[lxc-devel] [lxd/master] network: Adds IPVLAN support
tomponline on Github
lxc-bot at linuxcontainers.org
Thu May 2 14:50:30 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 357 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190502/ca440313/attachment.bin>
-------------- next part --------------
From 30f7fd82fa53e6ab27a0d42d99fd3fce51a516a0 Mon Sep 17 00:00:00 2001
From: tomponline <thomas.parrott at canonical.com>
Date: Thu, 2 May 2019 15:45:26 +0100
Subject: [PATCH] doc: ipvlan docs
Signed-off-by: tomponline <thomas.parrott at canonical.com>
---
doc/api-extensions.md | 3 +++
doc/containers.md | 52 +++++++++++++++++++++++--------------------
2 files changed, 31 insertions(+), 24 deletions(-)
diff --git a/doc/api-extensions.md b/doc/api-extensions.md
index 67a93d82c5..0edcd818b9 100644
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -752,3 +752,6 @@ Adds support for RBAC (role based access control). This introduces new config ke
This makes it possible to do a normal "POST /1.0/containers" to copy a
container between cluster nodes with LXD internally detecting whether a
migration is required.
+
+## container\_nic\_ipvlan
+This introduces the `ipvlan` "nic" device type.
diff --git a/doc/containers.md b/doc/containers.md
index 9824d41839..a583b3ebc1 100644
--- a/doc/containers.md
+++ b/doc/containers.md
@@ -231,36 +231,37 @@ LXD supports different kind of network devices:
- `physical`: Straight physical device passthrough from the host. The targeted device will vanish from the host and appear in the container.
- `bridged`: Uses an existing bridge on the host and creates a virtual device pair to connect the host bridge to the container.
- `macvlan`: Sets up a new network device based on an existing one but using a different MAC address.
+ - `ipvlan`: Sets up a new network device based on an existing one using the same MAC address but a different IP.
- `p2p`: Creates a virtual device pair, putting one side in the container and leaving the other side on the host.
- `sriov`: Passes a virtual function of an SR-IOV enabled physical network device into the container.
Different network interface types have different additional properties, the current list is:
-Key | Type | Default | Required | Used by | API extension | Description
-:-- | :-- | :-- | :-- | :-- | :-- | :--
-nictype | string | - | yes | all | - | The device type, one of "bridged", "macvlan", "p2p", "physical", or "sriov"
-limits.ingress | string | - | no | bridged, p2p | - | I/O limit in bit/s for incoming traffic (various suffixes supported, see below)
-limits.egress | string | - | no | bridged, p2p | - | I/O limit in bit/s for outgoing traffic (various suffixes supported, see below)
-limits.max | string | - | no | bridged, p2p | - | Same as modifying both limits.ingress and limits.egress
-name | string | kernel assigned | no | all | - | The name of the interface inside the container
-host\_name | string | randomly assigned | no | bridged, p2p | - | The name of the interface inside the host
-hwaddr | string | randomly assigned | no | all | - | The MAC address of the new interface
-mtu | integer | parent MTU | no | all | - | The MTU of the new interface
-parent | string | - | yes | bridged, macvlan, physical, sriov | - | The name of the host device or bridge
-vlan | integer | - | no | macvlan, physical | network\_vlan, network\_vlan\_physical | The VLAN ID to attach to
-ipv4.address | string | - | no | bridged | network | An IPv4 address to assign to the container through DHCP
-ipv6.address | string | - | no | bridged | network | An IPv6 address to assign to the container through DHCP
-ipv4.routes | string | - | no | bridged, p2p | container\_nic\_routes | Comma delimited list of IPv4 static routes to add on host to nic
-ipv6.routes | string | - | no | bridged, p2p | container\_nic\_routes | Comma delimited list of IPv6 static routes to add on host to nic
-security.mac\_filtering | boolean | false | no | bridged | network | Prevent the container from spoofing another's MAC address
-maas.subnet.ipv4 | string | - | no | bridged, macvlan, physical, sriov | maas\_network | MAAS IPv4 subnet to register the container in
-maas.subnet.ipv6 | string | - | no | bridged, macvlan, physical, sriov | maas\_network | MAAS IPv6 subnet to register the container in
-
-#### bridged or macvlan for connection to physical network
-The `bridged` and `macvlan` interface types can both be used to connect
+Key | Type | Default | Required | Used by | API extension | Description
+:-- | :-- | :-- | :-- | :-- | :-- | :--
+nictype | string | - | yes | all | - | The device type, one of "bridged", "macvlan", "ipvlan", "p2p", "physical", or "sriov"
+limits.ingress | string | - | no | bridged, p2p | - | I/O limit in bit/s for incoming traffic (various suffixes supported, see below)
+limits.egress | string | - | no | bridged, p2p | - | I/O limit in bit/s for outgoing traffic (various suffixes supported, see below)
+limits.max | string | - | no | bridged, p2p | - | Same as modifying both limits.ingress and limits.egress
+name | string | kernel assigned | no | all | - | The name of the interface inside the container
+host\_name | string | randomly assigned | no | bridged, p2p | - | The name of the interface inside the host
+hwaddr | string | randomly assigned | no | bridged, macvlan, physical, sriov | - | The MAC address of the new interface
+mtu | integer | parent MTU | no | all | - | The MTU of the new interface
+parent | string | - | yes | bridged, macvlan, ipvlan, physical, sriov | - | The name of the host device or bridge
+vlan | integer | - | no | macvlan, ipvlan, physical | network\_vlan, network\_vlan\_physical | The VLAN ID to attach to
+ipv4.address | string | - | no | bridged, ipvlan | network | An IPv4 address to assign to the container through DHCP (bridged) and statically (ipvlan)
+ipv6.address | string | - | no | bridged, ipvlan | network | An IPv6 address to assign to the container through DHCP (bridged) and statically (ipvlan)
+ipv4.routes | string | - | no | bridged, p2p | container\_nic\_routes | Comma delimited list of IPv4 static routes to add on host to nic
+ipv6.routes | string | - | no | bridged, p2p | container\_nic\_routes | Comma delimited list of IPv6 static routes to add on host to nic
+security.mac\_filtering | boolean | false | no | bridged | network | Prevent the container from spoofing another's MAC address
+maas.subnet.ipv4 | string | - | no | bridged, macvlan, physical, sriov | maas\_network | MAAS IPv4 subnet to register the container in
+maas.subnet.ipv6 | string | - | no | bridged, macvlan, physical, sriov | maas\_network | MAAS IPv6 subnet to register the container in
+
+#### bridged, macvlan or ipvlan for connection to physical network
+The `bridged`, `macvlan` and `ipvlan` interface types can both be used to connect
to an existing physical network.
-macvlan effectively lets you fork your physical NIC, getting a second
+`macvlan` effectively lets you fork your physical NIC, getting a second
interface that's then used by the container. This saves you from
creating a bridge device and veth pairs and usually offers better
performance than a bridge.
@@ -273,6 +274,9 @@ your containers to talk to the host itself.
In such case, a bridge is preferable. A bridge will also let you use mac
filtering and I/O limits which cannot be applied to a macvlan device.
+`ipvlan` is similar to `macvlan`, with the difference being that the forked device has IPs
+statically assigned to it and inherits the parent's MAC address on the network.
+
#### SR-IOV
The `sriov` interface type supports SR-IOV enabled network devices. These
devices associate a set of virtual functions (VFs) with the single physical
@@ -595,7 +599,7 @@ empty (default), no snapshots will be created. `snapshots.schedule.stopped`
controls whether or not stopped container are to be automatically snapshotted.
It defaults to `false`. `snapshots.pattern` takes a pongo2 template string,
and the pongo2 context contains the `creation_date` variable. Be aware that you
-should format the date (e.g. use `{{ creation_date|date:"2006-01-02_15-04-05" }}`)
+should format the date (e.g. use `{{ creation_date|date:"2006-01-02_15-04-05" }}`)
in your template string to avoid forbidden characters in your snapshot name.
Another way to avoid name collisions is to use the placeholder `%d`. If a snapshot
with the same name (excluding the placeholder) already exists, all existing snapshot
More information about the lxc-devel
mailing list