[lxc-users] LXD 3.0 macvlan networking

Janjaap Bos janjaapbos at gmail.com
Sat May 5 07:43:48 UTC 2018 

To be able to ping a container macvlan interface, you need to have a
macvlan interface configured on the host.

Such as:

    modprobe dummy
    ip link set name dummy-mv dev dummy0
    ip link set dev dummy-mv up
    ip link add link dummy-mv mv-lxd type macvlan mode bridge
    ip address add 192.168.4.1/24 dev mv-lxd
    ip link set dev mv-lxd up

2018-05-05 5:18 GMT+02:00 Mark Constable <markc at renta.net>:

> Has something changed re networking with LXD 3.0 such that when
> using a macvlan that the host CAN ping a container?
>
> According to what I previously understood, and supported by this
> comment..
>
> https://github.com/lxc/lxd/issues/3871#issuecomment-333124249
>
> and the main reason I hadn't bothered even trying out a macvlan
> is because I need access to my local hosted containers and it
> "just works" with a normal bridge. However, now when I finally
> get around to testing macvlan I find I can immediately ping a
> new macvlan based containers IP.
>
> Has something changed recently regarding this macvlan restriction?
>
> ~ apt install lxd
>
> ~ lxc profile copy default macvlan (which has no eth0 device yet)
>
> ~ ip r (to get my hosts eth0 device)
>
> ~ lxc profile device add macvlan eth0 nic nictype=macvlan parent=enp4s0f1
> name=eth0
>
> ~ lxc launch images:ubuntu/bionic macvlantest -p macvlan
>
> ~ lxc list --format csv
> macvlantest,RUNNING,192.168.0.206 (eth0),"fdcc:3922:7dfd::6b7 (eth0)
> fdcc:3922:7dfd:0:216:3eff:fe11:9335 (eth0)",PERSISTENT,0
>
> ~ ping -c1 192.168.0.206
> PING 192.168.0.206 (192.168.0.206) 56(84) bytes of data.
> 64 bytes from 192.168.0.206: icmp_seq=1 ttl=64 time=1.98 ms
>
>
> OIC, from inside the macvlantest container I can't ping the host.
>
> But still, from this comment I would tend to assume I should not
> be able to ping the container from the host either...
>
> "@stgraber An even easier alternative to this would be using macvlan as it
> won't require any bridging at all, but it does come with the annoying
> caveat that the host will not be able to communicate with the containers."
>
> Would anyone care to clarify this macvlan limitation please?
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20180505/14d3cf2c/attachment.html>

More information about the lxc-users mailing list