看到Docker Ipvlan中有三种模式L2、L3、L3S模式，查阅了L3S，记录如下：

起因

• Docker链接: IPvlan network driver
  

概念

• 注释说明（摘选自: ipvlan-l3s模式）
  • L3S mode与L3 mode 的区别在于启用了iptables (conn-tracking)

4.1 L2 mode:
	In this mode TX processing happens on the stack instance attached to the
slave device and packets are switched and queued to the master device to send
out. In this mode the slaves will RX/TX multicast and broadcast (if applicable)
as well.

4.2 L3 mode:
	In this mode TX processing up to L3 happens on the stack instance attached
to the slave device and packets are switched to the stack instance of the
master device for the L2 processing and routing from that instance will be
used before packets are queued on the outbound device. In this mode the slaves
will not receive nor can send multicast / broadcast traffic.

4.3 L3S mode:
	This is very similar to the L3 mode except that iptables (conn-tracking)
works in this mode and hence it is L3-symmetric (L3s). This will have slightly less
performance but that shouldn't matter since you are choosing this mode over plain-L3
mode to make conn-tracking work.

配置

涉及Iptables conntrack相关知识，详见我另一篇笔记
Iptables状态跟踪（conntrack）相关命令与参数