macvlan host guest connectivity

There are a number of sites out there mentioning that macvlan has a limitation when used with docker or lxc containers. The host machine will not be able to communicate with the guest machine and vice versa. While this is true by default, there is a tweak that you can perform to make host guest connectivity possible. I found out about this through a 2012 blog post which is no longer around. It has worked for me all the way up till Ubuntu 20.04 where some further steps are needed.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
# cat /etc/network/interfaces
auto lo
iface lo inet loopback


auto eth0
iface eth0 inet static
        address 192.168.0.123           # static IP of your host machine
        netmask 255.255.255.0
        gateway 192.168.0.1             # IP of gateway
        dns-nameservers 8.8.8.8 8.8.4.4

auto macvlan0
iface macvlan0 inet dhcp
    # as eth0 and macvlan0 are on the same LAN, we must drop default route and LAN route
    # from eth0 configuration to avoid conflicts (this just slooooow down things).
    pre-up route del default            # pre-up executes these commands before bringing up the macvlan0 interface 
    # NOTE: adapt this line to your LAN address and netmask         
    pre-up route del -net 192.168.0.0 netmask 255.255.255.0
    pre-up ip link add link eth0 name macvlan0 type macvlan mode bridge

What this achieves is to give a static IP address to eth0 on the host machine, so that it is easily accessible by other machines. As eth0 is unable to communicate with the guest machine, we get pass this known limitation by deleting all routes through eth0 then setup macvlan0 interface and route all egress traffic through macvlan0. Since your host machine traffic is now routed through macvlan0, we can now communicate with the guest machine. Do note that all egress traffic from the host machine will now appear to originate from the DHCP IP, 192.168.0.55 in the example, and not the static IP. This does not stop me from hosting services on the host machine, I can SSH to the static IP just fine.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.123  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::0  prefixlen 64  scopeid 0x20<link>
        ether de:ad:be:ef:ca:fe  txqueuelen 1000  (Ethernet)

macvlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.55  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::0  prefixlen 64  scopeid 0x20<link>
        ether de:ad:be:ef:ca:ff  txqueuelen 1000  (Ethernet)

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.0.1     0.0.0.0         UG    203    0        0 macvlan0
192.168.0.0     0.0.0.0         255.255.255.0   U     203    0        0 macvlan0

For Ubuntu 20.04, I have found that the eth0 route will still be present. This is because dhcpcd will automatically add the eth0 route at regular intervals. To get around this, I added an additional line to set the eth0 route metric to 400 for the 2 files listed below. This means that the macvlan0 route will be prioritised over the eth0 route and connectivity is restored. It would also be prudent to try disabling/enabling dhcpcd to see the effect. I have found that allowing dhcpcd to run may result in multiple DHCP IPs to be requested by the macvlan0 interface.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# cat /etc/dhcpcd.conf
interface eth0
        static ip_address=192.168.0.123/24
        static routers=192.168.0.1
        static domain_name_servers=8.8.8.8 8.8.4.4
        metric 400                                  # Add this line for Ubuntu 20.04

# cat /etc/network/interfaces
...
iface eth0 inet static
        address 192.168.0.123           # static IP of your host machine
        netmask 255.255.255.0
        gateway 192.168.0.1             # IP of gateway
        dns-nameservers 8.8.8.8 8.8.4.4
        metric 400                      # May have to add this for Ubuntu 20.04
...

# service dhcpcd restart
# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.0.1     0.0.0.0         UG    203    0        0 macvlan0
default         192.168.0.1     0.0.0.0         UG    400    0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     203    0        0 macvlan0
192.168.0.0     0.0.0.0         255.255.255.0   U     400    0        0 eth0

If you are using LXC containers, the following profile should work. You can configure the eth0 interface on the guest to either use a static IP or DHCP as per normal.

1
2
3
4
5
6
7
8
9
# lxc profile show default
config: {}
description: Default LXD profile
devices:
  eth0:
    nictype: macvlan
    parent: eth0
    type: nic
...


Tags: Server

Similar Articles

happy monthiversary - After more than half a year of tweaking + trial and error, I think I have finally pinpointed the cause of my server crashes. Nope, nothing to do with kernel stability, nothing to do with crond or ...
Software Versioning - I have recently started managing yet another server. The server is running Ubuntu 14.04 LTS and therefore support is good for another 5 years. Just to be safe, I double checked the openssl ...
Server cluster for $500 - Already have one, seven more needed. Just joking. Looks real nice with all the LEDs and stackable case.Cable management will be a nightmare though. 8 ARM CPUs, 16 cores clocked at 1.4Ghz. ...
Running HTTPS, SSH and VPN on port 443 - A port can only be bound to one service at a time, which makes perfect sense since the OS cannot possibly know which application to route the packet to. However, protocols often have distinct ...