Connect Docker containers with mulit link network

Dears
I have four network interfaces in ubuntu docker host and three containers ,
I need to make each container access internet by one network interface

eg: ens160,ens192, ens224 , ens256



container 1 = ens192
container 2 = ens224
container 3 = ens256

and all container has outside access for management purpose

here interfaces

docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        inet6 fe80::42:bcff:fe6d:547b  prefixlen 64  scopeid 0x20<link>
        ether 02:42:bc:6d:54:7b  txqueuelen 0  (Ethernet)
        RX packets 36242  bytes 26108034 (26.1 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 40560  bytes 61704382 (61.7 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens160: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        inet 192.168.25.114  netmask 255.255.255.0  broadcast 192.168.25.255
        inet6 fe80::250:56ff:febe:ddf9  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:be:dd:f9  txqueuelen 1000  (Ethernet)
        RX packets 4664952  bytes 4795644336 (4.7 GB)
        RX errors 0  dropped 312  overruns 0  frame 0
        TX packets 2332217  bytes 397936123 (397.9 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens192: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        inet 10.20.0.3  netmask 255.255.255.0  broadcast 10.20.0.255
        inet6 fe80::250:56ff:febe:89c1  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:be:89:c1  txqueuelen 1000  (Ethernet)
        RX packets 26593560  bytes 37610292158 (37.6 GB)
        RX errors 0  dropped 2519  overruns 0  frame 0
        TX packets 20303707  bytes 1637654175 (1.6 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens224: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        inet 10.21.0.3  netmask 255.255.255.0  broadcast 10.21.0.255
        inet6 fe80::250:56ff:febe:97d8  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:be:97:d8  txqueuelen 1000  (Ethernet)
        RX packets 17294470  bytes 24778365507 (24.7 GB)
        RX errors 0  dropped 2530  overruns 0  frame 0
        TX packets 9364722  bytes 653056608 (653.0 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

and below route

default via 192.168.25.1 dev ens160 proto static
10.20.0.0/24 dev ens192 proto kernel scope link src 10.20.0.3
10.20.0.0/24 dev br-52f5b25520c8 proto kernel scope link src 10.20.0.1 linkdown
10.21.0.0/24 dev ens224 proto kernel scope link src 10.21.0.3
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.25.0/24 dev ens160 proto kernel scope link src 192.168.25.114
192.168.130.60/30 via 192.168.25.1 dev ens160

and below iptable

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy DROP)
target     prot opt source               destination
DOCKER-USER  all  --  0.0.0.0/0            0.0.0.0/0
DOCKER-ISOLATION-STAGE-1  all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
DOCKER     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
DOCKER     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (2 references)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            172.17.0.2           tcp dpt:9000

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  0.0.0.0/0            0.0.0.0/0
DOCKER-ISOLATION-STAGE-2  all  --  0.0.0.0/0            0.0.0.0/0
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

below command to create macvlan

"sudo docker network create -d macvlan --subnet=10.21.0.0/24
     --ip-range=10.21.0.50/28 --gateway=10.21.0.1 -o parent=ens192 pnet192 "

also I’m using portainer and created macvlan with same config but not working

connect (113: No route to host)

Thanks

Source: Docker Questions

LEAVE A COMMENT