Suraj Deshmukh, profile picture
Uploaded bySuraj Deshmukh
PDF, PPTX4,167 views

macvlan and ipvlan

macvlan and ipvlan allow VMs and containers to have direct exposure to the host network by assigning them their own MAC/IP addresses without requiring a bridge. macvlan uses MAC addresses to separate traffic while ipvlan uses layer 3. Both are lighter weight than bridges. macvlan is commonly used in bridge mode to allow communication between VMs/containers on the same host, while ipvlan may be preferred when MAC limits are in place or for untrusted networks.

Embed presentation

Download as PDF, PPTX
macvlan and ipvlan - Suraj Deshmukh @surajd_
Introduction ● macvlan and ipvlan exposes the underlying host's interfaces directly to VMs or Containers. ● Both do not use bridge. ● Both are implicitly namespace aware. ● Traditionally we have been using Linux Bridge to get VM access to the outside network or default gateway, now you don't need that extra NATing overhead. ● Lightweight and Fast.
● There are two ways normally to connect VMs or Containers to external network overlay and underlay: ○ Overlay is using VXLAN or NVGRE, etc., with extra encapsulation. ○ Underlay is using Linux Bridge, ipvlan or macvlan by directly exposing it to host's external network. ○ These implementations are extremely lightweight than the traditional linux bridge.
Linux Bridge ● Acts similar to the physical layer 2 switch. ● It has learning capabilities. ● All the VMs or containers connect to this bridge/switch. ● For external connectivity all these are NATed.
macvlan ● macvlan allows a single interface to have multiple MAC and IP addresses using macvlan sub-interfaces. ● This is different from creating sub-interfaces on a physical interface using VLAN, here every sub-interface belongs to different Layer-2 domain and all sub-interfaces have different MAC address.
● macvlan has been in use with lxc containers before docker support was introduced. ● Each interface will have different MAC address and will be exposed directly in the underlay network. ● This will help people who wanna use the existing network infrastructure with Containers and VMs.
● macvlan will only see traffic that has MAC address that matches interface’s MAC address. ● macvlan has 4 types (private, bridge, passthrough, VEPA(Virtual Ethernet Port Aggregator)) ○ Commonly used is a macvlan bridge because it allows the Container or VMs on the same host to talk to each other without packet leaving the host. ○ Bridge mode works like traditional bridge and removes the requirement of learning and STP, learning not needed because it already knows what MAC addresses.
ipvlan ● Conceptually similar to macvlan but uses layer 3. ● Unlike macvlan no unique MAC addresses. ● Can be used in scenarios where MAC addresses per port are restricted. ● Right now supported modes are l2 and l3.
When to use ipvlan over macvlan? ● These two are very similar in many regards and the specific use case could very well define which device to choose. ○ The Linux host that is connected to the external switch / router has policy configured that allows only one mac per port. ○ No of virtual devices created on a master exceed the MAC capacity and puts the NIC in promiscuous mode and degraded performance is a concern. ○ If the slave device is to be put into the hostile / untrusted network namespace where l2 on the slave could be changed / misused.
When to use macvlan over ipvlan? ● When you have a common DHCP server, then macvlan should be used, because DHCP would need unique MAC address for each IP address.
Demo Steps a.k.a. Cheatsheet: https://github. com/surajssd/blog_post/tree/master/talks2/20160708DockerBangalore
Ref: ● Macvlan and IPvlan basics https://sreeninet.wordpress.com/2016/05/29/macvlan-and-ipvlan/ ● Macvlan and Ipvlan Network Drivers https://github.com/docker/docker/blob/master/experimental/vlan-networks.md ● Experimental Docker https://sreeninet.wordpress.com/2016/05/29/experimental-docker-with-docker-machine/ and https: //github.com/docker/docker/tree/master/experimental ● Some notes on macvlan/macvtap http://backreference.org/2014/03/20/some-notes-on-macvlanmacvtap/ ● Configuring Macvlan and Ipvlan Linux Networking http://networkstatic.net/configuring-macvlan-ipvlan-linux-networking/ ● About Veth and Macvlan https://docs.oracle.com/cd/E37670_01/E37355/html/ol_mcvnbr_lxc.html ● LXC Macvlan networking https://www.flockport.com/lxc-macvlan-networking/ ● MacVTap http://virt.kernelnewbies.org/MacVTap ● IPVLAN Driver HOWTO https://www.kernel.org/doc/Documentation/networking/ipvlan.txt ● Linux Networking: MAC VLANs and Virtual Ethernets http://www.pocketnix.org/posts/Linux%20Networking:%20MAC% 20VLANs%20and%20Virtual%20Ethernets ● macvlan: implement bridge, VEPA and private mode https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/? id=618e1b7482f7a8a4c6c6e8ccbe140e4c331df4e9 ● IPVLAN – The beginning http://people.netfilter.org/pablo/netdev0.1/papers/IPVLAN-The-beginning.pdf ● Integrating Overlay Networking and the Physical Network http://etherealmind.com/integrating-overlay-networking-and-the- physical-network/

More Related Content

PPTX
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
byJames Denton
 
PPTX
Introduction to DPDK
byKernel TLV
 
PDF
Linux Networking Explained
byThomas Graf
 
PPTX
Linux Network Stack
byAdrien Mahieux
 
PDF
EBPF and Linux Networking
byPLUMgrid
 
PDF
eBPF - Rethinking the Linux Kernel
byThomas Graf
 
PDF
Fun with Network Interfaces
byKernel TLV
 
PPTX
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
byvivekkonnect
 
Pushing Packets - How do the ML2 Mechanism Drivers Stack Up
byJames Denton
 
Introduction to DPDK
byKernel TLV
 
Linux Networking Explained
byThomas Graf
 
Linux Network Stack
byAdrien Mahieux
 
EBPF and Linux Networking
byPLUMgrid
 
eBPF - Rethinking the Linux Kernel
byThomas Graf
 
Fun with Network Interfaces
byKernel TLV
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
byvivekkonnect
 

What's hot

PDF
Red Hat OpenStack 17 저자직강+스터디그룹_2주차
byNalee Jang
 
PDF
Red Hat OpenStack 17 저자직강+스터디그룹_1주차
byNalee Jang
 
PDF
Open shift 4 infra deep dive
byWinton Winton
 
PDF
BPF: Tracing and more
byBrendan Gregg
 
PDF
Introduction to Kubernetes Workshop
byBob Killen
 
PPTX
Kubernetes 101
byStanislav Pogrebnyak
 
PDF
The IPv6-Only Network
byAPNIC
 
PPTX
Ansible Automation - Enterprise Use Cases | Juncheng Anthony Lin
byVietnam Open Infrastructure User Group
 
PDF
nl80211 and libnl
byawkman
 
PDF
LinuxCon 2015 Linux Kernel Networking Walkthrough
byThomas Graf
 
PDF
netfilter and iptables
byKernel TLV
 
PDF
Software Defined Datacenter with Proxmox
byGLC Networks
 
PDF
How VXLAN works on Linux
byEtsuji Nakai
 
PPTX
Docker Networking: Control plane and Data plane
byDocker, Inc.
 
PDF
Using eBPF for High-Performance Networking in Cilium
byScyllaDB
 
PDF
Understanding Open vSwitch
byYongKi Kim
 
PDF
Ifupdown2: Network Interface Manager
byCumulus Networks
 
PDF
Boosting I/O Performance with KVM io_uring
byShapeBlue
 
PPTX
Kolla talk at OpenStack Summit 2017 in Sydney
byVikram G Hosakote
 
PPTX
OpenvSwitch Deep Dive
byrajdeep
 
Red Hat OpenStack 17 저자직강+스터디그룹_2주차
byNalee Jang
 
Red Hat OpenStack 17 저자직강+스터디그룹_1주차
byNalee Jang
 
Open shift 4 infra deep dive
byWinton Winton
 
BPF: Tracing and more
byBrendan Gregg
 
Introduction to Kubernetes Workshop
byBob Killen
 
Kubernetes 101
byStanislav Pogrebnyak
 
The IPv6-Only Network
byAPNIC
 
Ansible Automation - Enterprise Use Cases | Juncheng Anthony Lin
byVietnam Open Infrastructure User Group
 
nl80211 and libnl
byawkman
 
LinuxCon 2015 Linux Kernel Networking Walkthrough
byThomas Graf
 
netfilter and iptables
byKernel TLV
 
Software Defined Datacenter with Proxmox
byGLC Networks
 
How VXLAN works on Linux
byEtsuji Nakai
 
Docker Networking: Control plane and Data plane
byDocker, Inc.
 
Using eBPF for High-Performance Networking in Cilium
byScyllaDB
 
Understanding Open vSwitch
byYongKi Kim
 
Ifupdown2: Network Interface Manager
byCumulus Networks
 
Boosting I/O Performance with KVM io_uring
byShapeBlue
 
Kolla talk at OpenStack Summit 2017 in Sydney
byVikram G Hosakote
 
OpenvSwitch Deep Dive
byrajdeep
 

Similar to macvlan and ipvlan

PPTX
Docker Networking with New Ipvlan and Macvlan Drivers
byBrent Salisbury
 
PDF
Contemporary Linux Networking
byMaximilan Wilhelm
 
PPT
Vlan
bysanss40
 
PPT
Vlan
byilias ahmed
 
PPTX
VLAN
byISMT College
 
PPT
CCNA Advanced Switching
byDsunte Wilson
 
PPT
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
byMR. VIKRAM SNEHI
 
PPTX
Docker Networking Tip - Macvlan driver
bySreenivas Makam
 
PPT
Mod8 vlans
byMohan Kumaresan
 
PDF
DCSF 19 Data Center Networking with Containers
byDocker, Inc.
 
PDF
Vlan.pdf
byitwkd
 
PDF
LinuxConJapan2014_makita_0_MACVLAN.pdf
byDanielHanganu2
 
PPTX
VLAN_From_Basics_to_Advanced what there
byharinadhsadhu0445
 
PPT
mod8-VLANs.ppt
bySAROORNAGARCMCORE
 
PPTX
VLANS Routing and Protocols Chapter 12 of Routing
byRodgersA
 
PPTX
VLAN (Virtual Local Area Network) Full details.pptx
byVignesh kumar
 
PDF
W3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdf
bygummybear37
 
PPTX
Vla ns
byUDLA
 
PDF
An Overview of Linux Networking Options
byScott Lowe
 
ODP
Securing the network for VMs or Containers
byMarian Marinov
 
Docker Networking with New Ipvlan and Macvlan Drivers
byBrent Salisbury
 
Contemporary Linux Networking
byMaximilan Wilhelm
 
Vlan
bysanss40
 
Vlan
byilias ahmed
 
VLAN
byISMT College
 
CCNA Advanced Switching
byDsunte Wilson
 
VLAN Virtual Area Network ,Switch,Ethernet ,VIkram Snehi
byMR. VIKRAM SNEHI
 
Docker Networking Tip - Macvlan driver
bySreenivas Makam
 
Mod8 vlans
byMohan Kumaresan
 
DCSF 19 Data Center Networking with Containers
byDocker, Inc.
 
Vlan.pdf
byitwkd
 
LinuxConJapan2014_makita_0_MACVLAN.pdf
byDanielHanganu2
 
VLAN_From_Basics_to_Advanced what there
byharinadhsadhu0445
 
mod8-VLANs.ppt
bySAROORNAGARCMCORE
 
VLANS Routing and Protocols Chapter 12 of Routing
byRodgersA
 
VLAN (Virtual Local Area Network) Full details.pptx
byVignesh kumar
 
W3-Presentation-VLANs-AMA COMPUTER COLLEGE.pdf
bygummybear37
 
Vla ns
byUDLA
 
An Overview of Linux Networking Options
byScott Lowe
 
Securing the network for VMs or Containers
byMarian Marinov
 

More from Suraj Deshmukh

PDF
Python testing using mock and pytest
bySuraj Deshmukh
 
PDF
JSONSchema with golang
bySuraj Deshmukh
 
PDF
Kubernetes psp and beyond
bySuraj Deshmukh
 
PDF
Kubernetes on CRI-O
bySuraj Deshmukh
 
PDF
Making kubernetes simple for developers
bySuraj Deshmukh
 
PDF
Hardening Kubernetes by Securing Pods
bySuraj Deshmukh
 
PDF
What's new in kubernetes 1.3?
bySuraj Deshmukh
 
PDF
Microservices on Kubernetes - The simple way
bySuraj Deshmukh
 
PDF
Taking containers from development to production
bySuraj Deshmukh
 
PDF
OpenShift meetup Bangalore
bySuraj Deshmukh
 
PDF
Building Container Defence Executable at a Time.pdf
bySuraj Deshmukh
 
PDF
Kubernetes Security Updates from Kubecon 2018 Seattle
bySuraj Deshmukh
 
PDF
Henge
bySuraj Deshmukh
 
Python testing using mock and pytest
bySuraj Deshmukh
 
JSONSchema with golang
bySuraj Deshmukh
 
Kubernetes psp and beyond
bySuraj Deshmukh
 
Kubernetes on CRI-O
bySuraj Deshmukh
 
Making kubernetes simple for developers
bySuraj Deshmukh
 
Hardening Kubernetes by Securing Pods
bySuraj Deshmukh
 
What's new in kubernetes 1.3?
bySuraj Deshmukh
 
Microservices on Kubernetes - The simple way
bySuraj Deshmukh
 
Taking containers from development to production
bySuraj Deshmukh
 
OpenShift meetup Bangalore
bySuraj Deshmukh
 
Building Container Defence Executable at a Time.pdf
bySuraj Deshmukh
 
Kubernetes Security Updates from Kubecon 2018 Seattle
bySuraj Deshmukh
 
Henge
bySuraj Deshmukh
 

Recently uploaded

PDF
Problem Solving_20241203_220045_0000.pdf
bythakurayush00991
 
PDF
Hack&Verse Kick-off and infor session Event ppt
bysanidhyasahu1120
 
PDF
Incident Management Roles & Responsibilities.pdf
byTaskCall
 
PPTX
Architectural Styles in Software Engineering
byM Munim
 
PPTX
Feasibility Analysis in System Development Using Data Flow Diagrams
byM Munim
 
PDF
From Sound Workflow Nets to LTLf Declarative Specifications
byLucaBarbaro3
 
PDF
DSD-INT 2025 iMOD Parallel coupler development plan - Verkaik
byDeltares
 
PDF
Inside An AI Powered ERP System for Process Manufacturers
byBatchMaster Software Pvt. Ltd.
 
PPTX
Testing Strategies for Agile Teams in 2026
byMatt Calder
 
PDF
CodeFulcrum Company Profile - Engineering Scalable Software for High-Growth E...
byCodeFulcrum
 
PDF
Salesforce Agentforce Service Agent​.pdf
byRobert Mark
 
PDF
DSD-INT 2025 Groundwater table lowering due to surface water lowering - Reusen
byDeltares
 
PPTX
Google Trips Data Scraping for Tourism & Demand Analysis.pptx
byWeb Data Crawler
 
PDF
Prasenjit Bhaumik Plano - Specializing In Web Applications
byPrasenjit Bhaumik Plano
 
PDF
Building Strong IT Systems Using the Site Reliability Engineering
byAvekshaa Technologies
 
PPTX
How MathCo Solved Enterprise AI Validation Challenges
byIT IDOL Technologies
 
PPTX
How Swiggy Assure Scaled B2B Procurement for the HORECA Supply Chain
byIT IDOL Technologies
 
PPTX
Dreamforce ‘25 Tour: Boost Productivity with AI-Assisted API Development
byPriya Shaw
 
PPTX
EMR Software for Gynaecology Clinics How EasyClinic Supports Continuity, Priv...
byEasy Clinic
 
PPTX
EMR Software for Pulmonology Clinics Why EasyClinic Supports Accuracy, Contin...
byEasy Clinic
 
Problem Solving_20241203_220045_0000.pdf
bythakurayush00991
 
Hack&Verse Kick-off and infor session Event ppt
bysanidhyasahu1120
 
Incident Management Roles & Responsibilities.pdf
byTaskCall
 
Architectural Styles in Software Engineering
byM Munim
 
Feasibility Analysis in System Development Using Data Flow Diagrams
byM Munim
 
From Sound Workflow Nets to LTLf Declarative Specifications
byLucaBarbaro3
 
DSD-INT 2025 iMOD Parallel coupler development plan - Verkaik
byDeltares
 
Inside An AI Powered ERP System for Process Manufacturers
byBatchMaster Software Pvt. Ltd.
 
Testing Strategies for Agile Teams in 2026
byMatt Calder
 
CodeFulcrum Company Profile - Engineering Scalable Software for High-Growth E...
byCodeFulcrum
 
Salesforce Agentforce Service Agent​.pdf
byRobert Mark
 
DSD-INT 2025 Groundwater table lowering due to surface water lowering - Reusen
byDeltares
 
Google Trips Data Scraping for Tourism & Demand Analysis.pptx
byWeb Data Crawler
 
Prasenjit Bhaumik Plano - Specializing In Web Applications
byPrasenjit Bhaumik Plano
 
Building Strong IT Systems Using the Site Reliability Engineering
byAvekshaa Technologies
 
How MathCo Solved Enterprise AI Validation Challenges
byIT IDOL Technologies
 
How Swiggy Assure Scaled B2B Procurement for the HORECA Supply Chain
byIT IDOL Technologies
 
Dreamforce ‘25 Tour: Boost Productivity with AI-Assisted API Development
byPriya Shaw
 
EMR Software for Gynaecology Clinics How EasyClinic Supports Continuity, Priv...
byEasy Clinic
 
EMR Software for Pulmonology Clinics Why EasyClinic Supports Accuracy, Contin...
byEasy Clinic
 

macvlan and ipvlan

  • 1.
    macvlan and ipvlan -Suraj Deshmukh @surajd_
  • 2.
    Introduction ● macvlan andipvlan exposes the underlying host's interfaces directly to VMs or Containers. ● Both do not use bridge. ● Both are implicitly namespace aware. ● Traditionally we have been using Linux Bridge to get VM access to the outside network or default gateway, now you don't need that extra NATing overhead. ● Lightweight and Fast.
  • 3.
    ● There aretwo ways normally to connect VMs or Containers to external network overlay and underlay: ○ Overlay is using VXLAN or NVGRE, etc., with extra encapsulation. ○ Underlay is using Linux Bridge, ipvlan or macvlan by directly exposing it to host's external network. ○ These implementations are extremely lightweight than the traditional linux bridge.
  • 4.
    Linux Bridge ● Actssimilar to the physical layer 2 switch. ● It has learning capabilities. ● All the VMs or containers connect to this bridge/switch. ● For external connectivity all these are NATed.
  • 5.
    macvlan ● macvlan allowsa single interface to have multiple MAC and IP addresses using macvlan sub-interfaces. ● This is different from creating sub-interfaces on a physical interface using VLAN, here every sub-interface belongs to different Layer-2 domain and all sub-interfaces have different MAC address.
  • 6.
    ● macvlan hasbeen in use with lxc containers before docker support was introduced. ● Each interface will have different MAC address and will be exposed directly in the underlay network. ● This will help people who wanna use the existing network infrastructure with Containers and VMs.
  • 7.
    ● macvlan willonly see traffic that has MAC address that matches interface’s MAC address. ● macvlan has 4 types (private, bridge, passthrough, VEPA(Virtual Ethernet Port Aggregator)) ○ Commonly used is a macvlan bridge because it allows the Container or VMs on the same host to talk to each other without packet leaving the host. ○ Bridge mode works like traditional bridge and removes the requirement of learning and STP, learning not needed because it already knows what MAC addresses.
  • 8.
    ipvlan ● Conceptually similarto macvlan but uses layer 3. ● Unlike macvlan no unique MAC addresses. ● Can be used in scenarios where MAC addresses per port are restricted. ● Right now supported modes are l2 and l3.
  • 9.
    When to useipvlan over macvlan? ● These two are very similar in many regards and the specific use case could very well define which device to choose. ○ The Linux host that is connected to the external switch / router has policy configured that allows only one mac per port. ○ No of virtual devices created on a master exceed the MAC capacity and puts the NIC in promiscuous mode and degraded performance is a concern. ○ If the slave device is to be put into the hostile / untrusted network namespace where l2 on the slave could be changed / misused.
  • 10.
    When to usemacvlan over ipvlan? ● When you have a common DHCP server, then macvlan should be used, because DHCP would need unique MAC address for each IP address.
  • 11.
    Demo Steps a.k.a. Cheatsheet:https://github. com/surajssd/blog_post/tree/master/talks2/20160708DockerBangalore
  • 12.
    Ref: ● Macvlan andIPvlan basics https://sreeninet.wordpress.com/2016/05/29/macvlan-and-ipvlan/ ● Macvlan and Ipvlan Network Drivers https://github.com/docker/docker/blob/master/experimental/vlan-networks.md ● Experimental Docker https://sreeninet.wordpress.com/2016/05/29/experimental-docker-with-docker-machine/ and https: //github.com/docker/docker/tree/master/experimental ● Some notes on macvlan/macvtap http://backreference.org/2014/03/20/some-notes-on-macvlanmacvtap/ ● Configuring Macvlan and Ipvlan Linux Networking http://networkstatic.net/configuring-macvlan-ipvlan-linux-networking/ ● About Veth and Macvlan https://docs.oracle.com/cd/E37670_01/E37355/html/ol_mcvnbr_lxc.html ● LXC Macvlan networking https://www.flockport.com/lxc-macvlan-networking/ ● MacVTap http://virt.kernelnewbies.org/MacVTap ● IPVLAN Driver HOWTO https://www.kernel.org/doc/Documentation/networking/ipvlan.txt ● Linux Networking: MAC VLANs and Virtual Ethernets http://www.pocketnix.org/posts/Linux%20Networking:%20MAC% 20VLANs%20and%20Virtual%20Ethernets ● macvlan: implement bridge, VEPA and private mode https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/? id=618e1b7482f7a8a4c6c6e8ccbe140e4c331df4e9 ● IPVLAN – The beginning http://people.netfilter.org/pablo/netdev0.1/papers/IPVLAN-The-beginning.pdf ● Integrating Overlay Networking and the Physical Network http://etherealmind.com/integrating-overlay-networking-and-the- physical-network/