<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
h1
{mso-style-priority:9;
mso-style-link:"Heading 1 Char";
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:14.0pt;
font-family:"Cambria","serif";
color:black;}
h2
{mso-style-priority:9;
mso-style-link:"Heading 2 Char";
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:13.0pt;
font-family:"Cambria","serif";
color:black;}
h3
{mso-style-priority:9;
mso-style-link:"Heading 3 Char";
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:10.0pt;
font-family:"Cambria","serif";
color:black;}
h4
{mso-style-priority:9;
mso-style-link:"Heading 4 Char";
margin-top:10.0pt;
margin-right:0cm;
margin-bottom:0cm;
margin-left:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Cambria","serif";
color:black;
font-style:italic;}
h5
{mso-style-priority:9;
mso-style-link:"Heading 5 Char";
margin-top:10.0pt;
margin-right:0cm;
margin-bottom:0cm;
margin-left:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Cambria","serif";
color:#7F7F7F;}
h6
{mso-style-priority:9;
mso-style-link:"Heading 6 Char";
margin:0cm;
margin-bottom:.0001pt;
line-height:112%;
font-size:10.0pt;
font-family:"Cambria","serif";
color:#7F7F7F;
font-style:italic;}
p.MsoHeading7, li.MsoHeading7, div.MsoHeading7
{mso-style-priority:9;
mso-style-link:"Heading 7 Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Cambria","serif";
color:black;
font-style:italic;}
p.MsoHeading8, li.MsoHeading8, div.MsoHeading8
{mso-style-priority:9;
mso-style-link:"Heading 8 Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Cambria","serif";
color:black;}
p.MsoHeading9, li.MsoHeading9, div.MsoHeading9
{mso-style-priority:9;
mso-style-link:"Heading 9 Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Cambria","serif";
color:black;
letter-spacing:.25pt;
font-style:italic;}
p.MsoTitle, li.MsoTitle, div.MsoTitle
{mso-style-priority:10;
mso-style-link:"Title Char";
margin:0cm;
margin-bottom:.0001pt;
mso-add-space:auto;
border:none;
padding:0cm;
font-size:26.0pt;
font-family:"Cambria","serif";
color:black;
letter-spacing:.25pt;}
p.MsoTitleCxSpFirst, li.MsoTitleCxSpFirst, div.MsoTitleCxSpFirst
{mso-style-priority:10;
mso-style-link:"Title Char";
mso-style-type:export-only;
margin:0cm;
margin-bottom:.0001pt;
mso-add-space:auto;
border:none;
padding:0cm;
font-size:26.0pt;
font-family:"Cambria","serif";
color:black;
letter-spacing:.25pt;}
p.MsoTitleCxSpMiddle, li.MsoTitleCxSpMiddle, div.MsoTitleCxSpMiddle
{mso-style-priority:10;
mso-style-link:"Title Char";
mso-style-type:export-only;
margin:0cm;
margin-bottom:.0001pt;
mso-add-space:auto;
border:none;
padding:0cm;
font-size:26.0pt;
font-family:"Cambria","serif";
color:black;
letter-spacing:.25pt;}
p.MsoTitleCxSpLast, li.MsoTitleCxSpLast, div.MsoTitleCxSpLast
{mso-style-priority:10;
mso-style-link:"Title Char";
mso-style-type:export-only;
margin:0cm;
margin-bottom:.0001pt;
mso-add-space:auto;
border:none;
padding:0cm;
font-size:26.0pt;
font-family:"Cambria","serif";
color:black;
letter-spacing:.25pt;}
p.MsoSubtitle, li.MsoSubtitle, div.MsoSubtitle
{mso-style-priority:11;
mso-style-link:"Subtitle Char";
margin-top:0cm;
margin-right:0cm;
margin-bottom:30.0pt;
margin-left:0cm;
font-size:12.0pt;
font-family:"Cambria","serif";
color:black;
letter-spacing:.65pt;
font-style:italic;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoNoSpacing, li.MsoNoSpacing, div.MsoNoSpacing
{mso-style-priority:1;
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
mso-style-link:"List Paragraph Char";
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:11.0pt;
font-family:"Times New Roman","serif";
color:black;}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
{mso-style-priority:34;
mso-style-link:"List Paragraph Char";
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:11.0pt;
font-family:"Times New Roman","serif";
color:black;}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
{mso-style-priority:34;
mso-style-link:"List Paragraph Char";
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:11.0pt;
font-family:"Times New Roman","serif";
color:black;}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
{mso-style-priority:34;
mso-style-link:"List Paragraph Char";
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:11.0pt;
font-family:"Times New Roman","serif";
color:black;}
p.MsoQuote, li.MsoQuote, div.MsoQuote
{mso-style-priority:29;
mso-style-link:"Quote Char";
margin-top:10.0pt;
margin-right:18.0pt;
margin-bottom:0cm;
margin-left:18.0pt;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Times New Roman","serif";
color:black;
font-style:italic;}
p.MsoIntenseQuote, li.MsoIntenseQuote, div.MsoIntenseQuote
{mso-style-priority:30;
mso-style-link:"Intense Quote Char";
margin-top:10.0pt;
margin-right:57.6pt;
margin-bottom:14.0pt;
margin-left:50.4pt;
text-align:justify;
border:none;
padding:0cm;
font-size:10.0pt;
font-family:"Times New Roman","serif";
color:black;
font-weight:bold;
font-style:italic;}
span.MsoSubtleEmphasis
{mso-style-priority:19;
font-style:italic;}
span.MsoIntenseEmphasis
{mso-style-priority:21;
font-weight:bold;}
span.MsoSubtleReference
{mso-style-priority:31;
font-variant:small-caps;}
span.MsoIntenseReference
{mso-style-priority:32;
font-variant:small-caps;
letter-spacing:.25pt;
text-decoration:underline;}
span.MsoBookTitle
{mso-style-priority:33;
font-variant:small-caps;
letter-spacing:.25pt;
font-style:italic;}
p.MsoTocHeading, li.MsoTocHeading, div.MsoTocHeading
{mso-style-priority:39;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:24.0pt;
font-family:"Calibri","sans-serif";
color:black;
font-weight:bold;}
span.Heading1Char
{mso-style-name:"Heading 1 Char";
mso-style-priority:9;
mso-style-link:"Heading 1";
font-family:"Cambria","serif";
font-weight:bold;}
p.mb-links123--p-greetings, li.mb-links123--p-greetings, div.mb-links123--p-greetings
{mso-style-name:mb-links123--p-greetings;
mso-style-link:"mb-links123--p-greetings Char";
margin-top:12.0pt;
margin-right:0cm;
margin-bottom:0cm;
margin-left:0cm;
margin-bottom:.0001pt;
line-height:110%;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
span.mb-links123--p-greetingsChar
{mso-style-name:"mb-links123--p-greetings Char";
mso-style-link:mb-links123--p-greetings;
font-family:"Calibri","sans-serif";
mso-fareast-language:DE;}
p.mb-links123--p-Hint, li.mb-links123--p-Hint, div.mb-links123--p-Hint
{mso-style-name:mb-links123--p-Hint;
mso-style-link:"mb-links123--p-Hint Char";
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:14.2pt;
margin-bottom:.0001pt;
page-break-after:avoid;
border:none;
padding:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
span.mb-links123--p-HintChar
{mso-style-name:"mb-links123--p-Hint Char";
mso-style-link:mb-links123--p-Hint;
font-family:"Calibri","sans-serif";
mso-fareast-language:DE;}
span.Heading2Char
{mso-style-name:"Heading 2 Char";
mso-style-priority:9;
mso-style-link:"Heading 2";
font-family:"Cambria","serif";
font-weight:bold;}
span.Heading3Char
{mso-style-name:"Heading 3 Char";
mso-style-priority:9;
mso-style-link:"Heading 3";
font-family:"Cambria","serif";
font-weight:bold;}
span.Heading4Char
{mso-style-name:"Heading 4 Char";
mso-style-priority:9;
mso-style-link:"Heading 4";
font-family:"Cambria","serif";
font-weight:bold;
font-style:italic;}
span.Heading5Char
{mso-style-name:"Heading 5 Char";
mso-style-priority:9;
mso-style-link:"Heading 5";
font-family:"Cambria","serif";
color:#7F7F7F;
font-weight:bold;}
span.Heading6Char
{mso-style-name:"Heading 6 Char";
mso-style-priority:9;
mso-style-link:"Heading 6";
font-family:"Cambria","serif";
color:#7F7F7F;
font-weight:bold;
font-style:italic;}
span.Heading7Char
{mso-style-name:"Heading 7 Char";
mso-style-priority:9;
mso-style-link:"Heading 7";
font-family:"Cambria","serif";
font-style:italic;}
span.Heading8Char
{mso-style-name:"Heading 8 Char";
mso-style-priority:9;
mso-style-link:"Heading 8";
font-family:"Cambria","serif";}
span.Heading9Char
{mso-style-name:"Heading 9 Char";
mso-style-priority:9;
mso-style-link:"Heading 9";
font-family:"Cambria","serif";
letter-spacing:.25pt;
font-style:italic;}
span.TitleChar
{mso-style-name:"Title Char";
mso-style-priority:10;
mso-style-link:Title;
font-family:"Cambria","serif";
letter-spacing:.25pt;}
span.SubtitleChar
{mso-style-name:"Subtitle Char";
mso-style-priority:11;
mso-style-link:Subtitle;
font-family:"Cambria","serif";
letter-spacing:.65pt;
font-style:italic;}
span.QuoteChar
{mso-style-name:"Quote Char";
mso-style-priority:29;
mso-style-link:Quote;
font-style:italic;}
span.IntenseQuoteChar
{mso-style-name:"Intense Quote Char";
mso-style-priority:30;
mso-style-link:"Intense Quote";
font-weight:bold;
font-style:italic;}
p.mb-p-Listformat, li.mb-p-Listformat, div.mb-p-Listformat
{mso-style-name:mb-p-Listformat;
mso-style-link:"mb-p-Listformat Char";
margin-top:0cm;
margin-right:0cm;
margin-bottom:2.0pt;
margin-left:35.7pt;
text-indent:-17.85pt;
line-height:107%;
page-break-after:avoid;
font-size:11.0pt;
font-family:"Times New Roman","serif";
color:black;}
span.mb-p-ListformatChar
{mso-style-name:"mb-p-Listformat Char";
mso-style-link:mb-p-Listformat;
font-family:"Calibri","sans-serif";
color:black;}
span.ListParagraphChar
{mso-style-name:"List Paragraph Char";
mso-style-priority:34;
mso-style-link:"List Paragraph";
font-family:"Calibri","sans-serif";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle53
{mso-style-type:personal-reply;
font-family:"Courier New";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=DE link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>Hello!<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>Probably, someone may give me a hint.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>In the following, I try to describe my configuration.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>I have a VPS with two switchports and two network<br>interfaces in Linux (wich is debian stretch - so no LXD).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>I want to move one of the interfaces, which itself<br>has multiple ip-addresses, into a LXC VM - thats easy.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>But the different ip-addreses should only appear<br>in separate lcx vms, which would make iptables<br>management and separation a lot easier. I want to end<br>up with one slave VM for one IP and security services<br>running in the container, which uses the eth port.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>So I started experimenting, but I cannot make this work.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>First, I start two containers, the one, which<br>uses the eth1 from the host, is named "portsplit"<br>and its network type is "phys". The other one has<br>network type "empty" and is named "slave1".<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>If both containers are running, I start this script<br>on the host:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>---<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>ip l set eth1 down<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>ip link add ipvlan1 link eth1 type ipvlan mode l3<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>ip l set ipvlan1 up<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>ip link set ipvlan1 netns $(lxc-info -pHn slave1) ##Move IF into container.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>ip link set eth1 up<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>ip link set eth1 netns $(lxc-info -pHn portsplit)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>This is just the beginning to understand the stuff.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>After this, I log in to the containers and apply a<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>>systemctl restart networking.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>The "portsplit" itself does NOT(!!) have an ip-address.<br>it uses the following route:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>default dev eth1 scope link<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>The slave has the two following routes:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>default via 192.168.26.254 dev ipvlan1 onlink ##To LAN-GW<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>192.168.26.0/24 dev ipvlan1 proto kernel scope link src 192.168.26.239 ##OWN<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>I am then mapping the containers ip-namespaces into<br>/var/run/netns, so that I can access them easily.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>I am running tcpdump on the LAN-GW (192.168.26.254),<br>on the "portsplit" (with NO ip) and on slave1 with<br>ip 192.168.26.239.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>The packets are leaving the slave1, crossing the portsplit<br>and are reaching the LAN-GW, which answers with an ARP (who-is),<br>crossing the portswitcher and come back to slave1 - which never<br>answers.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>And thats right, because ipvlan blocks all broadcast (the default,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>which "ip -d l" shows is "NOARP") for the sub-interfaces.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>On the gateway, there is never a mac address for slave1<br>in the arp table, the entry is flagged "(incomplete)".<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><br>Naturally, the ISP will allow me only the mac address,<br>the physical (eth1) interface will have.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>From my understanding, the eth1 must act with an arp-reply<br>with his own mac-address (which is the same for all<br>interfaces on the ipvlan!) and internally send the<br>packet to the linked ipvlan1.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>If someone could probably explain, this would made<br>me happy.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>I experimented too with:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>#net.ipv4.conf.all.accept_source_route = 1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>#net.ipv4.conf.enp4s0f1.proxy_arp = 1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>#net.ipv4.conf.enp4s0f1.proxy_arp_pvlan = 1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>BTW, if I switch th ipvlan creation to "mode L2",<br>everythings starts working. But my ISP would see<br>different mac addresses and the wholy broadcast<br>would flood all "slave" 's …. This was the reason<br>for the "mode L3".<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>Any help would be really welcomed!<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>uname-a: 4.17.0-0.bpo.1-amd64<br>Just to be sure, I updated iproute2 from backports (Now: 4.18).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>Just a last note.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>What I see accidentally: The ipvlan kernel module is not<br>loaded. Ok, I saw this with lsmod, but I do not known,<br>what this mean (later loaded or dynamically?). On the host,<br>I just made a modprobe ipvlan and it is there, but no references.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'>Thanks,<br>Manfred<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Courier New";color:#1F497D'><o:p> </o:p></span></p></div></body></html>