[Lxc-users] Fwd: Container inside an ESX VM

Wed Apr 27 09:59:46 UTC 2011

On Tue, Apr 26, 2011 at 6:03 PM, Mauras Olivier <oliver.mauras at gmail.com>wrote:

>
>
> On Sat, Apr 23, 2011 at 12:40 PM, Mauras Olivier <oliver.mauras at gmail.com>wrote:
>
>> Hi Geordy,
>>
>> Thanks for your reply. The first one is actually already set here. I asked
>> ESX folks to create me my own vswitch with promisc mode enabled.
>> I saw the second one coming, but didn't think that could make something...
>> There's also a setting like "mac.verify" that can be set to false directly
>> from the .vmx file to allow you to use another MAC than 00:50:56:xxxxxx for
>> your VM.
>> I'll try to force a high MAC in the 00:50:56 subset for my containers and
>> see what happens.
>>
>>
>> I'll let you know,
>>
>> Olivier
>>
>>
>> On Sat, Apr 23, 2011 at 9:12 AM, Geordy Korte <gkorte at gmail.com> wrote:
>>
>>> On Sun, Apr 17, 2011 at 8:39 AM, Geordy Korte <gkorte at gmail.com> wrote:
>>>
>>>> Thought about it some more and i think it might be an advanced esx
>>>> feature that restricts this. Basically a couple of adv features block
>>>> spoofing and mac changes on a vhost. I will try to find the specific command
>>>> you need to run on an esx host tomorrow, or maybee someone can google it. I
>>>> am 100% sure that it's not a bug in either esx or lxc and no modifications
>>>> are needed on the lxc side.
>>>>
>>>>
>>> Hi,
>>>
>>> Sorry for the delay, kids birthday and my new job has not left me with
>>> much time. Anyways I did some digging and founds some stuff that might help.
>>>
>>> The first one is in the properties of the vswitch that is interconnecting
>>> the lxc host to the network. Edit the properties and in the Security Tab
>>> make sure that promiscus mode, Mac changes and forged macs are set to
>>> accept. Basically the vswitch will allow all mac's coming from the lxc and
>>> not block them.
>>>
>>> The second tip is more of a maybee...  ESX 3.x basically would allow to
>>> you to change the mac of the Vhost to whatever you wanted. In ESX 4.0 Vmware
>>> rewrote the code and would allow you to specify a mac only if it was in the
>>> vmware OUI range. To make sure that ESX does not cut the communication try
>>> to set the macs of you LXC containers to: 00:50:56:XX:YY:ZZ
>>>
>>> I hope this helps a little.  Give it a shot and let me know how it works
>>> out.
>>>
>>> Geordy
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Fulfilling the Lean Software Promise
>>> Lean software platforms are now widely adopted and the benefits have been
>>> demonstrated beyond question. Learn why your peers are replacing JEE
>>> containers with lightweight application servers - and what you can gain
>>> from the move. http://p.sf.net/sfu/vmware-sfemails
>>>
>>> _______________________________________________
>>> Lxc-users mailing list
>>> Lxc-users at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/lxc-users
>>>
>>>
>>
> Hello,
>
> Good news here!! Forcing container MAC to 00:50:56:xx:xx:xx make it work
> flawlessly! Two containers running at the same time without the need to
> restart network nor Kernel Panic. So far so good!!
> Problem solved for me, will be able to deploy some more containers now.
>
> Thanks for your help.
>
> Olivier
>
> And actually not quite well... I still have random container freezes with
sometimes "eth0: received packet with own address as source address" in my
dmesg.
The container can't access network for 30s then get's back randomly, can't
find the reason of this :(

Still have KP with multiple containers up and running, have to check dump.

If anyone has any idea about theses network glitches...

Thanks,
Olivier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20110427/b5a565b5/attachment.html>