[lxc-users] Configuring LXC containers to use a host bridge under CentOS 7

Peter Steele pwsteele at gmail.com
Sun Aug 30 18:10:36 UTC 2015 

On 08/29/2015 03:26 PM, Fajar A. Nugraha wrote:
>
> It should be "tcpdump -n -i bond0 host 172.16.0.1" and "tcpdump -n -i 
> veth5BJDXU host 172.16.0.1"
>

Okay, I ran this test, plus a few others. This specific test generated 
no icmp traffic on either bond0 or the veth interface. After starting 
these tcpdump commands, I connected to the container and ran a ping to 
172.16.0.1. I got a "host unreachable error" so I'm not surprised 
nothing showed up in the tcpdump commands. I did the identical test with 
a libvirt container and got the expected icpm request and reply records:

10:44:05.379736 IP 172.16.0.1 > 172.16.110.204: ICMP echo reply, id 
2656, seq 3, length 64
10:44:06.390229 IP 172.16.110.204 > 172.16.0.1: ICMP echo request, id 
2656, seq 4, length 64
10:44:06.390689 IP 172.16.0.1 > 172.16.110.204: ICMP echo reply, id 
2656, seq 4, length 64
10:44:07.400236 IP 172.16.110.204 > 172.16.0.1: ICMP echo request, id 
2656, seq 5, length 64

It's pretty clear the LXC containers are not talking to the bridge. Once 
started, I can't even ping a container's IP address from the host, and 
likewise the container cannot ping its host. LXC containers can only 
ping each other, behaving exactly like I'd expect NAT to behave. The 
config I am using must not be correct. I'm using this config:

lxc.utsname = test1
lxc.network.type = veth
lxc.network.name = eth0
lxc.network.link = br0
lxc.network.flags = up

You'd think this would tell the container to link to the br0 bridge, but 
this isn't doing what I intend. The brctl command shows what's really 
going on:

# brctl show
bridge name     bridge id               STP enabled interfaces
br0             8000.52540007b444       no bond0
vnet0
vnet1
virbr0          8000.525400d0df7b       yes veth5BJDXU
vethU3VLKX
virbr0-nic

The two vnet entries associated with the br0 bridge interface are the 
ones that get created when I start my libvirt-LXC containers. The two 
veth entries associated with virbr0 sre created when I start my LXC 
containers. The virbr0 bridge is created by libvirt to support 
containers (and VMs) that are configured to use NAT addressing. We've 
always used host bridging and so have never used this virbr0 interface. 
For whatever reason, the LXC containers want to link to virbr0 despite 
the fact br0 is specified in their config.

Clearly there is user error here on my part and I am not correctly 
specifying how to configure LXC containers to use host bridging under 
CentOS. I'll have to do some more digging.

Peter

More information about the lxc-users mailing list