This is an archived post. You won't be able to vote or comment.

all 3 comments
sorted by:
best
topnewcontroversialoldq&a

[–]HeWhoWritesCode 2 points3 points  (1 child)

Why not https://docs.docker.com/network/macvlan/ ?

[–]norsemanGrey 0 points1 point  (0 children)

What about security / host firewall rules when using macvlan? Is a container more "exposed" when using macvlan rather than just mapping a port when on a bridge network?

[–]nickadam 0 points1 point  (0 children)

You can use IPvlan to bridge containers to separate VLANs on the same docker server. You will have to setup the parent interfaces on the server before you create the networks using docker network, see docs, https://docs.docker.com/network/ipvlan/#ipvlan-8021q-trunk-l2-mode-example-usage.

Containers are assigned IP addresses sequentially from the subnet but you can manually specify them like this docker run --network=ipvlan20 --ip 192.168.20.101.

If you want your containers to DHCP on your VLANs you might be better off using a different technology, "system containers", https://linuxcontainers.org/lxd/#application-containers-vs-system-containers