2

I'm trying to have a CentOS container with two network interfaces. After going through the Docker docs and "googleing" a bit, I found this GitHub issue comment that specifies how to achieve this.

Following it, I created a new network (default type: bridge)

docker network create my-network

Inspecting the new network, I can see that Docker assigned it to the subnetwork 172.18.0.0/16 and the gateway 172.18.0.1/16.

Then, when creating the container, I specifically attach the new network:

docker create -ti --privileged --net=my-network --mac-address 08:00:AA:AA:AA:FF <imageName>

Inside the container, I can check with ifconfig that indeed the interface is present with that IP and mac address:

eth0      Link encap:Ethernet  HWaddr 08:00:AA:AA:AA:FF  
          inet addr:172.18.0.2  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::a00:aaff:feaa:aaff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:258 (258.0 b)  TX bytes:258 (258.0 b)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

The problem comes when I connect the container to the default Docker network (bridge0 a.k.a bridge):

docker network connect bridge <my-container>

Checking now the interfaces in the container:

eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:02  
          inet addr:172.17.0.2  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:17 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2941 (2.8 KiB)  TX bytes:508 (508.0 b)

eth1      Link encap:Ethernet  HWaddr 08:00:AA:AA:AA:FF  
          inet addr:172.18.0.2  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::a00:aaff:feaa:aaff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:17 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2941 (2.8 KiB)  TX bytes:508 (508.0 b)

The interface for my new network gets moved onto eth1, meanwhile the interface for the default networks gets eth0.

Also, when checking the configuration file for the interface (/etc/sysconfig/network-scripts/ifcfg-eth0), I can see that the MAC address specified there differs from the one I manually set up when running the container (08:00:AA:AA:AA:FF):

DEVICE="eth0"
BOOTPROTO="dhcp"
HWADDR="52:54:00:85:11:33"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
MTU="1500"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
UUID="25016937-1ff9-40d7-b4c3-18e08af0f98d"

In /etc/sysconfig/network-scripts there is only the configuration file for eth0. The file for eth1 (the newly added interface) is missing.

Due to the requirements of the work I'm involved, I need that the first interface has to be always disabled and its MAC address has to be specifically set.

Any other network-related work must go through the new attached NIC.

My question is:

How can I attach a new NIC to the container so eth0 will have the desired MAC address.

Doing this at image level is also fine.

Adri C.S.
  • 2,909
  • 5
  • 36
  • 63

1 Answers1

4

The goal is to have a running container with two NICs: eth0 and eth1.

eth0 will have a specific MAC address (let's say, AA:AA:AA:AA:AA:AA) and will be disabled. All networking will be done through eth1.

I will assume that the Docker image has a user with rights to execute ifdown and/or ifconfig

eth0 is already present in the image and "talks" to the default Docker networ: bridge (created when Docker was installed).

We have to modify the config file for eth0 in the image (/etc/sysconfig/network-scripts/ifcg-eth0) to modify its MAC address: the field called HWADDR in the file.

After this, we have to commit the changes to a new image. Let's call it myImage.

Now, we have to create a new network for the second interface:

docker network create myNetwork

By default it is a bridge network (which is enough in my case).

Since the requirement is to have eth0 with a custom MAC address, we have to create the container without specifying a network; which will connect it to the default bridge network.

docker create -ti --mac-address=AA:AA:AA:AA:AA:AA --privileged --hostname=myHostnane --name=myContainer myImage

It is important to create the container with the --privileged switch so we can take down the eth0 interface.

Now, before starting the container, we connect it to the new network:

docker network connect myNetwork myContainer

Now the container has two interfaces: the original eth0 for the bridge network and the new eth1 for myNetwork network.

At this point, we can start the container:

docker start myContainer

and then execute the order to take down eth0:

docker exec myContainer /bin/bash -c "sudo ifdown eth0"

To take down the interface, we must do this when running a container. The reason is that any changes in the networking files will only persist in its running container, so it's not possible to commit the down interface (old, but still relevant).

Adri C.S.
  • 2,909
  • 5
  • 36
  • 63
  • I Have the same issue, I don't really understand how all of this answers the original question. This issue is discussed a lot throughout the internet, such as in docker tickets, addressed somehow in compose `PRIORITY` and also here : https://networkop.co.uk/post/2018-03-03-docker-multinet/ – HLL Nov 08 '20 at 10:55