[Lxc-users] Networking fails sporadically in containers on ubuntu server 12.10

David Parks davidparks21 at yahoo.com
Sat Mar 30 14:19:30 UTC 2013 

I posted this on the Ubuntu forums, but realized that this might be the more
appropriate place to post it.

 

I'm getting very unpredictable results from an environment I have set up for
LXC. 

I run windows 7 on my laptop, where I run a virtual box instance of ubuntu
12.10 server. 

Virtualbox is set up to use NAT on network 10.1.x.x/16, default gateway of
10.1.0.2 (these IPs match the IPs that these containers will use on
production hardware later). This works fine, both the Host OS can access the
internet and containers (sometimes) can. So configuration is good.

But sometimes a container OS won't be able to access the internet.

I've configure br0 on the host OS to bridge between the container OSs and
the Hosts eth0 (static IP configured on the host, not using lxcbr0 for NAT).


Yesterday I had a case where the container couldn't access the internet. I
could ping the host OS, but pinging the router at 10.1.0.2 failed. When I
did a tcpdump on the host OS I could see ICMP packets from the container and
the response from the router, but I didn't get that on the container. A full
reboot of my laptop fixed the problem (arrrrggggg!!!)

I'm working with a container today that works fine, networking is working.
But when I cloned that container and set the new container to an IP of
10.1.0.45 (the original being 10.1.0.4) that one can't access the router.
Pinging the host OS works, pinging other containers work, but I cannot ping
the default gateway. Again, tcpdump on the host shows me the traffic to and
from the router, but the container doesn't get it.



Code:

davidparks21 at hostOS:~$ sudo tcpdump icmp

tcpdump: WARNING: eth0: no IPv4 address assigned

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

11:56:44.356877 IP 10.1.0.45 > 10.1.0.2: ICMP echo request, id 336, seq 46,
length 64

11:56:44.357964 IP 10.1.0.2 > 10.1.0.45: ICMP echo reply, id 336, seq 46,
length 64

11:56:45.356940 IP 10.1.0.45 > 10.1.0.2: ICMP echo request, id 336, seq 47,
length 64

11:56:45.357718 IP 10.1.0.2 > 10.1.0.45: ICMP echo reply, id 336, seq 47,
length 64

 

 

davidparks21 at hostOS:~$ arp -a

? (10.1.0.4) at c6:63:bb:a7:d8:60 [ether] on br0

? (10.1.0.2) at 52:54:00:12:35:02 [ether] on br0

? (10.1.0.45) at 32:8c:fc:c1:7f:e5 [ether] on br0

 

 

davidparks21 at hostOS:~$ brctl show

bridge name     bridge id               STP enabled     interfaces

br0             8000.080027ca5f7a       no              eth0

                                                        vethB864oI

                                                        vethQ2kfp9

                                                        vethYHH03A

 

I'm starting to think "bug" here... I shouldn't possibly be able to see the
traffic cross to and from the host OS and not see it in the container.

I know the configuration works because this configuration works "sometimes"
but not others.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20130330/03042474/attachment.html>

More information about the lxc-users mailing list