'ipvlan L3 docker can't ping host

I was playing with ipvlan_mode=l3 by following the tutorial on docker github repo

https://gist.github.com/nerdalert/28168b016112b7c13040#ipvlan-l3-mode-example-usage

After running the commands my host and docker are not able to ping each other.

However two containers on diffrent subnets using the same parent iface are able to ping.

Commands :

docker network  create  -d ipvlan \
--subnet=192.168.214.0/24 \
--subnet=10.1.214.0/24 \
 -o ipvlan_mode=l3 ipnet210

# Test 192.168.214.0/24 connectivity
$ docker run --net=ipnet210 --ip=192.168.214.10 -itd alpine /bin/sh
$ docker run --net=ipnet210 --ip=10.1.214.10 -itd alpine /bin/sh

# Test L3 connectivity from 10.1.214.0/24 to 192.168.212.0/24
$ docker run --net=ipnet210 --ip=192.168.214.9 -it --rm alpine ping -c 2 10.1.214.10

# Test L3 connectivity from 192.168.212.0/24 to 10.1.214.0/24
$ docker run --net=ipnet210 --ip=10.1.214.9 -it --rm alpine ping -c 2 192.168.214.10

Is there anything I'm missing ?

Thank in advance

docker


Solution 1:[1]

I found this Q after reading about ipvlan l3 driver here

And I see the same behavior on ubuntu 18.04 and ubuntu 20.04, both with:

  • kernel 5.4.0-96-generic
  • docker-ce 20.10.12

I assume it's by design like this that host can't even see those new networks with ip r

I would be very interested to hear how external connectivity for containers should work, in docs (link above) it's not explained, just simple picture without any details...not helpful at all.

Solution 2:[2]

You need to setup a static route on the host or upstream router to get a connection between host and docker subnet as mentioned in the documentation, end of the chapter:

In order to ping the containers from a remote Docker host or the container be able to ping a remote host, the remote host or the physical network in between need to have a route pointing to the host IP address of the container’s Docker host eth interface.

For example (referenced to the picture) you have to create a route which point all traffic to subnet 172.16.20.0/24 to gateway 192.168.50.10/24.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 patooo
Solution 2 Frank

Related Questions

docker image - merged/diff/work/LowerDir components of GraphDriver

docker image - merged/diff/work/LowerDir components of GraphDriver

In docker-compose, is it possible to reuse volume configuration between services?

Installing imagemagick in docker container

How to set docker container name in Pycharm Docker Interpreter

Docker. Communication between Laravel containers

E: Package 'mysql-client' has no installation candidate in php-fpm image build using docker compose

M1 chip, Install Puppeteer in Docker NodeJs, The chromium binary is not available for arm64

How do I configure "ulimits" for a Docker container running in AWS ECS?

Travis-ci installs packages from requirements.txt file automatically

How critical is dumb-init for Docker?

docker build failed after pip installed requirements with exit code 137

Error with docker and react, digital envelope routines::unsupported

npm ERR! Tracker "idealTree" already exists while creating the Docker image for Node project

How to access gradle test reports from a docker container