An organization must run dozens of containers on a production Linux server that is connected to an access-layer switch enforcing a "one-MAC-address-per-port" security rule. Each container must still obtain its own routable IPv4 address on the same VLAN and communicate directly with other hosts on that segment, without the NAT that the default bridge network applies. Which container network type should the administrator configure for these containers?
The IPvlan driver allows multiple container interfaces to share the host's physical interface MAC address while giving each container its own IP address on the subnet. This satisfies the switch's single-MAC restriction and provides layer-2 connectivity without NAT. Macvlan assigns a unique MAC to every container, so the switch would see many MAC addresses and block traffic. A user-defined bridge keeps one MAC but relies on NAT, preventing the containers from being directly reachable on the VLAN. Host networking shares the host's IP stack, leaving containers without individual IP addresses. Therefore, IPvlan is the only option that meets all stated requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between IPvlan and Macvlan?
Open an interactive chat with Bash
Why does IPvlan avoid NAT compared to a bridge network driver?
Open an interactive chat with Bash
What are the different modes of the IPvlan driver?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Services and User Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access