Docker On Separate NIC w/ unRAID 6.4 [Solved]


Recommended Posts

I just upgraded to unRAID 6.4 and is running only one Docker app (UniFi).  My unRAID server has two NICs which is currently bonded.  I don't think the bonding really works since my smart switch never show any traffic on the second NIC when I run a load test.

 

Now with unRAID 6.4 where I can easily assign an IP address to a Docker container, can someone list the general steps that I would need to accomplish having the Docker container using the second NIC with its own IP assigned by my DHCP server?  Or is there a better way to accomplish this without breaking the NIC bond?

 

My first step is to break the bond to make the second NIC available.  After that would I use br0, br1, eth0, or eth1?  Then do I assign a static IP or use DHCP?

Edited by mifronte
Mark solved.
Link to comment

@theiam79I decided to keep the two NIC bonded and setup the LAG as a VLAN trunk on my Cisco SG350 switch.  Then in unRAID in Network Settings, I defined a VLAN interface that obtains its IP from my DHCP for that VLAN.  I then configured my UniFi docker container to use the appropriate bridge for the VLAN (i.e. br0.30) with a static IP within the VLAN.  With the exception of DNS not being properly passed through to the docker container, everything is working great once I configured the docker container with the --dns option to compensate for the DNS problem.

 

Now my UniFi docker container is in its own VLAN and all my APs are connected.  The only issue I have is that unRAID is also accessible on the VLAN interface.  This defeats my goal of segregating the UniFi controller and my unRAID server being in the same network since I have ports opened on my firewall so that remote APs can connect to the UniFi Controller, but I don't want my unRAID to be in the same network where ports are opened on the firewall.

 

Edited by mifronte
Link to comment

@ken-ji Thanks for the link.  I will have to digest the information and see what tweaks I need to do to apply it to my situation.  I really can't have unRAID being available in a network with opened ports on the firewall.

 

Will I have to edit the /etc/rc.d/rc.docker and manually recreate the docker network on the VLAN every time my unRAID server reboot? 

Link to comment
5 hours ago, mifronte said:

@ken-ji Thanks for the link.  I will have to digest the information and see what tweaks I need to do to apply it to my situation.  I really can't have unRAID being available in a network with opened ports on the firewall.

 

Will I have to edit the /etc/rc.d/rc.docker and manually recreate the docker network on the VLAN every time my unRAID server reboot? 

 

An update will be available which allows to create custom networks from the GUI without participation of the system.

This addresses the access concerns  (unRAID won't be accessible on a non-participating interface or VLAN) and it allows containers to access the host, provided containers are linked to a different interface or VLAN as the management interface of unRAID (br0/eth0).

 

Link to comment

Since I decided to keep the two NICs on my unRAID bonded in 802.3ad mode, I decided to do some testing to see if the bonded NICs were effectively being used.

 

My first test was to start 5 simultaneous Blu-ray streams from different devices.  Looking at the port ulization on my Cisco SG350 switch, only one NIC was utlized at less than 50%.  So I guess BD streams do not really get close to saturating the gigabit link.

 

For my next test, I decided to start 4 different instances of iperf3 servers on the unRAID box listening on different ports.  From 4 separate clients, I started the iperf test with each client configured to saturate a gigabit link.  Sure enough, the port utilization on my switch shows that the two ports in the LAG were indeed being utilized at 99%.  Since I had 4 clients devices, two were configured to transmit (TX) and two configured to receive (RX).  Looks like the 802.3ad is working since both NICs were equally being utlized for both  TX and RX.

 

I am quite pleased to be running my bonded connection as a trunk and running my Docker in a separate VLAN.  Now I will just wait until the next release where I can configured so that unRAID is not available on the VLAN interface.

Edited by mifronte
Spelling correction
Link to comment

The maximum a BR stream can do is around 54 Mbps (depending on coding). To fully saturate a gigabit link you would need 20 or more streams. I gues for an average household this is more than enough.

 

unRAID 6.4.1 is released. This version supports Docker custom networks on interfaces (VLANs) without IP address assigned.

 

Link to comment

Just updated to unRAID 6.4.1 and reconfigured to use Docker on VLAN without IP being assigned to unRAID on the VLAN interface.  Now my UniFi docker with ports opened to the Internet is isolated in its own VLAN properly without having to worry about unRAID also being available in the same Docker VLAN.

 

Great job!

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.