Actually you still need to Google for using Macvlan driver even if you finished reading this post.
I only recorded some fragmented knowledge while using Macvlan driver.

What’s the Macvlan driver

Macvlan 可以在网卡上虚拟出另一网卡, 拥有独立的 mac 地址.
Linux Macvlan

something should be known

  1. 属于不同的子网的容器不能直接相同, 包括同主机-不同Macvlan网络的容器, 还有同主机-multi子网的Macvlan网络下的容器
  2. 容器和宿主机不互通 NOTE: the containers can NOT ping the underlying host interfaces as they are intentionally filtered by Linux for additional isolation.

Macvlan Pre-Requisites

1
2
3
Docker 1.12.0+
Linux kernel v3.9–3.19 and 4.0+
An interface on host

four Macvlan mode (bridge/veth/private/passthru)

下列的图 eth0 是网卡的设备名称, mac0/mac1 是基于 eth0 为 parent 的 sub-interfaces

bridge

bridge 模式, 在同主机的两个 sub-interfaces 之间, 数据包只需要通过 parent interface, 不走网关.
这也是 Docker 创建 Macvlan 网络的默认 mode
linux-macvlan-bridge-mode

Any container inside the same subnet can talk to any other container in the same network without a gateway in macvlan bridge.

veth

和 bridge 的主要差别是同主机 sub-interfaces 之间的流量会走网关
vepa-mode

private

悲剧啊, sub-interfaces 之间的流量都走到网关了, 但是回来的时候被 dropped 掉了
linux-macvlan-private-mode

passthru

linux-macvlan-passthru-mode

docker and Macvlan

创建 Macvlan driver 的网络

  1. 创建最基本的 Macvlan 网络(实验性质), mode: bridge, parent: dummy0, gateway: 172.20.0.1, subnet: 172.20.0.0/16

    1
    docker network create -d macvlan net-mv1

  2. 创建能和 Docker 主机所在内网通信的 Macvlan 网络, mode: bridge, parent: eth0, gateway: 192.168.1.1 subnet: 192.168.1.1/16
    其中, eth0 为主机网卡名称 (ip a), 有网关必须有对应的子网. 可以没有网关(因为同属于一个 Macvlan mode: bridge only网络的容器可以不通过网关就连通).

    1
    2
    3
    4
    5
    6
    docker network create \
        -d macvlan \
        -o parent=eth0 \
        --subnet 192.168.1.1/16 \
        --gateway 192.168.1.1 \
        net-mv2

  3. 创建带 vlan ID 的 Macvlan 网络 (802.1q Trunk Bridge Mode)
    Docker 会帮你创建 eth0.50 的 sub-interface, 可以在 ip a 中看到
    也可以自己先创建 ip link add link eth0 name eth0.50 type vlan id 50, 并启用 ip link set eth0.50 up (和 Docker 有细微的差别)

    1
    2
    3
    4
    5
    6
    docker network create \
        -d macvlan \
        -o parent=eth0.50 \
        --subnet 192.168.1.1/16 \
        --gateway 192.168.1.1 \
        net-mv3

  4. 创建 mode: veth/private/passthru 类型的 (not testified)
    通过 -o macvlan_mode=veth

    1
    2
    3
    4
    5
    6
    docker network create \
        -d macvlan \
        -o macvlan_mode=veth \
        --subnet 192.168.1.1/16 \
        --gateway 192.168.1.1 \
        net-mv4

  5. 创建多子网/网关的网络

    1
    2
    3
    4
    5
    6
    7
    docker network create \
        -d macvlan \
        --subnet 192.168.1.1/16 \
        --gateway 192.168.1.1 \
        --subnet 10.1.10.0/24 \
        --gateway 10.1.10.1 \
        net-mv5

when it comes to swarmkit

docker 的服务不能直接指定使用单机网络, 因为 Macvlan 需要在每台主机上单独创建, 即使每台主机上创建了相同名称的 Macvlan 网络, 但每个网络的 NetworkID/配置 并不(一定)相同, 所以服务指定 –network 的时候会失败.

default gateway when it comes to multi-network

in lexical order.??? Seriously???
So you’d better create a docker network started with NUT which is the first symbol in ASCII. (kidding)(0 is enough I think)
Docker container networking#User-defined networks

You can create as many networks as you need, and you can connect a container to zero or more of these networks at any given time. In addition, you can connect and disconnect running containers from networks without restarting the container. When a container is connected to multiple networks, its external connectivity is provided via the first non-internal network, in lexical order.

参考

资料 url
Get started with Macvlan network driver (Docker) https://docs.docker.com/engine/userguide/networking/get-started-macvlan/
Bridge vs Macvlan http://hicu.be/bridge-vs-macvlan
Linux Networking: MAC VLANs and Virtual Ethernets http://www.pocketnix.org/posts/Linux%20Networking:%20MAC%20VLANs%20and%20Virtual%20Ethernets