[lxc-users] Networking

Saint Michael venefax at gmail.com
Tue Mar 24 11:22:02 UTC 2020 

That scheme in my case would not work. I have two interfaces inside the
container, and each one talks to a different network, for business reasons.
I use policy-based-routing to make sure that packets go to the right
places. I need that the container can hold a full configuration. In my
case, I use ifupdown, not netplan, since my containers are for an older
version of Debian.
It is "not right" that ipvlan does not work out-of-the-box like macvlan or
veth. Somebody has to fix it. I cannot use macvlan because Vmware only
allows multiple macs if the entire network is set in promiscuous mode, and
that kills performance. So basically the only workaround is ipvlan. As I
said, if you use type=phys and ipvlan inside the host, it works fine,
without altering the container.

On Tue, Mar 24, 2020 at 4:20 AM Fajar A. Nugraha <list at fajar.net> wrote:

> On Mon, Mar 23, 2020 at 11:48 PM Saint Michael <venefax at gmail.com> wrote:
> >
> > It is supported, there is no error, but there is no communication at all
> with the gateway. If you start the same exact network configuration in the
> container with the type=phys, it works fine, ergo, the issue is type=ipvlan.
>
> "exact network configuration" inside the container? I'm pretty sure it
> would fail.
>
> If you read what I wrote earlier:
> "
> set /etc/resolv.conf on the container manually, and disable network
> interface setup inside the container.
> "
>
> This works in my test (using lxc 3.2.1 from
> https://launchpad.net/~ubuntu-lxc/+archive/ubuntu/daily):
> # Network configuration
> lxc.net.0.name = eth0
> lxc.net.0.type = ipvlan
> lxc.net.0.ipvlan.mode = l3s
> lxc.net.0.l2proxy = 1
> lxc.net.0.link = eth0
> lxc.net.0.ipv4.gateway = dev
> lxc.net.0.ipv4.address = 10.0.3.222/32
> lxc.net.0.flags = up
>
>
> While inside the container, setup resolv.conf manually, and disable
> networking setup (e.g. removing everything under /etc/netplan/ on
> ubuntu should work).
>
> Common issue with macvlan/ipvlan of "container not being able to
> contact the host" would still apply.
>
> --
> Fajar
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20200324/c67b98d3/attachment.htm>

More information about the lxc-users mailing list