[lxc-users] Connecting container to tagged VLAN

Fajar A. Nugraha list at fajar.net
Thu Jan 28 01:09:51 UTC 2016 

On Thu, Jan 28, 2016 at 5:19 AM, Joshua Schaeffer <jschaeffer0922 at gmail.com>
wrote:

>
> On Wed, Jan 27, 2016 at 2:39 PM, Fajar A. Nugraha <list at fajar.net> wrote:
>>
>>
>> Is eth1 connected to your switch as trunk? If no (e.g. you have the same
>> settings for eth1 and eth2 on the switch side),
>>
>
> Both ports are connected as trunk. As far as the switch side goes each
> ports is configured the same. Trunked for VLAN 10, 500 and 501. Native VLAN
> is 10.
>
> eth2 already works. I set it up for testing outside of all containers
> (i.e. on the host only). From the host:
>
>
That doesn't match what you said earlier.

"two NIC's (eth1 and eth2) are setup to connect to this VLAN (vlan id 500)"

"
Native VLAN is 10.
"

"
iface eth2 inet static
        address 10.240.78.4/24
        gateway 10.240.78.1
"

So 10.240.78.0/24 with gateway 10.240.78.1 is VLAN 10? It must be, since
you use eth2 directly.

Yet on lxc config file, you use
"
lxc.network.link = br0-500
lxc.network.ipv4 = 10.240.78.3/24
lxc.network.ipv4.gateway = 10.240.78.1
"

So vlan 10 and vlan 500 is using the same network?



> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 0.0.0.0         192.168.54.1    0.0.0.0         UG    0      0        0
> eth0
> 10.0.3.0        0.0.0.0         255.255.255.0   U     0      0        0
> lxcbr0
> 10.240.78.0     0.0.0.0         255.255.255.0   U     0      0        0
> eth2
> 192.168.54.0    0.0.0.0         255.255.255.128 U     0      0        0
> eth0
>
> PING 10.240.78.1 (10.240.78.1) 56(84) bytes of data.
> 64 bytes from 10.240.78.1: icmp_seq=1 ttl=255 time=1.76 ms
>


That should be vlan10 (native vlan for eth2).

You haven't tested it in vlan500.

then you can't tag it inside your host.
>>
>
> I did have that idea and tried it without success:
>
> # The second network interface
> auto eth1
> iface eth1 inet manual
>
> #commenting out dot1q
> #iface eth1.500 inet manual
> #       vlan-raw-device eth1
>
> [...]
>
> auto br0-500
> iface br0-500 inet manual
>         bridge_ports eth1
>         bridge_stp off
>         bridge_fd 0
>         bridge_maxwait 0
>

If the settings are the same, then br0-500 in this configuration SHOULD be
able to access vlan10, its native vlan. If it DOESN't work, check your
switch.




>
>
>>
>> To put it another way:
>> - start with known-good configuration, THEN make incremental changes
>> - in yout case, start by testing whether it works on the HOST side when
>> you assign an IP address to eth1.500, WITHOUT br0-500 bridge
>>
>
> Okay thanks, I will try different configurations out.
>
>
>> , and WITHOUT any ip address assigned to eth2.
>>
>
> I'm not sure what you mean by not assigning an IP address to eth2. Eth2 is
> already working from the host, and I don't plan on using it inside any
> container (I may have failed to mention that before). Also how would the
> NIC work without an IP address? I feel I'm missing something obvious here.
>
>
What I meant, check that ETH1 works on the host. If eth2 is on the same
network, it might interfere with settings. So disable eth2 first, then test
eth1 on the host. Without bridging.

-- 
Fajar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160128/4915327f/attachment.html>

More information about the lxc-users mailing list