mifronte Posted January 23, 2018 Share Posted January 23, 2018 (edited) I just upgraded to unRAID 6.4 and is running only one Docker app (UniFi). My unRAID server has two NICs which is currently bonded. I don't think the bonding really works since my smart switch never show any traffic on the second NIC when I run a load test. Now with unRAID 6.4 where I can easily assign an IP address to a Docker container, can someone list the general steps that I would need to accomplish having the Docker container using the second NIC with its own IP assigned by my DHCP server? Or is there a better way to accomplish this without breaking the NIC bond? My first step is to break the bond to make the second NIC available. After that would I use br0, br1, eth0, or eth1? Then do I assign a static IP or use DHCP? Edited February 6, 2018 by mifronte Mark solved. Quote Link to comment
theiam79 Posted January 28, 2018 Share Posted January 28, 2018 Did you ever get anywhere with this? I've been playing with it some but haven't been able to get it working Quote Link to comment
mifronte Posted January 30, 2018 Author Share Posted January 30, 2018 (edited) @theiam79I decided to keep the two NIC bonded and setup the LAG as a VLAN trunk on my Cisco SG350 switch. Then in unRAID in Network Settings, I defined a VLAN interface that obtains its IP from my DHCP for that VLAN. I then configured my UniFi docker container to use the appropriate bridge for the VLAN (i.e. br0.30) with a static IP within the VLAN. With the exception of DNS not being properly passed through to the docker container, everything is working great once I configured the docker container with the --dns option to compensate for the DNS problem. Now my UniFi docker container is in its own VLAN and all my APs are connected. The only issue I have is that unRAID is also accessible on the VLAN interface. This defeats my goal of segregating the UniFi controller and my unRAID server being in the same network since I have ports opened on my firewall so that remote APs can connect to the UniFi Controller, but I don't want my unRAID to be in the same network where ports are opened on the firewall. Edited January 30, 2018 by mifronte Quote Link to comment
ken-ji Posted January 30, 2018 Share Posted January 30, 2018 As a stop gap, you can stop docker auto network creation and auto network removal by editing the /etc/rc.d/rc.docker script remove the assigned IP on the VLAN interface, then recreate the docker network on the VLAN interface manually. See: https://lime-technology.com/forums/topic/54882-630-how-to-setup-dockers-without-sharing-unraid-ip-address Quote Link to comment
mifronte Posted January 31, 2018 Author Share Posted January 31, 2018 @ken-ji Thanks for the link. I will have to digest the information and see what tweaks I need to do to apply it to my situation. I really can't have unRAID being available in a network with opened ports on the firewall. Will I have to edit the /etc/rc.d/rc.docker and manually recreate the docker network on the VLAN every time my unRAID server reboot? Quote Link to comment
ken-ji Posted January 31, 2018 Share Posted January 31, 2018 instructions are on the topic to modify the go file to auto update the /etc/rc.d/rc.docker file to disable auto network creation and cleanup. (revert to 6.3.x behavior) thus you only need to define your docker network once. Quote Link to comment
bonienl Posted January 31, 2018 Share Posted January 31, 2018 5 hours ago, mifronte said: @ken-ji Thanks for the link. I will have to digest the information and see what tweaks I need to do to apply it to my situation. I really can't have unRAID being available in a network with opened ports on the firewall. Will I have to edit the /etc/rc.d/rc.docker and manually recreate the docker network on the VLAN every time my unRAID server reboot? An update will be available which allows to create custom networks from the GUI without participation of the system. This addresses the access concerns (unRAID won't be accessible on a non-participating interface or VLAN) and it allows containers to access the host, provided containers are linked to a different interface or VLAN as the management interface of unRAID (br0/eth0). Quote Link to comment
mifronte Posted January 31, 2018 Author Share Posted January 31, 2018 Can't wait to try it out! Thanks @bonienl. Quote Link to comment
mifronte Posted February 2, 2018 Author Share Posted February 2, 2018 (edited) Since I decided to keep the two NICs on my unRAID bonded in 802.3ad mode, I decided to do some testing to see if the bonded NICs were effectively being used. My first test was to start 5 simultaneous Blu-ray streams from different devices. Looking at the port ulization on my Cisco SG350 switch, only one NIC was utlized at less than 50%. So I guess BD streams do not really get close to saturating the gigabit link. For my next test, I decided to start 4 different instances of iperf3 servers on the unRAID box listening on different ports. From 4 separate clients, I started the iperf test with each client configured to saturate a gigabit link. Sure enough, the port utilization on my switch shows that the two ports in the LAG were indeed being utilized at 99%. Since I had 4 clients devices, two were configured to transmit (TX) and two configured to receive (RX). Looks like the 802.3ad is working since both NICs were equally being utlized for both TX and RX. I am quite pleased to be running my bonded connection as a trunk and running my Docker in a separate VLAN. Now I will just wait until the next release where I can configured so that unRAID is not available on the VLAN interface. Edited February 4, 2018 by mifronte Spelling correction Quote Link to comment
bonienl Posted February 3, 2018 Share Posted February 3, 2018 The maximum a BR stream can do is around 54 Mbps (depending on coding). To fully saturate a gigabit link you would need 20 or more streams. I gues for an average household this is more than enough. unRAID 6.4.1 is released. This version supports Docker custom networks on interfaces (VLANs) without IP address assigned. Quote Link to comment
mifronte Posted February 6, 2018 Author Share Posted February 6, 2018 Just updated to unRAID 6.4.1 and reconfigured to use Docker on VLAN without IP being assigned to unRAID on the VLAN interface. Now my UniFi docker with ports opened to the Internet is isolated in its own VLAN properly without having to worry about unRAID also being available in the same Docker VLAN. Great job! Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.