Hey there! I'm running two Docker containers, Home Assistant and a Matter server, which are connected to my primary LAN via a macvlan network. I've noticed that these containers aren't setting up the routes to my Thread network (fd35:1ee:867d:1::/64) like I would expect. The Thread network is behind a dedicated Thread Border Router (TBR) that's sending out Router Advertisements (RAs). My Windows PC and Linux laptop set up the routes to the Thread network just fine, but the Docker containers only seem to get the default route and miss out on the Thread-specific route. Any ideas on what might be causing this?
2 Answers
It sounds like your problem might lie in the network configuration for the containers. MACVLAN can be tricky sometimes. Have you thought about how you’re defining the Docker networks? It's important to remember that containers don't use DHCP or SLAAC for IP assignment — Docker manages that through the network settings. You might also want to check for any firewall rules that could be blocking the RAs.
Yeah, definitely double-check those network configurations. If you can, also try spinning up a `nicolaka/netshoot` container and see how it behaves on the macvlan network.
This might stem from how the default routes are set up. It looks like your containers are generating multiple default routes, which could be causing some confusion. Each of your containers has two default routes but lacks a specific entry for the Thread subnet. It might help to simplify your network setup or adjust the metric values to prioritize the correct route. Also, make sure the other networks your containers are attached to are necessary, especially if you're using MACVLAN.
I see your point about the default routes. I might need to consolidate them to avoid any round-robin issues. Thanks for the insight!
Exactly! Also check if your host’s firewall might be interfering with the MACVLAN functionality. Some setups block RA packets and that could be the root of your issue.
Thanks for the tip! I added more details about my setup in my main post. I’ll take a look at the firewall rules next.