[lxc-users] macvlan with tagged vlan

Walter walter.stanish+lxc-users at gmail.com
Thu Feb 13 05:47:35 UTC 2014 

Tangentially related story: I have a highly dynamic topology (many
VLANs created/destroyed frequently). I use the following structure:

Host = 2 x NICs, joined as 1 x bond0 interface with failover
VLANs = bond0 interface linked, negotiated dynamically based upon
requirements of hosted containers, appearing as separate interfaces
Containers = 1 x tun interface per VLAN, configured separately on the
host side and client side with static IP address information
determined at the time of container launch (no DHCP, spanning tree
through to container, etc.) and iptables rules linking them at layer 3
through to the above VLAN interfaces

This setup is experimental but functional. The design evolved for a few reasons:
 - tun seems the most bug-free/stable/arbitrary network topology
portable/fast to set up (ie. actually pass traffic IMMEDIATELY at
startup). in my testing i constantly observed delays with bridge-based
methods, despite trying many options to avoid them.
 - tun relies on iptables, a more familiar/better tooled/predictable
place to provide network connectivity logic than other routes (IMHO)
 - in my environment, containers should be essentially external
topology naieve, thus DHCP is avoided

To achieve this, the critical line in an lxc.conf is the network up
script: lxc.network.script.up .. which configures the host-side
interface and a container-specific iptables chain containing the
guest's network connectivity rules.

Stressing that it's working but not polished, the result is actually a
pacemaker + corosysnc + failover-capable-bonding + LXC based cluster
engine embedded as one part of an alternative to things like docker /
orchestration systems that I am hoping my employer agrees for me to
release open source. IMHO it's a bit broader-scoped / more mature
(especially in terms of service deps, deferring to pacemaker+corosync
air traffic control level proven codebases in this case) than most of
the alternatives out there. It grew and continues to grow from real
needs.

- Walter

On 7 February 2014 04:32, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> Quoting e (florian.engelmann at gmail.com):
>> Hi,
>>
>> is it possible to use network type macvlan on tagged VLANs?
>
> Looks like noone has tried this.  If you come up with an answer
> please do report back as it'd be interestinng to know.
>
> -serge
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list