[lxc-users] Network space visibility in containers

John Lewis oflameo2 at gmail.com
Wed Jul 6 17:40:33 UTC 2016


Oh, those are the tap interfaces. LXC doesn't hide that from the host. I
am not sure if it should.

On 07/06/2016 01:36 PM, steve at linuxsuite.org wrote:
>> Try defining lxc.network.name and see if it fixes it.
>>
>           version 1.08....
>
>            Nope.
>
>         [root at admn-101 ~]# ifconfig
> admn101-1 Link encap:Ethernet  HWaddr 26:3C:0B:06:A2:AF
>           inet addr:10.2.3.101  Bcast:10.2.255.255  Mask:255.255.0.0
>           inet6 addr: fe80::243c:bff:fe06:a2af/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:312 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:129 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:48616 (47.4 KiB)  TX bytes:26791 (26.1 KiB)
>
> admn101-4 Link encap:Ethernet  HWaddr FE:3D:09:F8:AA:AA
>           inet addr:10.5.3.101  Bcast:10.5.255.255  Mask:255.255.0.0
>           inet6 addr: fe80::fc3d:9ff:fef8:aaaa/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:6 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:468 (468.0 b)  TX bytes:468 (468.0 b)
>
> admn101-5 Link encap:Ethernet  HWaddr 72:26:66:8B:0E:FB
>           inet addr:10.1.3.101  Bcast:10.1.255.255  Mask:255.255.0.0
>           inet6 addr: fe80::7026:66ff:fe8b:efb/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:10 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:920 (920.0 b)  TX bytes:468 (468.0 b)
>
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:65536  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>
> [root at admn-101 ~]# netstat -an
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address               Foreign Address           
>  State
> tcp        0      0 0.0.0.0:25                  0.0.0.0:*                 
>  LISTEN
> tcp        0      0 10.5.5.101:443              207.11.1.163:12508        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              1.39.15.205:41572         
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              96.53.94.194:19664        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              73.112.14.86:25891        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              96.53.94.194:19641        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              1.39.15.205:3458          
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              1.39.15.205:54481         
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              96.53.94.194:19608        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              96.53.94.194:19644        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              96.53.94.194:19619        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              1.39.15.205:57090         
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              1.39.15.205:1215          
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              172.56.42.139:38995       
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              96.53.94.194:19565        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              172.56.42.139:36355       
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              96.53.94.194:19532        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              142.27.78.252:51543       
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              172.56.42.139:27733       
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              96.53.94.194:19585        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              1.39.15.205:19024         
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              1.39.15.205:29653         
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              96.53.94.194:19611        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              89.77.132.239:45287       
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              96.53.94.194:19599        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              96.53.94.194:19629        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              1.39.15.205:32231         
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              58.11.176.101:53361       
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              172.56.42.139:23182       
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              96.53.94.194:19558        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              96.53.94.194:19683        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              1.39.15.205:23751         
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              1.39.15.205:47675         
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              101.177.230.216:61453     
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              172.56.42.139:21113       
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              1.39.15.205:5824          
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              96.53.94.194:19676        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              87.211.18.55:61326        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              154.127.125.1:1746        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              96.53.94.194:19548        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              1.39.15.205:43152         
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              96.53.94.194:19672        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              172.56.42.139:48737       
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              1.39.15.205:12832         
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              122.106.235.197:59220     
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              1.39.15.205:56063         
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              66.19.70.152:49996        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              96.53.94.194:19543        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              172.56.42.139:23791       
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              1.39.15.205:42423         
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              96.53.94.194:19650        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              1.39.15.205:6714          
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              1.39.15.205:32364         
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              96.53.94.194:19572        
>  SYN_RECV
> tcp        0      0 10.5.5.101:443              96.53.94.194:19575        
>  SYN_RECV
> tcp        0      0 0.0.0.0:514                 0.0.0.0:*                 
>  LISTEN
> tcp        0      0 10.2.3.101:22               0.0.0.0:*                 
>  LISTEN
> tcp        0     48 10.2.3.101:22               10.2.1.2:24483            
>  ESTABLISHED
> tcp        0      0 :::514                      :::*                      
>  LISTEN
> udp        0      0 0.0.0.0:514                 0.0.0.0:*
> udp        0      0 :::514                      :::*
> Active UNIX domain sockets (servers and established)
>
>> On 07/06/2016 12:04 PM, steve at linuxsuite.org wrote:
>>>> How are these containers networked together? Are you using a Bridges on
>>>> the host or are you just bringing up new interfaces on the host?
>>>           I have  a bridge for each interface.  No interfaces on the
>>> host
>>> have
>>> IP's except br1. Use veth in config
>>>
>>> lxc.network.type = veth
>>> lxc.network.flags = up
>>> lxc.network.link = br1
>>> #lxc.network.hwaddr = fe:41:31:7f:5c:d6
>>> lxc.network.veth.pair = admn101-1
>>> lxc.network.ipv4 = 10.2.3.101/16
>>> lxc.network.ipv4.gateway = 10.2.1.2
>>>
>>> lxc.network.type = veth
>>> lxc.network.flags = up
>>> lxc.network.link = br4
>>> #lxc.network.hwaddr = fe:41:31:7f:5c:d6
>>> lxc.network.veth.pair = admn101-4
>>> lxc.network.ipv4 = 10.5.3.101/16
>>>
>>> [root at lxc100 ~]$ brctl show
>>> bridge name	bridge id		STP   enabled	interfaces
>>> br1		8000.0024e85d25ea	no		      admn101-1
>>> 							                      em1
>>> 							                      mfs101-1
>>> br2		8000.0024e85d25ec	no		      em2
>>> 							                      mfs101-2
>>> br3		8000.0024e85d25ee	no		      em3
>>> 							                      mfs101-3
>>> br4		8000.0024e85d25f0	no		      admn101-4
>>> 							                      em4
>>> 							                      mfs101-4
>>> br5		8000.00151778923c	no		     admn101-5
>>> 							                     em5
>>>
>>>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users




More information about the lxc-users mailing list