7.2.5.2 Macvlan MAC Assignment

Macvlan MAC assignment is the process by which each container on a macvlan network receives its own distinct MAC address, making it appear as a genuinely separate physical device on the network rather than traffic associated with the host's own single MAC address.

How MAC Addresses Are Assigned

Docker automatically generates a distinct MAC address for each container attached to a macvlan network, unless a specific MAC is explicitly requested.

docker run -d --network macvlan-net --ip=192.168.1.50 myapp:1.0
docker exec $(docker ps -lq) ip addr show eth0

This reveals the automatically assigned MAC address, distinct from the host's own physical interface MAC address.

Requesting a Specific MAC Address

For situations needing a particular, predictable MAC address — perhaps required by network access control configuration expecting a known, specific address — one can be explicitly requested.

docker run -d --network macvlan-net --mac-address=02:42:ac:11:00:02 myapp:1.0

Why Some Network Hardware May Need Configuration Adjustments

Certain network switches, by default, restrict multiple MAC addresses appearing behind a single physical port, a security feature that can interfere with macvlan networking unless explicitly adjusted to permit it.

docker network create -d macvlan -o parent=eth0 macvlan-net
docker run -d --network macvlan-net myapp:1.0

If containers on this network are unexpectedly unreachable, checking whether the connected switch port restricts multiple MAC addresses is a useful troubleshooting step.

Why Distinct MAC Assignment Matters

Each container receiving its own distinct MAC address is precisely what makes macvlan networking provide genuine, direct physical network presence — this is the underlying mechanism distinguishing it fundamentally from bridge networking, where all container traffic shares the host's own single MAC address from the physical network's perspective.

docker network inspect macvlan-net --format '{{json .Containers}}'