1podman-network-create(1) General Commands Manual podman-network-create(1)
2
6 podman-network-create - Create a Podman network
7
10 podman network create [options] [name]
11
14 Create a network configuration for use with Podman. By default, Podman
15 creates a bridge connection. A Macvlan connection can be created with
16 the -d macvlan option. A parent device for macvlan or ipvlan can be
17 designated with the -o parent=<device> or --network-interface=<device>
18 option.
19 If no options are provided, Podman assigns a free subnet and name for
22 the network.
23 Upon completion of creating the network, Podman displays the name of
26 the newly added network.
27 NOTE: The support for "pasta" as network name value is deprecated and
30 will not be accepted in the next major Podman version 5.0, because it
31 is used as a special network mode in podman run/create --network. The
32 CNI backend is also deprecated and will also be removed in the next ma‐
33 jor Podman version 5.0, in preference of Netavark, see podman-net‐
34 work(1) on how to change the backend.
35
38 --disable-dns
39 Disables the DNS plugin for this network which if enabled, can perform
40 container to container name resolution. It is only supported with the
41 bridge driver, for other drivers it is always disabled.
42 --dns=ip
45 Set network-scoped DNS resolver/nameserver for containers in this net‐
46 work. If not set, the host servers from /etc/resolv.conf is used. It
47 can be overwritten on the container level with the podman run/create
48 --dns option. This option can be specified multiple times to set more
49 than one IP.
50 --driver, -d=driver
53 Driver to manage the network. Currently bridge, macvlan and ipvlan are
54 supported. Defaults to bridge. As rootless the macvlan and ipvlan
55 driver have no access to the host network interfaces because rootless
56 networking requires a separate network namespace.
57 The netavark backend allows the use of so called netavark plugins, see
60 the plugin-API.md documentation in netavark. The binary must be placed
61 in a specified directory so podman can discover it, this list is set in
62 netavark_plugin_dirs in containers.conf(5) under the [network] section.
63 The name of the plugin can then be used as driver to create a network
66 for your plugin. The list of all supported drivers and plugins can be
67 seen with podman info --format {{.Plugins.Network}}.
68 Note that the macvlan and ipvlan drivers do not support port forward‐
71 ing. Support for port forwarding with a plugin depends on the implemen‐
72 tation of the plugin.
73 --gateway=ip
76 Define a gateway for the subnet. To provide a gateway address, a subnet
77 option is required. Can be specified multiple times. The argument or‐
78 der of the --subnet, --gateway and --ip-range options must match.
79 --ignore
82 Ignore the create request if a network with the same name already ex‐
83 ists instead of failing. Note, trying to create a network with an ex‐
84 isting name and different parameters does not change the configuration
85 of the existing one.
86 --interface-name=name
89 This option maps the network_interface option in the network config,
90 see podman network inspect. Depending on the driver, this can have
91 different effects; for bridge, it uses the bridge interface name. For
92 macvlan and ipvlan, it is the parent device on the host. It is the same
93 as --opt parent=....
94 --internal
97 Restrict external access of this network when using a bridge network.
98 Note when using the CNI backend DNS will be automatically disabled, see
99 --disable-dns.
100 When using the macvlan or ipvlan driver with this option no default
103 route will be added to the container. Because it bypasses the host
104 network stack no additional restrictions can be set by podman and if a
105 privileged container is run it can set a default route themselves. If
106 this is a concern then the container connections should be blocked on
107 your actual network gateway.
108 --ip-range=range
111 Allocate container IP from a range. The range must be a either a com‐
112 plete subnet in CIDR notation or be in the <startIP>-<endIP> syntax
113 which allows for a more flexible range compared to the CIDR subnet.
114 The ip-range option must be used with a subnet option. Can be specified
115 multiple times. The argument order of the --subnet, --gateway and
116 --ip-range options must match.
117 --ipam-driver=driver
120 Set the ipam driver (IP Address Management Driver) for the network.
121 When unset podman chooses an ipam driver automatically based on the
122 network driver.
123 Valid values are:
126 • dhcp: IP addresses are assigned from a dhcp server on the net‐
129 work. When using the netavark backend the netavark-dhcp-
130 proxy.socket must be enabled in order to start the dhcp-proxy
131 when a container is started, for CNI use the cni-dhcp.socket
132 unit instead.
133 • host-local: IP addresses are assigned locally.
135 • none: No ip addresses are assigned to the interfaces.
137 View the driver in the podman network inspect output under the ipam_op‐
141 tions field.
142 --ipv6
145 Enable IPv6 (Dual Stack) networking. If no subnets are given, it allo‐
146 cates an ipv4 and an ipv6 subnet.
147 --label=label
150 Set metadata for a network (e.g., --label mykey=value).
151 --opt, -o=option
154 Set driver specific options.
155 All drivers accept the mtu, metric, no_default_route and options.
158 • mtu: Sets the Maximum Transmission Unit (MTU) and takes an in‐
161 teger value.
162 • metric Sets the Route Metric for the default route created in
164 every container joined to this network. Accepts a positive in‐
165 teger value. Can only be used with the Netavark network back‐
166 end.
167 • no_default_route: If set to 1, Podman will not automatically
169 add a default route to subnets. Routes can still be added man‐
170 ually by creating a custom route using --route.
171 Additionally the bridge driver supports the following options:
175 • vlan: This option assign VLAN tag and enables vlan_filtering.
178 Defaults to none.
179 • isolate: This option isolates networks by blocking traffic be‐
181 tween those that have this option enabled.
182 • com.docker.network.bridge.name: This option assigns the given
184 name to the created Linux Bridge
185 • com.docker.network.driver.mtu: Sets the Maximum Transmission
187 Unit (MTU) and takes an integer value.
188 • vrf: This option assigns a VRF to the bridge interface. It ac‐
190 cepts the name of the VRF and defaults to none. Can only be
191 used with the Netavark network backend.
192 The macvlan and ipvlan driver support the following options:
196 • parent: The host device which is used for the macvlan inter‐
199 face. Defaults to the default route interface.
200 • mode: This option sets the specified ip/macvlan mode on the
202 interface.
203 • Supported values for macvlan are bridge, private, vepa,
205 passthru. Defaults to bridge.
206 • Supported values for ipvlan are l2, l3, l3s. Defaults to l2.
208 Additionally the macvlan driver supports the bclim option:
214 • bclim: Set the threshold for broadcast queueing. Must be a 32
217 bit integer. Setting this value to -1 disables broadcast
218 queueing altogether.
219 --route=route
223 A static route in the format <destination in CIDR notation>,<gate‐
224 way>,<route metric (optional)>. This route will be added to every con‐
225 tainer in this network. Only available with the netavark backend. It
226 can be specified multiple times if more than one static route is de‐
227 sired.
228 --subnet=subnet
231 The subnet in CIDR notation. Can be specified multiple times to allo‐
232 cate more than one subnet for this network. The argument order of the
233 --subnet, --gateway and --ip-range options must match. This is useful
234 to set a static ipv4 and ipv6 subnet.
235
238 Create a network with no options.
239 $ podman network create
241 podman2
242 Create a network named newnet that uses 192.5.0.0/16 for its subnet.
246 $ podman network create --subnet 192.5.0.0/16 newnet
248 newnet
249 Create an IPv6 network named newnetv6 with a subnet of 2001:db8::/64.
253 $ podman network create --subnet 2001:db8::/64 --ipv6 newnetv6
255 newnetv6
256 Create a network named newnet that uses 192.168.33.0/24 and defines a
260 gateway as 192.168.133.3.
261 $ podman network create --subnet 192.168.33.0/24 --gateway 192.168.33.3 newnet
263 newnet
264 Create a network that uses a 192.168.55.0/24 subnet and has an IP ad‐
268 dress range of 192.168.55.129 - 192.168.55.254.
269 $ podman network create --subnet 192.168.55.0/24 --ip-range 192.168.55.128/25
271 podman5
272 Create a network with a static ipv4 and ipv6 subnet and set a gateway.
276 $ podman network create --subnet 192.168.55.0/24 --gateway 192.168.55.3 --subnet fd52:2a5a:747e:3acd::/64 --gateway fd52:2a5a:747e:3acd::10
278 podman4
279 Create a network with a static subnet and a static route.
283 $ podman network create --subnet 192.168.33.0/24 --route 10.1.0.0/24,192.168.33.10 newnet
285 Create a network with a static subnet and a static route without a de‐
289 fault route.
290 $ podman network create --subnet 192.168.33.0/24 --route 10.1.0.0/24,192.168.33.10 --opt no_default_route=1 newnet
292 Create a Macvlan based network using the host interface eth0. Macvlan
296 networks can only be used as root.
297 $ sudo podman network create -d macvlan -o parent=eth0 --subnet 192.5.0.0/16 newnet
299 newnet
300
304 podman(1), podman-network(1), podman-network-inspect(1), podman-net‐
305 work-ls(1), containers.conf(5)
306
309 August 2021, Updated with the new network format by Paul Holzinger
310 pholzing@redhat.com ⟨mailto:pholzing@redhat.com⟩
311 August 2019, Originally compiled by Brent Baude bbaude@redhat.com
314 ⟨mailto:bbaude@redhat.com⟩
315 podman-network-create(1)