[lxc-devel] lxc-stop doesn't always clean up veth interfaces

Major Hayden major at mhtx.net
Tue Sep 1 12:37:23 UTC 2015


Hey there,

I'm seeing a strange issue on Ubuntu 14.04 with LXC 1.0.7 and 1.1.3.  We run quite a few LXC containers on a host and they all have at least two veth interfaces.  Each of those veth interfaces is on a separate bridge.  For example, a container has an eth0 interface on bridge1 and has an eth1 interface on bridge2.

When we stop containers gently using `lxc-stop -n <container>`, we've found that veths aren't always cleaned up.  Our hosts run 20+ containers and we're left with 2-5 dangling veth interfaces after stopping all containers on the host.  Some of those veths will disappear after some time (usually 30-120 seconds) but some will hang around until we forcefully delete them with `ip link del <interface>`.

However, if we stop the containers with `lxc-stop -k -n <container>`, the veths are *always* cleaned up properly.

The dangling veths have no IP address assigned to them, but the MAC address is still present.  I'm able to run tcpdump on the dangling veths and I see traffic from the connected bridge.

So far, I've replicated this problem on Ubuntu 14.04 with LXC 1.0.7 and 1.1.3.  It shows up in kernels 3.13.0 and 3.16.x.  Is there something else I should be looking at to reduce this bug?

Thanks!

--
Major Hayden


More information about the lxc-devel mailing list