[Lxc-users] Two virtual interfaces in a container

Nirmal Guhan vavatutu at gmail.com
Wed Oct 27 02:39:59 UTC 2010 

On Mon, Oct 25, 2010 at 4:15 AM, Daniel Lezcano <daniel.lezcano at free.fr> wrote:
> On 10/25/2010 07:24 AM, Nirmal Guhan wrote:
>>
>> On Sun, Oct 24, 2010 at 3:07 PM, Daniel Lezcano<dlezcano at fr.ibm.com>
>>  wrote:
>>
>
> [ snip ]
>>
>> How does it work when I have eth0 in lxc attached to br0? I still
>> assign IP to eth0 in this case as part of lxc config. Is this a
>> special case where IP is required for interface attached to the
>> bridge?
>>
>
> I assume you are talking about a veth + bridge, right ?
>
> The network stacks are separated between the host and the container and the
> veth is a pass-through network device,
> it is a pair device (vethA - vethB). When the packets are injected to vethA,
> they are received by vethB and when they are injected to vethB, they are
> received by vethA.
>
> Practically, when the container is created, the vethA is attached to the
> bridge and vethB is moved inside the container and renamed eth0 for
> convenience. No IP address is assigned to vethA but it is assigned to vethB.
>
> Assuming you have an IP address 1.2.3.4 on vethB and another host with the
> IP 1.2.3.5, if you ping from the container to the host, here is what
> happens:
>
> (container) : search the route for dest address 1.2.3.5
> (container) : found the dev where to send packet is eth0 (aka vethB)
> (container) : send the packet to this device
> (host)         : the packet arrives from vethA
> (host)         : the bridge hooks the packet
> (host)         : lookup the destination with the mac @
> (host)         : send the packet on all the ports
> (host)         : the packet goes through the real device eth0
> (peer)         : the packet arrives to the peer and this one answers
> (host)         : the packet arrives on the real device eth0
> (host)         : the packet is hooked by the bridge code
> (host)         : the bridge look for the dest mac @ and find vethA
> (host)         : the bridge send the packet to vethA
> (container) : the packet arrives to eth0 (aka vethB)
>
Thanks for the detailed explanation. So, if I have multiple interfaces
(eth, tap) attached to bridge, I will assign IP to bridge. As I
tested, I was also able to assign IP to tap interface attached to
bridge (so there are two IPs and still ping both of them. Only missing
piece is - bridge is a layer 2 device that can take an L3 IP too :-)
This helps me, though!!
~Nirmal

More information about the lxc-users mailing list