[Lxc-users] lxcbr0 MAC addr issue

Serge Hallyn serge.hallyn at ubuntu.com
Wed Jun 5 16:26:16 UTC 2013


Quoting Michael H. Warfield (mhw at WittsEnd.com):
> Crap...  Bumped the keyboard and this one got away from me prematurely.
> 
> On Wed, 2013-06-05 at 11:23 -0400, Michael H. Warfield wrote: 
> > On Wed, 2013-06-05 at 15:17 +0000, Jäkel, Guido wrote: 
> > > >yes and it does this.  The point is that lxcbr0 is not tied to any
> > > >physical nic.  So the first container you start, however high the
> > > >macaddr is, lxcbr0 takes its mac.  If the next container gets a
> > > >lower macaddr, lxcbr0's macaddr drops.
> 
> > > This lxcbr0 is special to Ubuntu, right? And if not to a physical
> > NIC, to what is this bridge connected to on the host?
> 
> > Not to the best of my knowledge.  It should be a simple bridge.
> 
> > What do you get for this command?
> 
> > brctl show
> 
> > A bridge doesn 
> 
> A bridge doesn't have to be attach to a device.  A bridge is its own
> logical entity in the kernel to which you may attach devices.  You can
> not "attach a bridge" to something else.  You can only attach something
> else "to the bridge".  There's a difference.
> 
> In the case of a NATing configuration, you set up a bridge (name it
> whatever you want) and attach the containers to it.  Then you use the
> NAT modules to route between the bridge and the external interface while
> NATing the addresses.  I use "lxcbr0" on my Fedora hosts.  It's just a
> bridge.
> 
> I could see where Ubuntu might have some preconfigured setups for this
> purpose where I have to set them up by hand in Fedora.  That's just a
> matter of the distro specific support scripts.

Right.  And we *could* attach a dummy device with mac starting with
something lower.

BUT I just did some testing, and even as I watch lxcbr0's addr go down
when starting a new container, my ssh to the container which had the
higher macaddr doesn't hiccough.

Perhaps it'll be a problem when connected from an outside host (through
port forwarding).  In that case I'll happily do the dummy if hack.  But
it seems possible that it just isn't needed.  (And since the iptables rule
is --to-destination an ip address, I'm thinking it won't be)

-serge




More information about the lxc-users mailing list