[lxc-users] Containers have network issues when their host uses a bonded interface

Fajar A. Nugraha list at fajar.net
Tue Sep 15 13:06:36 UTC 2015


On Tue, Sep 15, 2015 at 3:29 PM, Andrey Repin <anrdaemon at yandex.ru> wrote:
> Greetings, Fajar A. Nugraha!
>
>>> We will have to do some thorough testing with the 4.2 (or possibly 4.1)
>>> kernel over the next few weeks to make sure this kernel doesn't introduce
>>> new issues.
>
>> That would seem like the best option for you.
>
>>> new issues. Our only other option would be to fall back to KVM instead of
>>> containers and that's not something we really want to do.
>
>> Assuming your problem is caused by bridging the veth interface,
>> there's an alternate networking setup with proxyarp + route that might
>> work. It doesn't use bridge, and only works for privileged containers.
>
> Aren't you overcomplicating it?
>

It depends on what the root cause of the problem is.


> 1. Containers config:
>
> lxc.network.type = macvlan
> lxc.network.macvlan.mode = bridge


I assumed the problem has something to do with bonding and multiple
mac combination. Proxyarp only presents one mac on the interface: the
host, thus eliminating one possible problem source. The assumption
might or might not be valid, thus needs to be tested.

Also, with routing + proxyarp, there's the bonus of "container can
only use IP address assigned to it, and a rogue container can't use
another container's/host's IP address"

Of course, in the end, use whatever is more appropriate for your needs.

-- 
Fajar


More information about the lxc-users mailing list