使其持久化取決於分發。 {% file src="/files/-LkSSEo1x16FexXq7mOE" %} 啟用以個對外服務的nginx站台 ``` docker run -id --net macnet --ip 192.168.43.199 --name nginx nginx ``` ![](/files/-LkSW6956-N8lNJT1c4F) ## 透過 portainer 可以看資源使用狀況 ![](/files/-LkS_-EGKWBnu8KW3fsc) ## 如何開機啟動 ``` sudo nano /etc/rc.local #!/bin/sh card=enp0s3 serverFarmRange=192.168.43.192/27 sudo modprobe macvlan sudo ip link set $card promisc on sudo ip link add serverFarm link $card type macvlan mode bridge sudo ip link set serverFarm up sudo ip route add $serverFarmRange dev serverFarm exit 0 ``` ## 如何加入IPv6 #### IPv6 Macvlan Bridge Mode **Example:** Macvlan Bridge mode, Dual Stack ``` docker network create -d macvlan \ --subnet=192.168.43.0/24 \ --gateway=192.168.43.1 \ --subnet=2001:db8:abc8::/64 --gateway=2001:db8:abc8::10 -o parent=enp0s3 \ -o macvlan_mode=bridge macvlandualstack ``` * Macvlan是Linux的核心支持的網路接口。要求的Linux的核心版本是v3.9-3.19和4.0+。 * 通過為物理網卡創建Macvlan子接口,允許一塊物理網卡擁有多個獨立的MAC地址和IP地址。虛擬出來的子接口將直接暴露在底層物理網路中。從外界看來,就像是把網線分成多股,分別接到了不同的主機上一樣 * Macvlan有四種工作模式:Private、VEPA、Bridge和Passthru。最常用和預設的模式是Bridge模式。 * 物理網路界面收到封包,依據收到包的目的MAC地址判斷這個封包需要交给哪個虛擬網路界面 ![](/files/-LkMdC-Gwa8zWPcH5etB) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://kawsing.gitbook.io/opensystem/docker-cong-an-zhuang-dao-ying-yong-ru-men-pian/shi-yong-macvlan.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.