[Lxc-users] What's the setup for macvlan on the host to talk to containers?
Gordon Henderson
gordon at drogon.net
Tue Jul 6 15:04:16 UTC 2010
On Tue, 6 Jul 2010, Whit Blauvelt wrote:
> On Tue, Jul 06, 2010 at 08:46:45AM +0100, Gordon Henderson wrote:
>>> When it's said that for the host to speak to a guest on macvlan, that this
>>> depends on setting up macvlan for the host, too, where can I find
>>> instructions on how to do that?
>>
>> You need to compile the options into the kernel and make sure that you
>> have the bridge-utils package.
>>
>> Under Networking Options:
>> 801.1d Ethernet bridging
>> 802.1q VLAN
>>
>> And under Device Drivers -> Network device support:
>> MAC-VLAN (experimental)
>>
>> At least that works for me!
>
> Ah, so many levels of answers to questions! The top answer from Google about
> macvlan says in part:
>
> "* There is nearly no documentation.
> * What there is, is inaccurate."
Very probably correct...
> Anyway, from reading around I've gotten just far enough to know to bring my
> kernel up from 2.6.32 to .34 (which with a stock Ubuntu config does have
> ethernet bridging and vlan turned on, even in .32, but in .32 the underlying
> macvlan support is incomplete for lxc's purposes), and I've learned that "ip
> link" is the way to add a macvlan on the host.
I've currently "standardised" on 2.6.33.1 over a variety of hardware
platforms. So-far so good. This is a stock kernel off kernel.org and
running Debian Lenny and the LXC .deb 6.5...
I don't actualy need to add in a macvlan - lxc-start seems to do all the
dirty work for me, once I'd converted the host ethernet into a bridge
interface...
> The syntax to actually work across the macvlan I'm still hazy on. What are
> the ssh invocation options? In iptables firewalling, is the best way to base
> everything on "-m mac"? Does running with macvlan require adjustments to the
> routing tables? The "nearly no documentation" is an understatement.
I'm not doing anything different inside a container at all. The host
firewall attaches to br0, I can filter packets forwared via eth0 on the
host, and each container gets an eth0 of it's own to attach a
firewall/iptables to...
> Is there generic vlan knowledge I should be gaining and applying here? I've
> only run real LANs. Or is macvlan quite a different animal for these
> purposes?
I'm hazy... But ... My interpretation is that macvlan allows you to create
a virtual MAC address (device) inside a host which is them plumbed into
the virtual ethernet switch (bridge) running on the host... The other side
of the macvlan device is inside the container, presented as eth0 ... I've
been able to create eth0:1, eth0:2 ... etc. devices inside containers and
all behave as expected.
lxc-start does the actual device creation and plumbing once you've created
the bridge.
But I could be wrong, however I'm really not doing anything more than
reading a few articles online about creating a container, config file,
fstab file, and lxc-start'ing it...
Gordon
More information about the lxc-users
mailing list