0

I'm in the midst of a project that made to convert an existing VOIP legacy system into a dockerized form. The existing system consists of 5 different Linux machines, each machine is having 2 different network interfaces - one exposed to the public WAN, and the other is a private Lan network. I plan on creating a docker compose file for setting up the orchestration.

The network roughly looks like this:

Server #1 Eth0: IP 192.168.0.200/24 Eth1: IP X.X.X.65/27

Server #2 Eth0: IP 192.168.0.201/24 Eth1: IP X.X.X.66/27

Server #3 Eth0: IP 192.168.0.202/24 Eth1: IP X.X.X.87/27

Server #4 Eth0: IP 192.168.0.203/24 Eth1: IP Y.Y.Y.240/27

Server #5 Eth0: IP 192.168.0.204/24 Eth1: IP Y.Y.Y.241/27

Servers 1-3 are part of the same subnet, so are servers 4-5.

I am trying to find the best way to convert this network setup into docker networks, I want every container to preserve his public IP (the one on Eth1, meaning that traffic generated from the container will keep the same public IP it had on the original server), but also to be able to communicate with every other docker container on the same private net, while also keeping it easily managable and having the least overhead possible.

I've created 3 macvlan networks and 1 bridge network using docker-compose, but the problem is that DNS resolution provides every container with the IP address I gave it in the Macvlan network it belongs to, say 2 dockers were assigned to the bridge network and to the same Macvlan network, resolving each other container name will provide with their Macvlan address rather than the Bridge IP address. I would like to force communication between all containers over the BRIDGE network only (essentialy setting the Macvlan network into private mode). How can I acheieve that?

Eddie Romanenco
  • 311
  • 4
  • 16
  • Is this different from [your earlier question](https://stackoverflow.com/questions/64357626/docker-converting-an-existing-legacy-system-to-dockerized-form-while-maintainin)? Is there any application source code that's relevant to this, or is it purely a question about network configuration? – David Maze Oct 18 '20 at 19:29
  • This is purely network related question, it relates to my previous question in some way, but emphasizes more on how docker handles 2 networks on same container. – Eddie Romanenco Oct 18 '20 at 19:38
  • have you considered using --alias with "docker network connect"? like having a dedicated name for a container within the bridge network and use that name for the internal communications? – Kiryl Oct 19 '20 at 07:55
  • @KirylZ It could work, I was hoping for a more elegant solution. I will test this approach and let you know if it worked. – Eddie Romanenco Oct 19 '20 at 08:29
  • Also, try to connect to the bridge network in the first/last step... it may change the default gateway. – Kiryl Oct 19 '20 at 09:45
  • I actually want the default gateway to be the Macvlan address, but only for egress traffic and not inner container traffic. – Eddie Romanenco Oct 19 '20 at 09:47
  • Hmmm... not sure if it's possible w/o custom dns server or something – Kiryl Oct 19 '20 at 13:57
  • Here is by the way a similar case https://stackoverflow.com/questions/36882945/change-default-route-in-docker-container – Kiryl Oct 19 '20 at 13:58

1 Answers1

1

Consider using --alias with "docker network connect". Like having a dedicated name for a container within the bridge network and use that name for the internal communications

Kiryl
  • 1,416
  • 9
  • 21