[lxc-users] Question on bridging in nested containers

Guido Jäkel G.Jaekel at DNB.DE
Fri Mar 13 06:52:01 UTC 2015 

Dear Anjali,

sorry, but I don't understand what do you mean by "double the number of IP and MACs". As bidging is a pure layer2 thing, you don't need any additional layer3 thing (say IP) for any inserted bridge. And in case of using the Linux software bridge, you don't even need to manage the MAC of the bridge because it will use the lowest MAC of the attached devices as the upstream source MAC.

>From may interpretation of your aims, there's no need for additional IPs or MACs if you nest your containers.

(BTW: This will lead to some practical pecurilariy like short complete traffic interruption because this MAC will change if it's choosen from the veth of an attached container and this container is shut down. Therefore, one may take additional care to guarantee that the MAC of the bridges upstream device is the lowest one)


Guido

On 12.03.2015 20:35, Anjali Kulkarni wrote:
> Thanks Fajar and Guido.
> The use case for this is that I don’t want to have double the no of IP and
> MACs for each interface I want on the nested container. I want to be able
> to bypass the networking (and bridge) on LXC so that I can use only one IP
> and MAC for any eth interface (I don’t need connectivity on the base
> container)
> 
> Anjali
> 
> On 3/11/15, 11:45 PM, "Guido Jäkel" <G.Jaekel at DNB.DE> wrote:
> 
>> Dear Fajar,
>>
>> Theoretical, for the root host it should be possible to "pull out" the
>> "fist container level end" of the vet's of for the nested containers to
>> the host by changing it's namespace, isn't it?
>>
>> But because this will need the "cooperation" of the host environment to
>> start a nested container from the first level container, which will
>> undermine the nesting szenario.
>>
>>
>> Dear Anjali,
>>
>> what's your usecase or aim to try such a way?
>>
>> Guido
>>
>>
>> On 11.03.2015 22:21, Anjali Kulkarni wrote:
>>> Sorry, I didn¹t phrase this correctly.
>>> What I meant is I ok to bypass the base container (don¹t need bridging
>>> connectivity to it), but just want to expose the host bridge to the
>>> nested
>>> container.
>>>
>>> Anjali
>>>
>>> On 3/11/15, 2:14 PM, "Fajar A. Nugraha" <list at fajar.net> wrote:
>>>
>>>> On Thu, Mar 12, 2015 at 3:10 AM, Anjali Kulkarni <anjali at juniper.net>
>>>> wrote:
>>>>
>>>>> interested in knowing if one bridge on the host can be used to bridge
>>>>> the
>>>>> base container and the nested container within the base container?
>>>>
>>>> No. A network interface can't be both in the host and in the container
>>>> at the same time.
>>

More information about the lxc-users mailing list