[lxc-users] venet like networking in LXC possible ?
Serge Hallyn
serge.hallyn at ubuntu.com
Thu May 22 13:42:11 UTC 2014
Quoting Marc MAURICE (marc.maurice at objectif-libre.com):
> Hi,
> thanks a lot for your answers.
> >well ... nothing outside the server should even know about the
> >container's MAC address. Because if the network setup is the same as
> >mine, then the provider's router would route all traffic for the
> >container thru main server's IP. In other words, the provider's router
> >will ask for the server's IP, not the container's IP.
> >
> >Can you give real IP addresses? The easiest way to check, is that if
> >your server's main IP and additional IP are on DIFFERENT subnets (e.g.
> >111.94.248.114/24 and 65.55.58.201/32), then it's routed setup. If
> >it's on the SAME subnet, then you can't copy my setup, because the
> >network config is different.
> My IP addresses are clearly on 2 differents subnets.
> The hardware host has a dedicated IP on a public /24 subnet :
> 62.210.82.XX/24
>
> And the additionnal IP for the container :
> 212.129.10.XX/32
>
> But I think you're right : this is different. The provider's router
> is not routing directly with the hardware host IP.
> >
> >>How do I tell my host to respond to those arp queries ?
> >
> >
> >Assuming that your setup is DIFFERENT from mine (that is, your server
> >AND container IP are on the same subnet), you could probably try
> >something like this. Note that you should make SURE you have console
> >access (e.g. KVM, ILO) to your server incase something goes wrong
> >before trying this.
> >
> >Asssuming:
> >- the provider's router IP is 192.168.124.1/24
> >- your server is connected to provider's router thru eth0, with ip
> >address 192.168.124.179/24, MAC 00:16:3e:46:76:9e
> >- your server is connected to the container thru br0 bridge
> >- the container's IP is 192.168.124.180
> >
> >On the server:
> >- remove IP address on the bridge: ifconfig br0 0.0.0.0 up
> >- add container's IP information in arp table: arp -i eth0 -s
> >192.168.124.180 00:16:3e:46:76:9e pub
> >- add route to the container via the bridge: ip route add
> >192.168.124.180 dev br0
> >
> >On the container: pretty much the same as the previous setup. Except
> >now use the server's eth0 ip address as the gateway
> >- ifconfig eth0 192.168.124.180/32 up
> >- ip route add 192.168.124.179 dev eth0
> >- ip route add default via 192.168.124.179
> >
> >
> >If that works, then you can setup the appropriate config file (e.g
> >/etc/network/interfaces) so the process would start automatically.
> >
> Yes !
> The arp publishing command is the key ! It's working now !
> I will take some time to clean up my config and give it back here.
>
> However I think it would be nice to have it done automatically by
> LXC start scripts.
Because host networking is very distro-dependent, we cannot do a lot
of things in upstream lxc. However we're starting to ship things
under config/, so if we can figure out how to do this for the most
common distros, that'd be nice.
If you blog a concise explanation/tutorial of the minimal steps
you needed to do, we can try to figure out where the pieces need to
go.
More information about the lxc-users
mailing list