[lxc-users] LXC networking stop working between containers and real network
alex barchiesi
alex.barchiesi at garr.it
Wed Jul 20 08:33:47 UTC 2016
Hi,
the OVS workaround seems good to me from 2 points of view:
-performance: 1 bridge less
-security: good vlan separation stays untouched (you could in principle
vlan-separate with appropriate tags)
I did not investegated the bridge default behaviour so I'd say it's more a
bug to me than a feature, but that's only my opinion.
A
On Wed, Jul 20, 2016 at 8:42 AM, <
lxc-users-request at lists.linuxcontainers.org> wrote:
>
> ---------- Forwarded message ----------
> From: Ruzsinszky Attila <ruzsinszky.attila at gmail.com>
> To: LXC users mailing-list <lxc-users at lists.linuxcontainers.org>
> Cc:
> Date: Wed, 20 Jul 2016 08:42:07 +0200
> Subject: Re: [lxc-users] LXC networking stop working between containers
> and real network
> Hi Alex,
>
> Thanks for your information!
>
> I'll test soon what you wrote.
> I did a workaround. I forgot the lxcbr0 bridge and my LXC containers were
> "connected" directly into my vbr0 in OVS. It was almost perfect without any
> scripting except I has to tagging those interface and I did it by hand
> (tag=myVLANid).
> It is working perfectly.
>
> Is that a bug or a feature with Ubuntu's bridge? Or kernel problem? Under
> Fedora 23 everything is working but I think more clear the direct connected
> containers than double bridge (lxcbr0 under vbr0). I think theoretically
> both of them have to work so I don't understand exactly why not.
>
> Here is my LXC container's config:
> # Network configuration
> lxc.network.type = veth
> lxc.network.flags = up
> #lxc.network.link = lxcbr0
> lxc.network.link = vbr0
> lxc.network.veth.pair=veth-lub4
> #lxc.network.hwaddr = 00:16:3e:9f:1f:b8
>
> OVS:
> Bridge "vbr0"
> Port "vbr0"
> Interface "vbr0"
> type: internal
> Port "mgmt0"
> tag: 999
> Interface "mgmt0"
> type: internal
> Port "veth-lub4"
> tag: 800
> Interface "veth-lub4"
> Port "gre0"
> Interface "gre0"
> type: gre
> options: {remote_ip="192.168.52.141"}
> Port "mgmtlxc0"
> tag: 800
> Interface "mgmtlxc0"
> type: internal
> Port "veth-lub5"
> tag: 800
> Interface "veth-lub5"
> Port "veth-lub6"
> tag: 800
> Interface "veth-lub6"
> ovs_version: "2.0.2"
>
> On Fedora 23 the normal config:
> # Network configuration
> lxc.network.type = veth
> lxc.network.flags = up
> lxc.network.link = lxcbr0
> lxc.network.hwaddr = 00:16:3e:9f:1f:b8
>
> Bridge "vbr0"
> Port "lxcbr0"
> tag: 800
> Interface "lxcbr0"
> Port "mgmtlxc0"
> tag: 800
> Interface "mgmtlxc0"
> type: internal
> Port "vsar2_111"
> tag: 100
> Interface "vsar2_111"
> Port "vlan10"
> tag: 10
> Interface "vlan10"
> type: internal
> Port "vsar2_a1"
> tag: 999
> Interface "vsar2_a1"
> Port "mgmt0"
> tag: 999
> Interface "mgmt0"
> type: internal
> Port "vsar3_111"
> tag: 100
> Interface "vsar3_111"
> Port "vbr0"
> Interface "vbr0"
> type: internal
> Port "vsar3_a1"
> tag: 999
> Interface "vsar3_a1"
> Port "gre0"
> Interface "gre0"
> type: gre
> options: {remote_ip="192.168.52.141"}
> Port "vx0"
> Interface "vx0"
> type: vxlan
> options: {remote_ip="192.168.52.141"}
>
> TIA,
> Ruzsi
>
> _______________________________________________
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160720/ff0500d2/attachment.html>
More information about the lxc-users
mailing list