[lxc-users] Cannot create a macvlan private bridge on lx

Anjali Kulkarni anjali at juniper.net
Thu Aug 14 15:37:29 UTC 2014 

Thanks for the great explanation.!
Anjali

On 8/14/14 5:41 AM, "Jäkel, Guido" <G.Jaekel at dnb.de> wrote:

>Dear Anjali,
>
>you'll know that a bridge acts at network layer 2, i.e. dealing just with
>the MACs.
>
>In the typical usecase you want to bridge the hosts outside network to
>the containers. To archive this, you attach the hostside of the
>containers virtual NICs (which you can imagine as a "short wire" between
>the namespaces) to the bridge and also the hosts real NIC. While
>attaching to the bridge, the NICs are switches to "promiscuous mode",
>i.e. they don't care of matching IP addresses at layer 3 and accept any
>packet.
>
>But now, how to connect the host with the outerworld, where to place the
>hosts layer 3 config? That's why you put this parameter set to the Linux
>software bridge: To act as an outgoing device of the hosts "IP stack".
>
>If you leave this empty, the bridge is isolated from the host. If you
>don't attach a physical NIC to the bridge, it's isolated from the outer
>world.
>
>From that Serge suggested to instanciate a bridge, attach the parties to
>it (layer 2) and choose some adequate layer3 network configuration to
>route IP traffic between them.
>
>
>BTW: If you're dealing with VLANs, you may "first" attach vlan devices to
>your physical NIC on a trunk and "then" attach a couple of bridges to
>this vlan devices. This will allow you to host isolated sets of
>containers in different VLAN's, e.g. for staging purposes.
>
>Guido
>
>>-----Original Message-----
>>From: lxc-users [mailto:lxc-users-bounces at lists.linuxcontainers.org] On
>>Behalf Of Anjali Kulkarni
>>Sent: Wednesday, August 13, 2014 7:40 PM
>>To: LXC users mailing-list
>>Subject: Re: [lxc-users] Cannot create a macvlan private bridge on lx
>>
>>Yes, but does this not go through the host? That is, the host's
>>eth0(management) has to be in this bridge? I want to be able to create
>>multiple such bridges, so I cannot add the eth0 of host to every such
>>bridge..
>>This works already, I want a "private" bridge between VM and container,
>>which does not go through the host.
>>
>>Anjali
>_______________________________________________
>lxc-users mailing list
>lxc-users at lists.linuxcontainers.org
>http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list