[lxc-devel] veth interface not deleted after container shutdown

Denis Rizaev Denis.Rizaev at trueoffice.ru
Fri Jan 8 20:38:01 UTC 2010


I think the problem is in TIME_WAIT sockets that can exist without any
processes running. But when we do lxc-stop we must be sure that container
really stopped, so maybe we need to manually destroy network interfaces
rather than rely on kernel namespace destruction logic?

2010/1/8 Daniel Lezcano <daniel.lezcano at free.fr>

> Denis Rizaev wrote:
>
>> Hello, i'm running lxc in production for 1 month and noticed bug that
>> high-loaded veth interfaces are not destroyed after lxc-stop.
>> This results in errors when we try to start this container again. As
>> workaround i manually do something like ip link del veth_<container_name>.
>> I have two high-traffic containers(~10 mbit/s each) and this bug appears
>> on
>> them. Other six almost idle containers destroying it's veth's interfaces
>> properly.
>>
>>
> The veth interfaces, as any virtual interfaces in the network namespace are
> automatically destroyed by the kernel when a network namespace is destroyed.
>
> The network namespace is destroyed when there is no more ref count on it.
> And the processes, the sockets, the routes and some more things get a
> refcount on it when they are created.
>
> So, you may check if after a long time (at least all tcp timers have
> expired, so the sockets are destroyed), the interfaces are still there. If
> this is the case, then the kernel does not release on refcount somewhere and
> it's probably a kernel bug.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20100108/4ab945bd/attachment.html>


More information about the lxc-devel mailing list