How to setup Macvlan on Docker that runs on Proxmox which is already connected to the VLAN.
It happens to all of us right? You want to set up a VLAN? No? Oh… Well I did, and I faced some issues. So let me tell you how I solved them.
I have a machine that runs Proxmox, Docker and a whole lot more (You can read it here). Some of my Docker containers I’d like to have run on a different subnet.
- 192.168.0.x => Internal LAN
- 192.168.1.x => Critical infrastructure
- 192.168.15.x => VM’s & Containers
- 192.168.2.x => WiFi
But I don’t want 4 physically separate networks. So I used VLAN (Virtual LAN). You seperate the network packages based on a VLAN-id so they don’t mix & match between networks you don’t want to. My VLAN-id’s are based on the 3rd IP-number. VLAN-0, VLAN-1, VLAN-15, VLAN-2.
Now I wanted my Proxmox machine to run on both VLAN-1 and VLAN-15, which is quite easy to accomplish in the Proxmox UI.
All you need to do (or so you would think…) is:
> pve > System > Network > Create > Linux Bridge and fill in all the fields.
BUT this will not work, since you cannot create a Linux VLAN that way.
Setting up Linux VLAN
Step 1 would be to set up a Linux VLAN. The first Google Search result was an Arch Linux tutorial
What I found out was if you take your interface, in my case it was enp3s0 and add .<vlan-ID> You can create a vlan.
So the first step to creating a Proxmox VLAN would be to edit
/etc/network/interfacesauto lo
iface lo inet loopbackauto enp3s0
iface enp3s0 inet manualauto vmbr0
iface vmbr0 inet static
address 192.168.1.X
netmask 255.255.255.0
gateway 192.168.1.1
bridge-ports enp3s0
bridge-stp off
bridge-fd 0
Where X is your machines 4-th number of the IP.
What you see here is basically a VLAN interface called vmbr0 that is all Default communications since it bridges the interface enp3s0 without appending the VLAN-ID to it.
To add VLAN-15 what we need to add is the following:
/etc/network/interfacesauto lo
iface lo inet loopbackauto enp3s0
iface enp3s0 inet manualauto enp3s0.15
iface enp3s0 inet manualauto vmbr0
iface vmbr0 inet static
address 192.168.1.X
netmask 255.255.255.0
gateway 192.168.1.1
bridge-ports enp3s0
bridge-stp off
bridge-fd 0auto vmbr15
iface vmbr15 inet static
address 192.168.15.X
netmask 255.255.255.0
gateway 192.168.15.1
bridge-ports enp3s0.15
bridge-stp off
bridge-fd 0
Here you see we created a Linux VLAN called enp3s0.15 and created a vmbr15 interface to talk through.
We can now use vmbr15 to communicate over VLAN-15 and vmbr0 to communicate over VLAN-1
Docker MacVLAN
Now that Proxmox (OS) has set up the VLAN interfaces, we can continue setting up Docker MacVLAN
In the command line all you need to do is:
docker network create -d macvlan --subnet=192.168.15.0/24 --gateway=192.168.15.1 --ip-range=192.168.15.128/26 -o parent=vmbr15 vlan15What happens here are the following:
docker network create — you create a new Docker network
-d macvlan — you define the driver as macvlan allowing it to talk over VLAN
--subnet=192.168.15.0/24 — Here you define the size of your VLAN, I chose 192.168.15.{0…255}
--gateway=192.168.15.1 — The IP of you router listening on the VLAN address
--ip-range=192.168.15.128/26 — This is interesting, since your router might assign multiple IP addresses through DHCP, you might want to allocate a range for your router {0…127} and a range for Docker {128…190} to assign IP addresses and avoid conflict. The /26 has to do with with the subnet size
-o parent=vmbr15 — This is the parent interface we just created in Proxmox
vlan15 — is the network name within Docker
Conclusion
Well there you have it. That’s all you need to do to have Docker use VLAN within Proxmox. Docker containers will now receive an IP address if they are assigned to a VLAN network. Happy networking.
