Onload from 201710 adds supports for network namespaces within Docker containers. Support is also included for the MACVLAN driver and MACVLAN sub-interfaces in container and standard host configurations.
The MACVLAN driver allows a single physical interface to be assigned multiple MAC addresses, creating sub-interfaces, each having a unique MAC address. The hardware address can be randomly generated by the driver, or supplied by the user.
An application running in a Docker container will bind to a specific sub-interface to gain direct access to the network adapter. Onload will accelerate network traffic between the container and the network.
Onload is not able to send packets directly between containers having sub-interfaces from the same parent. Such packets will be delivered between containers only via an underlying switch.
MACVLAN Interface Configurations
Onload will support:
- MACVLAN on top of a supported adapter.
- Nested MACVLAN on top of MACVLAN on top of supported adapter.
Traffic between containers might be delivered depending on the routing configuration/policy of the connected external switch and the configuration settings of EF_MCAST_SEND and EF_MCAST_RECV_HW_LOOP.
Configure MACVLAN for a Docker Network
- Before creating the Docker container, setup the Docker network:
docker network create \ -d MACVLAN \ -o parent=<interface> \ --subnet=<address> \ --ip-range=<address> \ my-networkwhere <interface> is the physical network interface that becomes the parent interface to the created sub-interfaces.
When the network is created, only the parent interface needs to be present. When the container is created a sub-interface is created and moved to the network namespace of the container.
- Include the network when creating the Docker container:
docker run \ -it \ --net=my-network \ --device=/dev/onload \ --device=/dev/onload_epoll \ --device=/dev/sfc_char \ my-onload-image \ /bin/bash
See the Installation section and examples above.