Skip to main content
Containers typically use network namespaces for isolation, but some legacy applications require direct attachment to the physical LAN. Docker’s MACVLAN driver assigns each container its own MAC address on a virtual interface, making the container appear as a standalone host on your network. This guide covers how to create a MACVLAN network, the available modes, and a comparison of Docker’s built-in network drivers.

Why Use MACVLAN?

  • Direct Layer 2 connectivity with your physical network
  • Unique MAC addresses for each container
  • Support for legacy applications requiring their own IP on the LAN
Before you begin, ensure the parent interface (eth0 in these examples) is active and not part of another bridge. You may need to bring it up with ip link set eth0 up.

1. Creating a MACVLAN Network

Use the macvlan driver when creating a Docker network: 
docker network create -d macvlan \
  --subnet=192.168.1.0/24 \
  --gateway=192.168.1.1 \
  -o parent=eth0 \
  my_macvlan_net
Parameters:
  • -d macvlan
    Selects the MACVLAN driver.
  • --subnet / --gateway
    Defines the IP range and default gateway on the physical LAN.
  • -o parent=eth0
    Binds Docker’s MACVLAN to the host interface eth0.
  • my_macvlan_net
    Your custom network name.

2. MACVLAN Modes

MACVLAN supports two primary modes for segmenting and isolating traffic:
ModeDescriptionUse Case
Bridge (bridge)Creates a Layer 2 bridge on the parent interface.Simple flat network where all containers share a VLAN.
802.1Q Trunk (802.1q)Tags traffic on a VLAN subinterface (e.g., eth0.100).Segmented VLAN routing and filtering per container.
Your physical switch must support 802.1Q tagging, and the parent interface must be configured as a trunk port to carry multiple VLANs.

3. Summary of Docker Network Drivers

Here’s a quick reference table comparing Docker’s built-in network drivers:
DriverDescriptionTypical Use Case
noneDisables all networking for the container.Security testing, isolated workloads
hostShares the host’s network namespace; removes network isolation.High-performance scenarios, monitoring tools
bridgeDefault driver; creates a local L2 bridge on a single host.Single-host deployments, simple microservices
overlayCreates an L3 overlay across multiple hosts (requires a key-value store backend).Multi-host Swarm services, cross-node traffic
macvlanAssigns unique MAC addresses for L2 connectivity, available in bridge and VLAN modes.Legacy apps, direct LAN access
ipvlanOperates at L2 but routes at host level for higher scalability in dense networks.Large-scale deployments with many endpoints

4. Next Steps

Once your MACVLAN network is created, you can launch containers on it: 
docker run -d --network my_macvlan_net --name webserver nginx
Each container will receive an IP from your defined subnet and appear as a physical host on the LAN. That concludes this lesson on Docker MACVLAN networks. Advanced multi-VLAN and trunking scenarios will be covered in a future guide.

Watch Video