Using IPvlan network in Docker

IPvlan driver memberikan kontrol penuh kepada operator atas pengalamatan IPv4 dan IPv6 dengan 2 mode yang dapat digunakan yaitu ipvlan_mode=l2 dan ipvlan_mode=l3.

Jika Anda menggunakan 2 host docker, IPvlan ini dapat Anda gunakan untuk menghubungkan beberapa container pada 2 host yang berbeda tanpa perlu menggabungkan setiap host docker ke swarm.

IPvlan L2 mode

Topologi yang digunakan.

flowchart BT
	A["docker host\n192.168.12.0/28"] o--o|ens160| B(["network router\n192.168.12.1/28"])
    C("alfa1\n192.168.12.7/24") o--o|net-pub| A 
    D("alfa2\n192.168.12.8/24") o--o|net-pub| A

Buat network

docker network create -d ipvlan --subnet 192.168.12.0/28 \ 
--gateway 192.168.12.1 \ 
-o ipvlan_mode=l2 -o parent=ens160 net-pub
-o ipvlan_mode= Defaults ke mode L2 jika tidak ditentukan

Selanjutnya buat container alfa1 dan alfa2

docker run -dit --name alfa1 --network net-pub --ip 192.168.12.7 alpine ash
docker run -dit --name alfa2 --network net-pub --ip 192.168.12.8 alpine ash

Masuk ke terminal alfa1 lalu coba ping alfa2

/ # ping -c4 192.168.12.8
PING 192.168.12.8 (192.168.12.8): 56 data bytes
64 bytes from 192.168.12.8: seq=0 ttl=64 time=0.134 ms
64 bytes from 192.168.12.8: seq=1 ttl=64 time=0.137 ms
64 bytes from 192.168.12.8: seq=2 ttl=64 time=0.134 ms
64 bytes from 192.168.12.8: seq=3 ttl=64 time=0.132 ms

/ # ping -c4 alfa2
PING alfa2 (192.168.12.8): 56 data bytes
64 bytes from 192.168.12.8: seq=0 ttl=64 time=0.067 ms
64 bytes from 192.168.12.8: seq=1 ttl=64 time=0.142 ms
64 bytes from 192.168.12.8: seq=2 ttl=64 time=0.136 ms
64 bytes from 192.168.12.8: seq=3 ttl=64 time=0.162 ms

Ping ke arah router

/ # ping -c4 192.168.12.1
PING 192.168.12.1 (192.168.12.1): 56 data bytes
64 bytes from 192.168.12.1: seq=0 ttl=64 time=1.382 ms
64 bytes from 192.168.12.1: seq=1 ttl=64 time=1.504 ms
64 bytes from 192.168.12.1: seq=2 ttl=64 time=1.329 ms
64 bytes from 192.168.12.1: seq=3 ttl=64 time=1.313 ms

Cara diatas juga bisa Anda gunakan untuk menghubungkan container pada host docker yang berbeda.

Contoh topologi

flowchart BT
A([network gateway\n192.168.12.1/28])
B[docker host #1\n192.168.12.0/28] o--o|ens160| A 
C[docker host #2\n192.168.12.0/28] o--o|ens160| A 
D(alfa\n192.168.12.7/24) o--o|net-pub| B
E(beta\n192.168.12.8/24) o--o|net-pub| C

Pastikan opsi -o parent= diisi oleh ethernet yang mengarah ke router atau gateway.

IPvlan 802.1q trunk L2 mode

Topologi yang digunakan

flowchart TD
	250149["alfa10\n10.10.10.5/24"] o--o|net-vlan10| 616196["docker host #1\nens160"]
	481520["alfa20\n20.20.20.5/24"] o--o|net-vlan20| 616196
	616196 o---o|vlan10| 876359["docker host #2"]
    616196 o---o|vlan20| 876359
	876359 o--o|net-vlan10| 130970["beta10\n10.10.10.6/24"]
	876359 o--o|net-vlan20| 234464["beta20\n20.20.20.6/24"]

Create VLAN

Esekusi perintah pada kedua host docker

Buat interface vlan10 dan vlan20

sudo ip link add link ens224 name vlan10 type vlan id 10
sudo ip link add link ens224 name vlan20 type vlan id 20
ens224 merupakan interface yang terhubung ke docker host #2 dan juga untuk melewatkan vlan

Aktifkan inteface vlan

sudo ip link set vlan10 up
sudo ip link set vlan20 up

Selanjutnya buat network docker

docker network create -d ipvlan --subnet 10.10.10.0/24 --gateway 10.10.10.1 -o ipvlan_mode=l2 -o parent=vlan10 net-vlan10
docker network create -d ipvlan --subnet 20.20.20.0/24 --gateway 20.20.20.1 -o ipvlan_mode=l2 -o parent=vlan20 net-vlan20
Anda juga dapat menambahkan subnet dan gateway lebih dari 1 pada vlan yang sama.

Create container

Buat container pada masing-masing host docker menggunakan network net-vlan10 dan net-vlan20

Docker host #1

docker run -dit --rm --name alfa10 --network net-vlan10 --ip 10.10.10.5 alpine ash
docker run -dit --rm --name alfa20 --network net-vlan20 --ip 20.20.20.5 alpine ash
$ docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED          STATUS          PORTS     NAMES
ce3d612e952c   alpine    "ash"     27 seconds ago   Up 26 seconds             alfa20
f043cb332ca3   alpine    "ash"     48 seconds ago   Up 47 seconds             alfa10

Docker host #2

docker run -dit --rm --name beta10 --network net-vlan10 --ip 10.10.10.6 alpine ash
docker run -dit --rm --name beta20 --network net-vlan20 --ip 20.20.20.6 alpine ash
$ docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED          STATUS          PORTS     NAMES
6c536cc8d7e0   alpine    "ash"     12 seconds ago   Up 12 seconds             beta20
c7c41bcfc582   alpine    "ash"     17 seconds ago   Up 15 seconds             beta10

Test ping

Masuk ke terminal alfa10 lalu coba ping setiap IP container pada docker host #2

/ # ping -c4 10.10.10.6
PING 10.10.10.6 (10.10.10.6): 56 data bytes
64 bytes from 10.10.10.6: seq=0 ttl=64 time=0.552 ms
64 bytes from 10.10.10.6: seq=1 ttl=64 time=0.655 ms
64 bytes from 10.10.10.6: seq=2 ttl=64 time=0.659 ms
64 bytes from 10.10.10.6: seq=3 ttl=64 time=0.736 ms

/ # ping -c4 20.20.20.6
PING 20.20.20.6 (20.20.20.6): 56 data bytes

--- 20.20.20.6 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss

Selanjutnya masuk ke terminal alfa20 lalu coba ping setiap IP container pada docker host #2

/ # ping -c4 10.10.10.6
PING 10.10.10.6 (10.10.10.6): 56 data bytes

--- 10.10.10.6 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss

/ # ping -c4 20.20.20.6
PING 20.20.20.6 (20.20.20.6): 56 data bytes
64 bytes from 20.20.20.6: seq=0 ttl=64 time=0.637 ms
64 bytes from 20.20.20.6: seq=1 ttl=64 time=0.534 ms
64 bytes from 20.20.20.6: seq=2 ttl=64 time=0.595 ms
64 bytes from 20.20.20.6: seq=3 ttl=64 time=0.667 ms

IPvlan L3 mode

Topologi yang digunakan

flowchart RL
	730663["docker host #2\n10.7.7.10/30"] o---o|ens224| 671715["docker host #1\n10.7.7.9/30"]
	705934["beta\n10.10.12.2/24"] o--o|net-priv| 730663
	671715 o--o|net-priv| 341575["alfa\n10.10.11.2/24"]

docker host #1

Buat network dengan subnet 10.10.11.0/24

docker network create -d ipvlan --subnet 10.10.11.0/24 -o ipvlan_mode=l3 -o parent=ens224 net-priv

Selanjutnya buat container dengan nama alfa

docker run -dit --rm --name alfa --network net-priv alpine ash

docker host #2

Buat network dengan subnet 10.10.12.0/24

docker network create -d ipvlan --subnet 10.10.12.0/24 -o ipvlan_mode=l3 -o parent=ens224 net-priv

Lalu buat container dengan nama beta

docker run -dit --rm --name beta --network net-priv alpine ash

static route

Agar kedua container dapat terhubung pada host docker yang berbeda, maka perlu menambahkan static route ke tujuan masing-masing network.

docker host #1

sudo ip route add 10.10.12.0/24 via 10.7.7.10 dev ens224

docker host #2

sudo ip route add 10.10.11.0/24 via 10.7.7.9 dev ens224

Lalu masuk ke terminal alfa dan coba lakukan test ping ke IP container beta

/ # ping -c4 10.10.12.2
PING 10.10.12.2 (10.10.12.2): 56 data bytes
64 bytes from 10.10.12.2: seq=0 ttl=64 time=0.624 ms
64 bytes from 10.10.12.2: seq=1 ttl=64 time=0.466 ms
64 bytes from 10.10.12.2: seq=2 ttl=64 time=0.894 ms
64 bytes from 10.10.12.2: seq=3 ttl=64 time=0.646 ms