The NAT issue you hit with the bridge driver crossing vlans is exactly the kind of gotcha that makes people think networking is dark magic. Calling macvlan/ipvlan a "vrf" is spot on though, that isolation between containers on the same host catches a lot of folks off guard. Good call on the external network trick for sharing the driver config.
The NAT issue you hit with the bridge driver crossing vlans is exactly the kind of gotcha that makes people think networking is dark magic. Calling macvlan/ipvlan a "vrf" is spot on though, that isolation between containers on the same host catches a lot of folks off guard. Good call on the external network trick for sharing the driver config.
Thanks, glad you found the article insightful. Docker is a great tool, but there's so much nuance you really need to be aware of.