[lxc-devel] Disable IPv6 for container interfaces. Support for sysctl in containers

Stéphane Graber stgraber at ubuntu.com
Thu Oct 3 14:52:04 UTC 2013


On Thu, Oct 03, 2013 at 09:32:15AM +0000, Purcareata Bogdan-B43198 wrote:
> Hello,
> 
> I am currently running a setup with hundreds of containers starting on the same Linux host. Each of these containers receive a single virtual interface eth0 connected to a host interface using macvlan. These containers only use IPv4, but by default they receive an IPv6 address as well. This causes my kernel to start dumping messages, complaining about IPv6 neighbour table overflow:
> 
> [  558.739929] net_ratelimit: 3833 callbacks suppressed
> [  558.743597] IPv6: Neighbour table overflow
> [  558.746517] IPv6: Neighbour table overflow
> [  558.749426] IPv6: Neighbour table overflow
> [  558.752386] IPv6: Neighbour table overflow
> [  558.755302] IPv6: Neighbour table overflow
> 
> Is there any way to disable IPv6 in containers? I'm thinking about something like lxc.network. ... in the config file, that I don't know about?
> 
> My current solution is to enter the container and issue "echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6". This made me think that it would be a nice feature to control /proc/sys kernel parameters at runtime using the container config file. I'm thinking some lines that would start with lxc.sysctl and then contain the whole path to the parameter and the value. So for my usecase it would be something like:
> 
> lxc.sysctl.net.ipv6.conf.eth0.disable_ipv6 = 1
> 
> What do you think?
> 
> Bogdan P.


Most distros support a mechanism to set sysctl knobs at boot time, I
don't think it should be LXC's job to do so but instead you should just
update the right config file in your distribution to do that for you.

Something like:
net.ipv6.conf.all.disable_ipv6=1 in /etc/sysctl.conf should do the trick.

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20131003/bdca3f81/attachment.pgp>


More information about the lxc-devel mailing list