<div dir="ltr"><div>To be able to ping a container macvlan interface, you need to have a macvlan interface configured on the host.</div><div><br></div><div>Such as:</div><div><br></div><div> modprobe dummy</div><div> ip link set name dummy-mv dev dummy0</div><div> ip link set dev dummy-mv up</div><div> ip link add link dummy-mv mv-lxd type macvlan mode bridge</div><div> ip address add <a href="http://192.168.4.1/24">192.168.4.1/24</a> dev mv-lxd</div><div> ip link set dev mv-lxd up<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2018-05-05 5:18 GMT+02:00 Mark Constable <span dir="ltr"><<a href="mailto:markc@renta.net" target="_blank">markc@renta.net</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Has something changed re networking with LXD 3.0 such that when<br>
using a macvlan that the host CAN ping a container?<br>
<br>
According to what I previously understood, and supported by this<br>
comment..<br>
<br>
<a href="https://github.com/lxc/lxd/issues/3871#issuecomment-333124249" rel="noreferrer" target="_blank">https://github.com/lxc/lxd/<wbr>issues/3871#issuecomment-<wbr>333124249</a><br>
<br>
and the main reason I hadn't bothered even trying out a macvlan<br>
is because I need access to my local hosted containers and it<br>
"just works" with a normal bridge. However, now when I finally<br>
get around to testing macvlan I find I can immediately ping a<br>
new macvlan based containers IP.<br>
<br>
Has something changed recently regarding this macvlan restriction?<br>
<br>
~ apt install lxd<br>
<br>
~ lxc profile copy default macvlan (which has no eth0 device yet)<br>
<br>
~ ip r (to get my hosts eth0 device)<br>
<br>
~ lxc profile device add macvlan eth0 nic nictype=macvlan parent=enp4s0f1 name=eth0<br>
<br>
~ lxc launch images:ubuntu/bionic macvlantest -p macvlan<br>
<br>
~ lxc list --format csv<br>
macvlantest,RUNNING,192.168.0.<wbr>206 (eth0),"fdcc:3922:7dfd::6b7 (eth0)<br>
fdcc:3922:7dfd:0:216:3eff:<wbr>fe11:9335 (eth0)",PERSISTENT,0<br>
<br>
~ ping -c1 192.168.0.206<br>
PING 192.168.0.206 (192.168.0.206) 56(84) bytes of data.<br>
64 bytes from <a href="http://192.168.0.206" rel="noreferrer" target="_blank">192.168.0.206</a>: icmp_seq=1 ttl=64 time=1.98 ms<br>
<br>
<br>
OIC, from inside the macvlantest container I can't ping the host.<br>
<br>
But still, from this comment I would tend to assume I should not<br>
be able to ping the container from the host either...<br>
<br>
"@stgraber An even easier alternative to this would be using macvlan as it won't require any bridging at all, but it does come with the annoying caveat that the host will not be able to communicate with the containers."<br>
<br>
Would anyone care to clarify this macvlan limitation please?<br>
<br>
______________________________<wbr>_________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.<wbr>linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" rel="noreferrer" target="_blank">http://lists.linuxcontainers.<wbr>org/listinfo/lxc-users</a></blockquote></div><br></div>