[lxc-users] re Networking issues with LXC containers in EC2

Peter Steele pwsteele at gmail.com
Tue Jan 12 23:39:36 UTC 2016 

On 01/12/2016 01:34 PM, brian mullan wrote:
> All I did was install/configure PeerVPN on say server1 and server2 and 
> make sure they
> connected.
>
> While logged into each of your servers you should then be able to ping 
> 10.x.x.x IP address of the other PeerVPN member server(s) ... assuming 
> you are using PeerVPN as an L2 VPN and not a L3 VPN.
>
> The next step I did was to connect the TEP (tunnel end-point) to the 
> LXCBR0 or in your case I guess the BR0 bridge to enable
>
> containers attached to that bridge to pass data over the VPN tunnel.
>
> Since the PeerVPN TEP interface (“peervpn0” in the Tutorial example)
>
> is just like any other Linux ethernet interface we can use the “ip link”
> command to connect the peervpn0 interface to the LXC lxcbr0 (or BR0) 
> bridge.    You need to do that on both of your server/instances.
>
> /*$ sudo ip link set dev peervpn0 master lxcbr0*/
>
> or
>
> /*    $ sudo ip link set dev peervpn0 master br0*/
>
> now the 10.x.x.x network (being an L2 VPN) is like one big ethernet 
> from the LXC container perspective on either host and you should be 
> able to ping from say cn1 on server1 to cn2 on server2.
>
> I wrote up some of what I did a long time ago but I'd never gone back 
> and updated the info to reflect using a common dnsmasq for all 
> containers on all host/servers.   At the time I was just trying to see 
> if it worked.
>
> I don't know if my writeup 
> <https://bmullan.wordpress.com/2015/05/12/proof-of-concept-using-mesh-vpn-to-interconnect-lxc-containers-on-multiple-hosts-on-multiple-clouds/>will 
> help.
>
> Brian
>
I've already found your write-up and that pointed me to the missing ip 
link command. I've got it to work, although I'm having somewhat mixed 
results. For one thing, when I do get communication to work for 
containers, I am still unable to ping from a container on host 1 to a 
second host. I *can* ping a container in host 2 but not host 2 itself. I 
can also ping the host 2 host from host 1, just not from a container in 
the host 1. Is this expected? Our containers also need to be able to 
communicate with other hosts in our framework, not just with other 
containers.

For some reason, once I have it set up and working, it suddenly stops 
working, and I've even had my instance completely hang and needed to 
stop/start it. I'm seeing multiple warnings on this sort appearing on 
the screen in both of my peervpn sessions:

[44] warning: recursive packet filtered!

Is this indicative of some kind of issue or is this expected?

Peter

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160112/c4adf77c/attachment.html>

More information about the lxc-users mailing list