Docker and macvlan

If you want to use docker containers in your regular LAN subnet you need to setup a new Docker network with macvlan driver.

First create your Docker network. — ip-range specifies all addresses that Docker will manage. Chose a part of your subnet outside your DHCP-scoop if you have one to avoid ip conflicts.
–aux-address=’host=192.168.6.4′ docker_net is tied to your host interface to allow your containers to comunicate with your host.

[root@docker01 ~]# docker network create -d macvlan -o parent=ens224 \
--subnet 192.168.6.0/24 \
--gateway 192.168.6.1 \
--ip-range 192.168.6.192/27 \
--aux-address='host=192.168.6.4' docker_net

As you can see when running docker network ls we have a new network called docker_net with macvlan driver.

Docker network

Next step is to create a macvlan interface, in this example called docker_int.
[root@docker01 ~]# ip addr add docker_int link ens224 type macvlan mode bridge

Configure the interface with your selected host address and bring it up. Last step is to add a IP route to tell your host how to connect to to al Docker containers.

[root@docker01 ~]# ip link add docker_int link ens224 type macvlan mode bridge
[root@docker01 ~]# ip link set docker-shim up
[root@docker01 ~]# ip route add 192.168.1.192/27 dev docker_int

Run a container and connect it to docker_net
[root@docker01 ~]# docker run nginx -network docker_net

If you want to check container ip run:

[root@docker01 ~]# docker inspect CONTAINER_ID

Filter all IPv6 traffic on HPE procurve switches

This config will dropp all ipv6 packages on vlan 1

ASW-02# conf
ASW-02(config)# ipv6 access-list "drop-all-v6"
ASW-02(config-ipv6-acl)# 10 deny ipv6 ::/0 ::/0
ASW-02(config-ipv6-acl)# exit
ASW-02(config)# vlan 1
ASW-02(vlan-1)# ipv6 access-group "drop-all-v6" vlan
ASW-02(vlan-1)#