[Lxc-users] Two virtual interfaces in a container
Daniel Lezcano
daniel.lezcano at free.fr
Mon Oct 25 11:15:27 UTC 2010
On 10/25/2010 07:24 AM, Nirmal Guhan wrote:
> On Sun, Oct 24, 2010 at 3:07 PM, Daniel Lezcano<dlezcano at fr.ibm.com> wrote:
>
[ snip ]
> How does it work when I have eth0 in lxc attached to br0? I still
> assign IP to eth0 in this case as part of lxc config. Is this a
> special case where IP is required for interface attached to the
> bridge?
>
I assume you are talking about a veth + bridge, right ?
The network stacks are separated between the host and the container and
the veth is a pass-through network device,
it is a pair device (vethA - vethB). When the packets are injected to
vethA, they are received by vethB and when they are injected to vethB,
they are received by vethA.
Practically, when the container is created, the vethA is attached to the
bridge and vethB is moved inside the container and renamed eth0 for
convenience. No IP address is assigned to vethA but it is assigned to vethB.
Assuming you have an IP address 1.2.3.4 on vethB and another host with
the IP 1.2.3.5, if you ping from the container to the host, here is what
happens:
(container) : search the route for dest address 1.2.3.5
(container) : found the dev where to send packet is eth0 (aka vethB)
(container) : send the packet to this device
(host) : the packet arrives from vethA
(host) : the bridge hooks the packet
(host) : lookup the destination with the mac @
(host) : send the packet on all the ports
(host) : the packet goes through the real device eth0
(peer) : the packet arrives to the peer and this one answers
(host) : the packet arrives on the real device eth0
(host) : the packet is hooked by the bridge code
(host) : the bridge look for the dest mac @ and find vethA
(host) : the bridge send the packet to vethA
(container) : the packet arrives to eth0 (aka vethB)
More information about the lxc-users
mailing list