-
Notifications
You must be signed in to change notification settings - Fork 325
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No network interface created on Host that links to Guest #45
Comments
Edit: Seems this would be possible if an option is added to the docker configuration to allow the setting of the tap interface. |
HyperKit allows you to create network interface (see
will create a bridge interface on the host and a virtio network interface inside the VM. If
and I can |
I don't think this is a hyperkit issue since as @rneugeba says hyperkit already supports this sort of thing. I think this is actually a Docker 4 Mac feature request and so should be made via the D4M feedback channels (please consult the docs for the right place to go). However, if I understand the request correctly, the answer is that this functionality is exposed via the usual |
Thanks for that, I found a entry inside the forums with exactly what I'm after |
So, what's the solution, why this issue has been closed without a solution? |
@inancgumus The issue was closed since it wasn't an issue in hyperkit. Hyperkit does support the network interfaces required. The issue is that docker for mac is using it wrong, thus the additional external links. To clarify though, docker for mac still hasn't to my knowledge fixed this. I've given up hope to be honest =_= P.S. lots of info in this thread, including some hacky solutions: https://forums.docker.com/t/support-tap-interface-for-direct-container-access-incl-multi-host/17835/17 |
Docker for Mac is not "using it wrong". It is using VPNKit to provide network connectivity, which does not create a host interface (and does not require to be run as @inancgumus there are two comments above explaining why this was closed: #45 (comment) and #45 (comment) |
@AlmirKadric @rneugeba Hmm, sad. Is someone here from Docker? I've read almost all of the solutions and the topics but no luck yet. Probably, I'm going to install an ubuntu inside os x through a virtual machine (which vaporizes the Docker's direct benefits). It's been years and I still see this problems. I wonder where Docker spends its money. It forces us to use non-osx OSes. Of course, these claims can easily be defendable by Docker team, however, it doesn't make our developers' life easier, "as promised". :( |
I work for Docker. As mentioned above, the OP was requesting a feature which is already is present, hence this issue was closed. What you seem to be looking for is a feature in Docker for Mac (which uses hyperkit) and should open an issue on https://github.com/docker/for-mac/issues |
@rneugeba I don't need to, thx for the advice, because there are many issues about this problem already lingering with little hope, calling help from Docker team:
|
@rneugeba sorry for saying it was being used wrong, cant help but be snarky about it considering the timeline. To clarify it, docker for mac isn't using it wrong, its just isn't consistent across different platforms. On docker for windows and docker for linux you can route over the host virtual machine to get access to the guest containers. However in docker for mac this isn't the case due to the tap interface not being created and no means are provided to allow you to create it easily (there are some hackish attempts out there to get some form of routing working, some are listed inside the thread I mentioned). But yes I agree, this isn't a problem with hyperkit and the issue belongs in the docker for mac issue tracker. @inancgumus yes it is quite sad, I have given up hope on docker for mac fixing the issue any time soon. They seem swamped with other work, and this features/bug just doesn't seem to be priority. From what I have seen (or perhaps a gut feeling), there seems to be some conflict as to whether or not Docker should allow routing into the guest containers. It seems that on windows and linux it is more a side effect of the tools used and on mac providing this consistency would be going against some design choice that was made along the way. I do hope this is resolved soon as it is a very much needed feature for so many people, but I wouldn't hold my breath. Probably better to find a work around in the mean time. |
For Docker feature requests, take a look at the roadmap repo: https://github.com/docker/roadmap/issues?q=is%3Aissue+is%3Aopen+network |
Hi, |
If a tun (L3) interface works for your needs, you can use docker-mac-net-connect which creates a lightweight WireGuard tunnel under the hood between macOS and the Docker Linux VM (just a single Go binary on macOS side since WireGuard is built into the Linux kernel). |
Wouldn’t that VPN be a bit slow? |
That's the first I've heard of it - have you tried it? VPNs will always have extra overhead, but in the case of WireGuard it's very small - I doubt it's anything you would notice. The current state of Docker for mac requires a tunnel to accomplish L2/L3 networking (without hacks). WireGuard was chosen for that project because the protocol is built into the Linux kernel - closer to the metal / faster than other VPNs today. Also doesn't require a background process on the Linux VM since it is handled via the kernel module. Topology wise it's just a single hop going between macOS host and Linux VM (via VPNKit). If you're having performance issues please submit an issue, I would love to investigate. |
@gregnr Alright, I'll give it a try. Thanks you. |
These are the hacks I was referring to: HyperKit fully supports bridge interfaces, but Docker for mac doesn't expose it. So the method above manually starts HyperKit with the modified config.
|
@gregnr To the interface that are present in LinuxKit here : Right ? Some HomeKit container doesn't like to be used with same IP and port forwarding. So I prefer |
And, by taking a look at it : I'm not sure, I will be able to do it my self… |
Currently there is no virtual network interface created on the
Host
(MacOSX) which links to the interface inside theGuest
(VM). This creates a lot of limitation in terms of IP routing.As it stands the
Guest
can route outwards and even ping theHost
but the other way is not true. This also adds additional limitations to docker which are not desirable.What I am trying to achieve is to create a route in the
Host
which hops over theGuest
into one of its containers. However since there is no IP mapped to theGuest
inside theHost
there is no way to do this.VirtualBox solves this by create a virtual interface with an IP address as such:
Also in the past this was solved with docker-machine using the following:
Furthermore, from what I have seen so far it seems that bhyve and xhyve do support creating tap interfaces on the
Host
which should map to theGuest
which would solve this whole issue.https://www.freebsd.org/doc/handbook/virtualization-host-bhyve.html
https://github.com/mist64/xhyve#networking
http://tuntaposx.sourceforge.net/
The text was updated successfully, but these errors were encountered: