Debian 12 macvlan issue for Docker network

To: debian-user@lists.debian.org
Subject: Debian 12 macvlan issue for Docker network
From: Josip Sokolovic <facebook@josoko.ch>
Date: Thu, 5 Oct 2023 21:13:51 +0200
Message-id: <[🔎] C43A4320-1EDC-45BB-A05C-12F51170B079@josoko.ch>
Good Evening

I struggle with the setup of macvlans for Docker on Debian 12.
In my environment I don’t get to the point, where Docker containers can be reached over a macvlan.

How the network settings looks like:

PROMISC is enabled on the interface:

2: eno1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 94:c6:91:18:80:59 brd ff:ff:ff:ff:ff:ff
    altname enp0s31f6
    inet 172.16.100.66/24 brd 172.16.100.255 scope global eno1
       valid_lft forever preferred_lft forever
    inet6 fe80::96c6:91ff:fe18:8059/64 scope link
       valid_lft forever preferred_lft forever

14: dm-f895f9b34c30: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
    link/ether a2:48:31:08:d4:67 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::b8b7:97ff:fec3:51fa/64 scope link
       valid_lft forever preferred_lft forever

docker network ls
NETWORK ID     NAME            DRIVER    SCOPE
e1b6a1556220   bridge          bridge    local
f895f9b34c30   dockermacvlan   macvlan   local
de93e5b98755   host            host      local
7151075f2888   none            null      local

dm-f895f9b34c30: flags=195<UP,BROADCAST,RUNNING,NOARP>  mtu 1500
        inet6 fe80::b8b7:97ff:fec3:51fa  prefixlen 64  scopeid 0x20<link>
        ether a2:48:31:08:d4:67  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 11  bytes 686 (686.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:80:0d:e0:d6  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eno1: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        inet 172.16.100.66  netmask 255.255.255.0  broadcast 172.16.100.255
        inet6 fe80::96c6:91ff:fe18:8059  prefixlen 64  scopeid 0x20<link>
        ether 94:c6:91:18:80:59  txqueuelen 1000  (Ethernet)
        RX packets 21706  bytes 12834211 (12.2 MiB)
        RX errors 0  dropped 148  overruns 0  frame 0
        TX packets 9460  bytes 1227650 (1.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 16  memory 0xdc200000-dc220000

docker exec busybox1 ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
15: eth0@if14: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
    link/ether 02:42:ac:10:64:e0 brd ff:ff:ff:ff:ff:ff
    inet 172.16.100.224/24 brd 172.16.100.255 scope global eth0
       valid_lft forever preferred_lft forever

How I did the the docker macvlan:
docker network create -d macvlan \
--subnet 172.16.100.0/24 \
--gateway 172.16.100.3 \
-o parnet=eno1 \
dockermacvlan

Also not working:
docker network create -d macvlan \
--subnet 172.16.100.0/24 \
--gateway 172.16.100.3 \
-o parnet=eth0 \
dockermacvlan

How I created the container:
docker run -itd --rm --name busybox1 \
--network dockermacvlan \
--ip 172.16.100.224 \
busybox

How the container env looks like:
docker exec busybox1 ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
15: eth0@if14: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
    link/ether 02:42:ac:10:64:e0 brd ff:ff:ff:ff:ff:ff
    inet 172.16.100.224/24 brd 172.16.100.255 scope global eth0
       valid_lft forever preferred_lft forever

I cannot ping from 172.16.100.66 to 172.16.100.224 (busybox1) and vice versa.
sudo tcpdump -nnvi any 'host 172.16.100.224'
tcpdump: data link type LINUX_SLL2
tcpdump: listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
21:10:34.258465 eno1  Out ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.224 tell 172.16.100.66, length 28
21:10:35.268594 eno1  Out ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.224 tell 172.16.100.66, length 28
21:10:36.292600 eno1  Out ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.224 tell 172.16.100.66, length 28
21:10:37.317179 eno1  Out ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.224 tell 172.16.100.66, length 28
21:10:38.340592 eno1  Out ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.224 tell 172.16.100.66, length 28

I would appreciate any hint much, which could help to solve that.

BR,
Josip
Reply to:
Prev by Date: Re: Update on problem mounting NFS share
Next by Date: Git for backup storage
Previous by thread: Hardware Error Messages
Next by thread: Git for backup storage
Index(es):
- Date
- Thread