[Lxc-users] Fwd: Container inside an ESX VM

Mauras Olivier oliver.mauras at gmail.com
Mon May 2 08:18:37 UTC 2011


On Wed, Apr 27, 2011 at 11:59 AM, Mauras Olivier <oliver.mauras at gmail.com>wrote:

>
>
> On Tue, Apr 26, 2011 at 6:03 PM, Mauras Olivier <oliver.mauras at gmail.com>wrote:
>
>>
>>
>> On Sat, Apr 23, 2011 at 12:40 PM, Mauras Olivier <oliver.mauras at gmail.com
>> > wrote:
>>
>>> Hi Geordy,
>>>
>>> Thanks for your reply. The first one is actually already set here. I
>>> asked ESX folks to create me my own vswitch with promisc mode enabled.
>>> I saw the second one coming, but didn't think that could make
>>> something... There's also a setting like "mac.verify" that can be set to
>>> false directly from the .vmx file to allow you to use another MAC than
>>> 00:50:56:xxxxxx for your VM.
>>> I'll try to force a high MAC in the 00:50:56 subset for my containers and
>>> see what happens.
>>>
>>>
>>> I'll let you know,
>>>
>>> Olivier
>>>
>>>
>>> On Sat, Apr 23, 2011 at 9:12 AM, Geordy Korte <gkorte at gmail.com> wrote:
>>>
>>>> On Sun, Apr 17, 2011 at 8:39 AM, Geordy Korte <gkorte at gmail.com> wrote:
>>>>
>>>>> Thought about it some more and i think it might be an advanced esx
>>>>> feature that restricts this. Basically a couple of adv features block
>>>>> spoofing and mac changes on a vhost. I will try to find the specific command
>>>>> you need to run on an esx host tomorrow, or maybee someone can google it. I
>>>>> am 100% sure that it's not a bug in either esx or lxc and no modifications
>>>>> are needed on the lxc side.
>>>>>
>>>>>
>>>> Hi,
>>>>
>>>> Sorry for the delay, kids birthday and my new job has not left me with
>>>> much time. Anyways I did some digging and founds some stuff that might help.
>>>>
>>>> The first one is in the properties of the vswitch that is
>>>> interconnecting the lxc host to the network. Edit the properties and in the
>>>> Security Tab make sure that promiscus mode, Mac changes and forged macs are
>>>> set to accept. Basically the vswitch will allow all mac's coming from the
>>>> lxc and not block them.
>>>>
>>>> The second tip is more of a maybee...  ESX 3.x basically would allow to
>>>> you to change the mac of the Vhost to whatever you wanted. In ESX 4.0 Vmware
>>>> rewrote the code and would allow you to specify a mac only if it was in the
>>>> vmware OUI range. To make sure that ESX does not cut the communication try
>>>> to set the macs of you LXC containers to: 00:50:56:XX:YY:ZZ
>>>>
>>>> I hope this helps a little.  Give it a shot and let me know how it works
>>>> out.
>>>>
>>>> Geordy
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Fulfilling the Lean Software Promise
>>>> Lean software platforms are now widely adopted and the benefits have
>>>> been
>>>> demonstrated beyond question. Learn why your peers are replacing JEE
>>>> containers with lightweight application servers - and what you can gain
>>>> from the move. http://p.sf.net/sfu/vmware-sfemails
>>>>
>>>> _______________________________________________
>>>> Lxc-users mailing list
>>>> Lxc-users at lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/lxc-users
>>>>
>>>>
>>>
>> Hello,
>>
>> Good news here!! Forcing container MAC to 00:50:56:xx:xx:xx make it work
>> flawlessly! Two containers running at the same time without the need to
>> restart network nor Kernel Panic. So far so good!!
>> Problem solved for me, will be able to deploy some more containers now.
>>
>> Thanks for your help.
>>
>> Olivier
>>
>> And actually not quite well... I still have random container freezes with
> sometimes "eth0: received packet with own address as source address" in my
> dmesg.
> The container can't access network for 30s then get's back randomly, can't
> find the reason of this :(
>
> Still have KP with multiple containers up and running, have to check dump.
>
> If anyone has any idea about theses network glitches...
>
>
> Thanks,
> Olivier
>

Hello,

Just a quick notice to say that i have resolved some of my problems by
upgrading the kernel. I can now have containers running on a physical
interface which makes the network functioning correctly for theses
containers.
The bridge setup is still unreliable though - could this come from an
outdated version of bridge-utils and/or ip-utils packages?

iputils-20071127-13.el6.x86_64
bridge-utils-1.2-9.el6.x86_64

20071127 sounds a bit not up2date for me i guess that could make sense to
update them... Is there a minimal version supported by LXC to ensure full
compatibility?

As i'm still looking at other possibilities, i know some people running
flawlessly openVZ containers on ESX VM in openVZ VLAN mode. What's the
equivalent LXC mode? Macvlan?


Regards,
Olivier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20110502/d037ff55/attachment.html>


More information about the lxc-users mailing list