[lxc-users] venet like networking in LXC possible ?

Fri May 23 18:48:19 UTC 2014

On Fri, May 23, 2014 at 11:16 AM, Marc MAURICE
<marc.maurice at objectif-libre.com> wrote:
>> Because host networking is very distro-dependent, we cannot do a lot
>> of things in upstream lxc.  However we're starting to ship things
>> under config/, so if we can figure out how to do this for the most
>> common distros, that'd be nice.
>>
>> If you blog a concise explanation/tutorial of the minimal steps
>> you needed to do, we can try to figure out where the pieces need to
>> go.
>>
> I will take time to publish a blog post on that later.
>
> I got it working with a network start script.
>
> Configuration summary :
> ----------
> /etc/network/interfaces:
>
> auto br0
> iface br0 inet static
>         address 192.168.124.1
>         netmask 255.255.255.0
>         bridge_ports none
>         bridge_maxwait 0
>         bridge_stp off
>         bridge_fd 0
> ----------
> # grep network /var/lib/lxc/test/config
>
> lxc.network.type = veth
> lxc.network.flags = up
> lxc.network.link = br0
> lxc.network.hwaddr = 00:16:3e:57:c1:95
> lxc.network.ipv4 = 212.129.10.90/32
> lxc.network.ipv4.gateway = auto
> lxc.network.script.up = /etc/lxc/netup
> ----------
> # cat /etc/lxc/netup
> #!/bin/sh
>
> IP=$(sed -n 's/^lxc.network.ipv4\s*=\s*\(.*\)\/.*/\1/p' "$LXC_CONFIG_FILE")
> BRIDGE=$(sed -n 's/^lxc.network.link\s*=\s*\(.*\)/\1/p' "$LXC_CONFIG_FILE")
>
> ip route add "$IP" dev "$BRIDGE"
>
> arp -i em1 -Ds "$IP" em1 pub
> ----------
>
> * it's missing a stop script
> * We also still have to figure out how to detect the default interface (em1
> in my script/config)
> * Maybe we can simplify things. I don't know exactly how it's done in
> openvz, but containers have only one route : default dev venet0 scope link
> (avoids possible ip conflict with bridge IP).
>
> With that, I'm able to popup containers with dedicated ips by just changing
> the lxc.network.ipv4 parameter.

Somehow this still doesn't work for me.  My host is Linode and I've
been looking for a way to deal with their network configuration and
still achieve this.

When I try to ping from container I get something like this and many
of the other packets drop out completely:
>From 66.228.40.XX: icmp_seq=2 Redirect Host(New nexthop: 66.228.40.1)

In addition I had to tweak the interfaces configuration and add eth0
to bridge_ports otherwise the host had no connectivity.  The situation
was the same in the container regardless if that was set to none or
eth0.  I replaced em1 with eth0 based on your information.