[lxc-users] Network instability with bridged nat and macvlan interfaces

Michel Jansens michel.jansens at ulb.ac.be
Fri Jun 15 14:30:03 UTC 2018 

Dear all,

This is a follow up on my network instability problem.
Last friday, I moved my containers on a second server (identical in all aspects) configured with bridged networking instead of macvlan.
Since then not one packet lost or refused.
It could be that our switches or router don’t react well to macvlan behaviour.
Next week, I’ll switch the containers back to the first server, with the bridged network stack. 

In case it can be of any use, I have included the netplan configuration (creates a vlan7br0 bridge on top of vlan n°7).

Cheers,

Michel



/etc/netplan/01-netcfg.yaml 
network:
  version: 2
  renderer: networkd
  ethernets:
    enp1s0f0: {} 
  bridges:
    vlan7br0:
      interfaces: [ vlan7 ]
      addresses: [ 10.24.0.2/24 ]
      gateway4: 10.24.0.1
      nameservers:
        addresses:
          - “10.24.1.5"
          - “10.24.1.6"
  vlans:
    vlan7:
      id: 7
      link: enp1s0f0




> On 6 Jun 2018, at 21:08, Michel Jansens <michel.jansens at ulb.ac.be> wrote:
> 
> Hi,
> 
> I’m running on Ubuntu18.04 LXC 3.0.0.
> 
> I’ve created 5 debian9 containers with default eth0 networking on NAT:
> 
> # lxc network show lxdbr0
> config:
>   ipv4.address: 10.1.1.1/24
>   ipv4.dhcp.ranges: 10.1.1.2-10.1.1.99
>   ipv4.nat: "true"
>   ipv6.address: fd42:6f79:c120:7701::1/64
>   ipv6.nat: "true"
> description: Natted network 0
> name: lxdbr0
> type: bridge
> 
> One of the containers (frontal) has an additional interface configured with:
> 
> # lxc network attach vlan7 frontal
> # lxc config show kspreprodfrontal
>> devices:
>   vlan7:
>     nictype: macvlan
>     parent: vlan7
>     type: nic
> 
> vlan7 is a flan with id: 7 configured in /etc/netplan/01-netcfg.yaml 
> ... 
> vlans:
>     vlan7:
>       id: 7
>       link: enp1s0f0
> 
> I’ve changed the frontal host internal networking so that eth1 comes first and default route is going through eth1. 
> Everything works internal and external…except from time to time, the frontal starts refusing connexions from the outside for a few seconds (up to 50).
> It looks like general networking because all ports suddenly stop working (connexion refused) 
> internally the frontal remains reachable
> I’m running haproxy on ports 80 and 443, but also tried running apache2 on port 8082. All ports go down at the same time.
> 
> I’ve now installed an Ubuntu (16.04) container and added the vlan7 network the same way.
> It worked fine…for about an hour and stopped working again, but for good.
> What is weird is that port 80 and 443 are refused but port 22 is working (maybe that’s the host ssh?).
> 
> 
> Any idea?
> 
> Thanks for any suggestion.
> 
> Cheers,
> 
> Michel
> 
> PS: Sorry for my previous post where I replied to another message and apparently messing with another thread... 
> 
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20180615/a59de5b4/attachment.html>

More information about the lxc-users mailing list