[lxc-devel] Disable IPv6 for container interfaces. Support for sysctl in containers

Purcareata Bogdan-B43198 B43198 at freescale.com
Thu Oct 3 09:32:15 UTC 2013


Hello,

I am currently running a setup with hundreds of containers starting on the same Linux host. Each of these containers receive a single virtual interface eth0 connected to a host interface using macvlan. These containers only use IPv4, but by default they receive an IPv6 address as well. This causes my kernel to start dumping messages, complaining about IPv6 neighbour table overflow:

[  558.739929] net_ratelimit: 3833 callbacks suppressed
[  558.743597] IPv6: Neighbour table overflow
[  558.746517] IPv6: Neighbour table overflow
[  558.749426] IPv6: Neighbour table overflow
[  558.752386] IPv6: Neighbour table overflow
[  558.755302] IPv6: Neighbour table overflow

Is there any way to disable IPv6 in containers? I'm thinking about something like lxc.network. ... in the config file, that I don't know about?

My current solution is to enter the container and issue "echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6". This made me think that it would be a nice feature to control /proc/sys kernel parameters at runtime using the container config file. I'm thinking some lines that would start with lxc.sysctl and then contain the whole path to the parameter and the value. So for my usecase it would be something like:

lxc.sysctl.net.ipv6.conf.eth0.disable_ipv6 = 1

What do you think?

Bogdan P.






More information about the lxc-devel mailing list