<p dir="ltr">If the internal and external interfaces are on different ports you should be able to move one into a container. Virtual interfaces don't really exist so you can't use them. You can't just pick a new network address without it being allocated.</p>
<p dir="ltr">Your best solution is to get more IP addresses. Ipv6 is great if your provider allocates a /64 as you get plenty of addresses....<br>
</p>
<div class="gmail_quote">On May 5, 2014 8:29 PM, "Dmitry Demeshchuk" <<a href="mailto:demeshchuk@gmail.com">demeshchuk@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi, list,<div><br></div><div>Here's what I'm trying to do: we have multiple physical machines in Softlayer network and I'm trying to make the containers (vanilla LXC or Docker, doesn't really matter for me) see each other even when being at different physical hosts.</div>
<div><br></div><div>The obvious solution would be – give them our internal IP addresses. That's what I tried to do and so far with almost no result.</div><div><br></div><div>The main problem is Softlayer. Their routers are set up in such way that you have to create an interface with the given IP at the host system, not inside the container. Otherwise, this IP just wouldn't be visible to the network. Of course, we can setup every host system as a router for its own container IPs but that's obviously very inconvenient.</div>
<div><br></div><div>Now, here's a bunch of setups I tried:</div><div><br></div><div>1. Set up lxc.networking.type = phys with the interface set to eth0 – doesn't work for some reason. The interface just disappears and the IP address is no longer accessible. lxc.network.ipv4 set to the same IP address as eth0.</div>
<div><br></div><div>2. lxc.networking.type = phys with an interface eth0:0 (a virtual interface I set up myself). Breaks the interfaces table completely (ifconfig keeps failing until system restart, even networking restart doesn't help). Needless to say, container is still not accessible through network. I suspect that's a somewhat known bug, but couldn't google it anywhere. lxc.network.ipv4 is same as eth0:0.</div>
<div><br></div><div>3. lxc.networking.type = veth, create a bridge br0 bridged with eth0, with an IP address from the same space as the containers. Meaning, something like that:</div><div>eth0: <a href="http://192.168.0.3/26" target="_blank">192.168.0.3/26</a></div>
<div>br0: <a href="http://192.168.10.3/26" target="_blank">192.168.10.3/26</a></div><div>lxc.network.ipv4: <a href="http://192.168.10.5/26" target="_blank">192.168.10.5/26</a></div><div><br></div><div>Doesn't work, the IP is just not visible.</div>
<div>
<br></div><div>4. Same setup, but lxc.networking.type = macvlan</div><div><br></div><div>5. Two previous setups with a local interface being a macvlan instead of a bridge</div><div><br></div><div>6. Finally, something close: create another address space that is visible host-wide and use virtual interfaces:</div>
<div>lxc.network.type = macvlan</div><div>eth0: <a href="http://192.168.0.3/24" target="_blank">192.168.0.3/24</a></div><div>eth0:0: <a href="http://192.168.10.5/26" target="_blank">192.168.10.5/26</a></div><div>br0: <a href="http://10.0.0.1/24" target="_blank">10.0.0.1/24</a></div>
<div>lxc.network.ipv4 = <a href="http://10.0.0.2/24" target="_blank">10.0.0.2/24</a></div><div><br></div><div>And now, add routes from 192.168.10.5 (eth0:0) to <a href="http://10.0.0.2/24" target="_blank">10.0.0.2/24</a> (LXC eth0). Works – but involves ugly hacks and iptables.</div>
<div><br></div><div><br></div><div><br></div><div>If you find any setup being close to correct, please let me know and I'll provide any extra details: routes I set up in routing table, visibility issues (like, visible from local machine but not externally, or completely invisible), etc.</div>
<div><br></div><div>And, I guess, my main question is: can I set up some interface at the local machine to have an IP *and* make LXC use exactly that interface and that IP (but as far as I understand the answer is "no")?</div>
<div><br></div><div>Thanks!</div><div><div><br></div>-- <br>Best regards,<br>Dmitry Demeshchuk
</div></div>
<br>_______________________________________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br></blockquote></div>