MAC-VLANs are a type of network driver that assigns a unique MAC address to each container, making it appear to be a physical device on your network, just like a traditional virtual machine. The Docker daemon then routes the traffic to containers on the basis of their MAC address. MAC-VLANs can be used to connect containers to different subnets or VLANs without using a bridge or an overlay network. MAC-VLANs can also isolate your macvlan networks using different physical network interfaces.
To create a macvlan network, you need to use the –driver macvlan option with the docker network create command. You also need to specify the parent, which is the interface the traffic will physically go through on the Docker host. For example:
$ docker network create -d macvlan \
–subnet=172.16.86.0/24 \
–gateway=172.16.86.1 \
-o parent=eth0 \
my-macvlan-net
This command creates a macvlan network called my-macvlan-net that bridges with the physical network interface eth0.
You can also use ipvlan instead of macvlan, which allows all containers on a Docker host to share a single MAC address. This can reduce the overhead of managing multiple MAC addresses on your network. To use ipvlan, you need to use the –driver ipvlan option and specify the ipvlan_mode as l2. For example:
$ docker network create -d ipvlan \
–subnet=192.168.210.0/24 \
–subnet=192.168.212.0/24 \
–gateway=192.168.210.254 \
–gateway=192.168.212.254 \
-o ipvlan_mode=l2 -o parent=eth0 \
ipvlan210
This command creates an ipvlan network called ipvlan210 that uses the physical network interface eth0 and supports two subnets.