January 23, 20188 yr I just upgraded to unRAID 6.4 and is running only one Docker app (UniFi). My unRAID server has two NICs which is currently bonded. I don't think the bonding really works since my smart switch never show any traffic on the second NIC when I run a load test. Now with unRAID 6.4 where I can easily assign an IP address to a Docker container, can someone list the general steps that I would need to accomplish having the Docker container using the second NIC with its own IP assigned by my DHCP server? Or is there a better way to accomplish this without breaking the NIC bond? My first step is to break the bond to make the second NIC available. After that would I use br0, br1, eth0, or eth1? Then do I assign a static IP or use DHCP? Edited February 6, 20188 yr by mifronte Mark solved.
January 28, 20188 yr Did you ever get anywhere with this? I've been playing with it some but haven't been able to get it working
January 30, 20188 yr Author @theiam79I decided to keep the two NIC bonded and setup the LAG as a VLAN trunk on my Cisco SG350 switch. Then in unRAID in Network Settings, I defined a VLAN interface that obtains its IP from my DHCP for that VLAN. I then configured my UniFi docker container to use the appropriate bridge for the VLAN (i.e. br0.30) with a static IP within the VLAN. With the exception of DNS not being properly passed through to the docker container, everything is working great once I configured the docker container with the --dns option to compensate for the DNS problem. Now my UniFi docker container is in its own VLAN and all my APs are connected. The only issue I have is that unRAID is also accessible on the VLAN interface. This defeats my goal of segregating the UniFi controller and my unRAID server being in the same network since I have ports opened on my firewall so that remote APs can connect to the UniFi Controller, but I don't want my unRAID to be in the same network where ports are opened on the firewall. Edited January 30, 20188 yr by mifronte
January 30, 20188 yr As a stop gap, you can stop docker auto network creation and auto network removal by editing the /etc/rc.d/rc.docker script remove the assigned IP on the VLAN interface, then recreate the docker network on the VLAN interface manually. See: https://lime-technology.com/forums/topic/54882-630-how-to-setup-dockers-without-sharing-unraid-ip-address
January 31, 20188 yr Author @ken-ji Thanks for the link. I will have to digest the information and see what tweaks I need to do to apply it to my situation. I really can't have unRAID being available in a network with opened ports on the firewall. Will I have to edit the /etc/rc.d/rc.docker and manually recreate the docker network on the VLAN every time my unRAID server reboot?
January 31, 20188 yr instructions are on the topic to modify the go file to auto update the /etc/rc.d/rc.docker file to disable auto network creation and cleanup. (revert to 6.3.x behavior) thus you only need to define your docker network once.
January 31, 20188 yr 5 hours ago, mifronte said: @ken-ji Thanks for the link. I will have to digest the information and see what tweaks I need to do to apply it to my situation. I really can't have unRAID being available in a network with opened ports on the firewall. Will I have to edit the /etc/rc.d/rc.docker and manually recreate the docker network on the VLAN every time my unRAID server reboot? An update will be available which allows to create custom networks from the GUI without participation of the system. This addresses the access concerns (unRAID won't be accessible on a non-participating interface or VLAN) and it allows containers to access the host, provided containers are linked to a different interface or VLAN as the management interface of unRAID (br0/eth0).
February 2, 20188 yr Author Since I decided to keep the two NICs on my unRAID bonded in 802.3ad mode, I decided to do some testing to see if the bonded NICs were effectively being used. My first test was to start 5 simultaneous Blu-ray streams from different devices. Looking at the port ulization on my Cisco SG350 switch, only one NIC was utlized at less than 50%. So I guess BD streams do not really get close to saturating the gigabit link. For my next test, I decided to start 4 different instances of iperf3 servers on the unRAID box listening on different ports. From 4 separate clients, I started the iperf test with each client configured to saturate a gigabit link. Sure enough, the port utilization on my switch shows that the two ports in the LAG were indeed being utilized at 99%. Since I had 4 clients devices, two were configured to transmit (TX) and two configured to receive (RX). Looks like the 802.3ad is working since both NICs were equally being utlized for both TX and RX. I am quite pleased to be running my bonded connection as a trunk and running my Docker in a separate VLAN. Now I will just wait until the next release where I can configured so that unRAID is not available on the VLAN interface. Edited February 4, 20188 yr by mifronte Spelling correction
February 3, 20188 yr The maximum a BR stream can do is around 54 Mbps (depending on coding). To fully saturate a gigabit link you would need 20 or more streams. I gues for an average household this is more than enough. unRAID 6.4.1 is released. This version supports Docker custom networks on interfaces (VLANs) without IP address assigned.
February 6, 20188 yr Author Just updated to unRAID 6.4.1 and reconfigured to use Docker on VLAN without IP being assigned to unRAID on the VLAN interface. Now my UniFi docker with ports opened to the Internet is isolated in its own VLAN properly without having to worry about unRAID also being available in the same Docker VLAN. Great job!
Archived
This topic is now archived and is closed to further replies.