<div dir="ltr"><div class="gmail_extra"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><div><div style="font-size:12.8px">Hi,</div></div></div><div style="font-size:12.8px">the OVS workaround seems good to me from 2 points of view:</div><div style="font-size:12.8px">-performance: 1 bridge less </div><div style="font-size:12.8px">-security: good vlan separation stays untouched (you could in principle vlan-separate with appropriate tags)</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">I did not investegated the bridge default behaviour so I'd say it's more a bug to me than a feature, but that's only my opinion.</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">A</div><div style="font-size:12.8px"><br></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Wed, Jul 20, 2016 at 8:42 AM,  <span dir="ltr"><<a href="mailto:lxc-users-request@lists.linuxcontainers.org" target="_blank">lxc-users-request@lists.linuxcontainers.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>---------- Forwarded message ----------<br>From: Ruzsinszky Attila <<a href="mailto:ruzsinszky.attila@gmail.com">ruzsinszky.attila@gmail.com</a>><br>To: LXC users mailing-list <<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a>><br>Cc: <br>Date: Wed, 20 Jul 2016 08:42:07 +0200<br>Subject: Re: [lxc-users] LXC networking stop working between containers and real network<br><div dir="ltr"><div><div><div><div><div><div><div><div>Hi Alex,<br><br></div>Thanks for your information!<br><br></div>I'll test soon what you wrote.<br></div>I did a workaround. I forgot the lxcbr0 bridge and my LXC containers were "connected" directly into my vbr0 in OVS. It was almost perfect without any scripting except I has to tagging those interface and I did it by hand (tag=myVLANid).<br></div>It is working perfectly.<br><br></div>Is that a bug or a feature with Ubuntu's bridge? Or kernel problem? Under Fedora 23 everything is working but I think more clear the direct connected containers than double bridge (lxcbr0 under vbr0). I think theoretically both of them have to work so I don't understand exactly why not.<br><br></div>Here is my LXC container's config:<br># Network configuration<br>lxc.network.type = veth<br>lxc.network.flags = up<br>#lxc.network.link = lxcbr0<br>lxc.network.link = vbr0<br>lxc.network.veth.pair=veth-lub4<br>#lxc.network.hwaddr = 00:16:3e:9f:1f:b8<br><br>OVS:<br>Bridge "vbr0"<br>        Port "vbr0"<br>            Interface "vbr0"<br>                type: internal<br>        Port "mgmt0"<br>            tag: 999<br>            Interface "mgmt0"<br>                type: internal<br>        Port "veth-lub4"<br>            tag: 800<br>            Interface "veth-lub4"<br>        Port "gre0"<br>            Interface "gre0"<br>                type: gre<br>                options: {remote_ip="192.168.52.141"}<br>        Port "mgmtlxc0"<br>            tag: 800<br>            Interface "mgmtlxc0"<br>                type: internal<br>        Port "veth-lub5"<br>            tag: 800<br>            Interface "veth-lub5"<br>        Port "veth-lub6"<br>            tag: 800<br>            Interface "veth-lub6"<br>    ovs_version: "2.0.2"<br><br></div><div>On Fedora 23 the normal config:<br># Network configuration<br>lxc.network.type = veth<br>lxc.network.flags = up<br>lxc.network.link = lxcbr0<br>lxc.network.hwaddr = 00:16:3e:9f:1f:b8<br><br> Bridge "vbr0"<br>        Port "lxcbr0"<br>            tag: 800<br>            Interface "lxcbr0"<br>        Port "mgmtlxc0"<br>            tag: 800<br>            Interface "mgmtlxc0"<br>                type: internal<br>        Port "vsar2_111"<br>            tag: 100<br>            Interface "vsar2_111"<br>        Port "vlan10"<br>            tag: 10<br>            Interface "vlan10"<br>                type: internal<br>        Port "vsar2_a1"<br>            tag: 999<br>            Interface "vsar2_a1"<br>        Port "mgmt0"<br>            tag: 999<br>            Interface "mgmt0"<br>                type: internal<br>        Port "vsar3_111"<br>            tag: 100<br>            Interface "vsar3_111"<br>        Port "vbr0"<br>            Interface "vbr0"<br>                type: internal<br>        Port "vsar3_a1"<br>            tag: 999<br>            Interface "vsar3_a1"<br>        Port "gre0"<br>            Interface "gre0"<br>                type: gre<br>                options: {remote_ip="192.168.52.141"}<br>        Port "vx0"<br>            Interface "vx0"<br>                type: vxlan<br>                options: {remote_ip="192.168.52.141"}<br></div><div><br></div>TIA,<br></div>Ruzsi<br></div>
<br>_______________________________________________<br><br></blockquote></div></div></div>