Introduction to MacVLAN

In the IT industry, we define MacVLAN as a specific kind of driver with built-in network driver edition and offers several unique specifications. At first glance, MacVLAN is a very lightweight driver because rather than using any kind of Linux bridging or port mapping technology, it is mainly used to connect container interfaces directly with host interfaces. In general, containers are inscribed with routable IP addresses that exist on the subnet of the external network architecture.

The result of using routable IP addresses is that containers start to communicate directly with network resources that usually exist outside a Swarm cluster without any need to use NAT or port mapping techniques. This kind of implementation can help with network architecture visibility and general troubleshooting. Furthermore, the direct network traffic path between containers and the host interface usually helps in order to reduce transmission time (latency). Due to the fact that MacVLAN is usually a local scope network driver which is configured per host, there are stricter dependencies between MacVLAN and external networks such as constraint and differentiation from overlay or bridge incidents.

In addition, the MacVLAN driver is based on the concept of a parent interface technology. This specific type of interface can be used as a host interface such as eth0, or a sub interface or even a bonded host adaptor which combines Ethernet interfaces into a single logical type. Unfortunately, a gateway address from the external network topology is essential during MacVLAN network configuration because a MacVLAN network needs a L2 segment from the container to the network gateway in order to work. Similar to all Docker networks, MacVLAN networks are fragmented from each other, resulting in access only within a single network.

Finally, another crucial advantage is that the MacVLAN driver has the ability to be configured in several ways in order to achieve different results. 

MacVLAN Networks and Specifications

 As a general rule most applications, especially legacy types of applications or applications which are designed to monitor network traffic, rather than being directly connected to the physical network, can also use the MacVLAN network driver in order to assign a MAC address to each container’s virtual network interface. This kind of implementation makes it appear to be a physical network interface directly connected to the physical network. However, in this type of configuration, the user needs to assign a physical interface on the Docker host, on the subnet and on the gateway used by the MacVLAN driver.

Limitations

Unfortunately, there are some limitations that every system engineer should keep in mind such as:

• There is a danger of accidentally damaging the network because of the IP address exhaustion or “VLAN spread” incident, which is a situation where the user has an inappropriately large number of unique MAC addresses in his network.
• The networking equipment used in this scenario needs to be able to handle “promiscuous mode”, this is a kind of technology where one physical interface can be assigned to multiple MAC addresses.
• In case the application has the ability to work using a bridge (on a single Docker host) or overlay (to communicate across multiple Docker hosts), it is advised that they should be adopted for better experience in the long-term.

Types of MacVLAN on the basis of Architecture

In the IT industry, many organizations and IT engineers use MacVLAN driver in two different architectures, in bridge mode or 802.1q trunk bridge mode. These two types are explained below:

• Bridge Mode: In this method, the MacVLAN traffic goes through a physical device on the host. In order to create a MacVLAN network which bridges with a physical network interface, the system administrator should use the driver MacVLAN with the docker network create command. Unfortunately, there is also a necessity to specify the parent interface ip address, which is the main interface that the traffic will physically pass through the Docker’s host.

• 802.1q Trunk Bridge Mode: In this particular method, network traffic passes through an 802.1q sub interface which the Docker creates instantly. This allows the system administrator to control routing and filtering at a more advanced level. Finally, in case the user specifies a parent interface name with a dot included, such as eth0.50 for example, then Docker interprets this as a sub interface of eth0 and creates the sub interface automatically.

Conclusion 

As we explained above in this article, MacVLAN is a successful differentiation of the VLAN technology that is widely used in the IT industry nowadays. Although MacVLAN can only be used with Linux implementations, we would like to see an upgraded edition for Windows based environments that will expand system architecture and abilities for the common user worldwide.

Continue Reading:

Kubernetes vs Docker

Docker vs Virtual Machine

ABOUT THE AUTHOR

Rashmi Bhardwaj

I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”

I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.

I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)