[lxc-users] veth in unprivileged containers and proxy arp

Witold Filipczyk gglater62 at gmail.com
Mon Apr 4 11:52:17 UTC 2016 

On Mon, Apr 04, 2016 at 04:26:05PM +0700, Fajar A. Nugraha wrote:
> On Mon, Apr 4, 2016 at 1:22 AM, Witold Filipczyk <gglater62 at gmail.com> wrote:
> > Hi, I don't know too much about lxc and networks.
> >
> > I've got some questions to https://lists.linuxcontainers.org/pipermail/lxc-users/2015-February/008553.html
> > There is a host with a few public IPs.
> > sysctl.conf:
> > net.ipv4.ip_forward=1
> > net.ipv4.conf.eth0.proxy_arp=1
> >
> > For every IP something like this:
> >
> > /etc/network/interfaces.d/$IP
> > auto vc1
> 
> 
> I believe distros with systemd would wait untill all "auto" entries
> are up. Better use "allow-hotplug" instead
> 
> 
> > iface vc1 inet static
> >     address 172.16.0.1/32
> >     scope link
> >     pointopoint $IP
> >     post-down vcdown vc1
> >     post-up vcup vc1
> >
> > vc2,and so on
> >
> > vcdown and vcup do exit 0
> >
> > The problem is that after lxc-stop and lxc-start sometimes there are errors like this:
> > lxc-start 20160403180712.290 ERROR    lxc_conf - conf.c:instantiate_veth:2677 - failed to create veth pair (vc1 and vethQJ3XAQ): File exists
> >
> > How to speedup "closing" and "opening" vc1 and ensure that lxc-stop/lxc-start will succeed?
> 
> 
> There's a bug where old veth interface is not destroyed quickly-enough
> when the container is shut down. This only becomes apparent when you
> use static veth pair name. I haven't encountered this bug on 2.0.0-rc
> though.
> 
> In the mean time, you can use something like this in container config file:
> 
> lxc.network.script.down = /etc/lxc/script/net-down
> 
> where /etc/lxc/script/net-down (or wherever you decide to put the script) is:
> #!/bin/bash
> /sbin/ip link del "$5"
> 
> for more details, run "man lxc.container.conf", search
> "lxc.network.script.down". Basically the script force-delete the old
> veth interface when the container is down.

Thanks.

Other problem:
reboot in container hangs.
lxc-ls -f shows state RUNNING and IP -
The only method for reboot is lxc-stop/lxc-start
Is any solution for this?

More information about the lxc-users mailing list