WSL2 Mirrored Networking and Podman macvlan DHCP

[avlec]

Is your feature request related to a problem? Please describe. I am trying to use a macvlan podman network with DHCP to dynamically assign IP addresses to my containers via the target. Instructions referenced for setup https://github.com/containers/podman/blob/main/docs/tutorials/basic_networking.md#macvlan

Error: netavark (exit code 1): unable to obtain lease: dhcp proxy error: status: Aborted, message: "Timeout: Timeout", details: [], metadata: MetadataMap { headers: {"content-type": "application/grpc", "date": "Tue, 12 Mar 2024 21:24:12 GMT", "content-length": "0"} }

Describe the solution you'd like For the macvlan podman networks to be able to use the mirrored interface to perform DHCP for the containers.

Describe alternatives you've considered I have had success using an ipvlan podman network with an IP range to handle the containers addresses which works but is extra configuration unique to the machine and network.

Additional context Windows 11 WSL2 with mirrored networking configuration. podman rootful machine.

Adding onto this that I've tried all the different podman network types with no difference in results.

[github-actions[bot]]

Hi I'm an AI powered bot that finds similar issues based off the issue title.

Please view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it. Thank you!

Open similar issues:

• Networking mirrored can't work on WSL2 (#10632), similarity score: 0.77
• config networkingMode=mirrored doesn't apply to wsl2 (#11228), similarity score: 0.74
• The podman network DNS doesn't work in WSL2 (#10092), similarity score: 0.72
• Cannot enable Mirrored network on WSL (#11154), similarity score: 0.70

Closed similar issues:

• A WSL2 bug. The DHCP server does not work. (#5205), similarity score: 0.72

Note: You can give me feedback by thumbs upping or thumbs downing this comment.

[eiximenis]

Hi! Same exactly issue found. For more reference what I did:

• Start podman rootful machine on WSL2
• Manually start DHCP proxy in podman's WSL2 distro: sudo systemctl enable --now netavark-dhcp-proxy
• Create network podman network create -d macvlan -o parent=eth0 maclan

When attaching container to network the I find same error that @avlec found:

>podman run -d  --network maclan nginx
Error: netavark (exit code 1): unable to obtain lease: dhcp proxy error: status: Aborted, message: "Timeout: Timeout", details: [], metadata: MetadataMap { headers: {"content-type": "application/grpc", "date": "Wed, 13 Mar 2024 09:18:26 GMT", "content-length": "0"} }

Output of podman inspect <network-id>:

[
     {
          "name": "maclan",
          "id": "9f809af266ace108115b43cc82a3a3357f17a3006630750b32a3febc826eb842",
          "driver": "macvlan",
          "network_interface": "eth0",
          "created": "2024-03-13T10:18:13.395277805+01:00",
          "ipv6_enabled": false,
          "internal": false,
          "dns_enabled": false,
          "ipam_options": {
               "driver": "dhcp"
          }
     }
]

[chanpreetdhanjal]

Please follow the networking diagnostic script. https://github.com/microsoft/WSL/blob/master/CONTRIBUTING.md#collect-wsl-logs-for-networking-issues

It should create a folder like [WslNetworkingLogs-date_ver.zip]

[mwoodpatrick]

Seeing the same issue does anyone have a fix for this?

[avlec]

@mwoodpatrick if you can reserve a fixed range of IP addresses on the LAN you can work around this with a ipvlan network this is the easiest.

e.g., the interface I want to use is eth1 which maps to some windows NIC and I have IP addresses in 192.168.1.64 through 192.168.1.127 I can reserve on the LAN for this podman network.

podman network create --driver ipvlan --opt parent=eth1 --ip-range 192.168.1.64-192.168.1.127

You can also do this by creating an ipvlan without the --ip-range but you have to change --ipam-driver in the network create command so it doesn't try to use DHCP (I'm not sure if you should use host-local or none for this). This will let you individually assign IP addresses to containers that you must then provide on the podman run you use to create the container (e.g., podman run --ip 192.168.1.64).

[jumpjumpb3ar]

Can you use docker macvlan normally? I used wsl2 to bridge my computer's network card, and in wsl2, I can ping to the gateway. However, for the container of the macvlan network created by docker in wsl2, the gateway cannot be pinged at all, nor can the IP address of wsl2 be pinged. (I have enabled Promiscuous mode on my wsl2 network card)

[avlec]

@jumpjumpb3ar you normally need to add this capability, NET_RAW, to the container you're running via --cap-add NET_RAW when creating the container. So make sure you've done that, cause I recall that working with a tweaked busybox container.