[lxc-users] Networking

Michael Honeyman michael at honeyman.net.au
Tue Mar 24 12:20:26 UTC 2020


I don't often write to this list so apologies as I'm probably messing up
the thread somehow.

Saint Michael wrote: "... Vmware only allows multiple macs if the entire
network is set in promiscuous mode..."

Not strictly LXC/LXD related, but VMware has implemented two solutions to
this problem since 6.5. They first released the MAC-learning dVfilter fling
which still requires promiscuous mode but removed the flooding behaviour
(more like a filtered hub than a switch - not sure if this improves the
performance problem).

There is also the Learnswitch which requires a distributed virtual switch,
but implements proper MAC flooding and learning, which removes the
requirement for promiscuous mode. This allows the VM to have multiple MACs
behind one NIC, just as you'd expect on a physical network. This fling was
released as a standard feature in 6.7, but as it requires DVS it is
unfortunately locked behind a license. I haven't seen if the MAC-learning
dVfilter fling has been ported to vSphere 6.7 yet or not.

Hope that helps,
Michael.

On Tue, 24 Mar 2020 at 23:00, <lxc-users-request at lists.linuxcontainers.org>
wrote:

> Send lxc-users mailing list submissions to
>         lxc-users at lists.linuxcontainers.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.linuxcontainers.org/listinfo/lxc-users
> or, via email, send a message with subject or body 'help' to
>         lxc-users-request at lists.linuxcontainers.org
>
> You can reach the person managing the list at
>         lxc-users-owner at lists.linuxcontainers.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of lxc-users digest..."
> Today's Topics:
>
>    1. Re: Networking (Fajar A. Nugraha)
>    2. Re: Networking (Saint Michael)
>    3. Re: Networking (Serge E. Hallyn)
>    4. Re: Networking (Saint Michael)
>    5. Re: Networking (Fajar A. Nugraha)
>    6. Re: Networking (Saint Michael)
>
>
>
> ---------- Forwarded message ----------
> From: "Fajar A. Nugraha" <list at fajar.net>
> To: LXC users mailing-list <lxc-users at lists.linuxcontainers.org>
> Cc:
> Bcc:
> Date: Mon, 23 Mar 2020 19:26:18 +0700
> Subject: Re: [lxc-users] Networking
> On Fri, Mar 20, 2020 at 5:36 PM Saint Michael <venefax at gmail.com> wrote:
> >
> > I use plain LXC, not LXD. is  ipvlan supported?
>
> https://linuxcontainers.org/lxc/manpages//man5/lxc.container.conf.5.html
>
> --
> Fajar
>
>
>
>
> ---------- Forwarded message ----------
> From: Saint Michael <venefax at gmail.com>
> To: LXC users mailing-list <lxc-users at lists.linuxcontainers.org>
> Cc:
> Bcc:
> Date: Mon, 23 Mar 2020 09:15:57 -0400
> Subject: Re: [lxc-users] Networking
> As I said, type=ipvlan does not work on the latest version if LXC from
> git. BUT there is a workaround: create as many ipvlan interfaces as you
> need at the host level, which shall be used later as type="phys" networking
> on containers. That works.
>
>
>
> On Mon, Mar 23, 2020 at 8:26 AM Fajar A. Nugraha <list at fajar.net> wrote:
>
>> On Fri, Mar 20, 2020 at 5:36 PM Saint Michael <venefax at gmail.com> wrote:
>> >
>> > I use plain LXC, not LXD. is  ipvlan supported?
>>
>> https://linuxcontainers.org/lxc/manpages//man5/lxc.container.conf.5.html
>>
>> --
>> Fajar
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>
>
>
> ---------- Forwarded message ----------
> From: "Serge E. Hallyn" <serge at hallyn.com>
> To: LXC users mailing-list <lxc-users at lists.linuxcontainers.org>
> Cc:
> Bcc:
> Date: Mon, 23 Mar 2020 11:37:18 -0500
> Subject: Re: [lxc-users] Networking
> Hi,
>
> just to make sure i understand right - you mean it is not supported in
> lxc-user-nic?  And never was, so not a regression?
>
> Or has something regressed?
>
> On Mon, Mar 23, 2020 at 09:15:57AM -0400, Saint Michael wrote:
> > As I said, type=ipvlan does not work on the latest version if LXC from
> git.
> > BUT there is a workaround: create as many ipvlan interfaces as you need
> at
> > the host level, which shall be used later as type="phys" networking on
> > containers. That works.
> >
> >
> >
> > On Mon, Mar 23, 2020 at 8:26 AM Fajar A. Nugraha <list at fajar.net> wrote:
> >
> > > On Fri, Mar 20, 2020 at 5:36 PM Saint Michael <venefax at gmail.com>
> wrote:
> > > >
> > > > I use plain LXC, not LXD. is  ipvlan supported?
> > >
> > >
> https://linuxcontainers.org/lxc/manpages//man5/lxc.container.conf.5.html
> > >
> > > --
> > > Fajar
> > > _______________________________________________
> > > lxc-users mailing list
> > > lxc-users at lists.linuxcontainers.org
> > > http://lists.linuxcontainers.org/listinfo/lxc-users
> > >
>
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
>
>
>
>
>
> ---------- Forwarded message ----------
> From: Saint Michael <venefax at gmail.com>
> To: LXC users mailing-list <lxc-users at lists.linuxcontainers.org>
> Cc:
> Bcc:
> Date: Mon, 23 Mar 2020 12:48:34 -0400
> Subject: Re: [lxc-users] Networking
> It is supported, there is no error, but there is no communication at all
> with the gateway. If you start the same exact network configuration in the
> container with the type=phys, it works fine, ergo, the issue is type=ipvlan.
>
>
> On Mon, Mar 23, 2020 at 12:37 PM Serge E. Hallyn <serge at hallyn.com> wrote:
>
>> Hi,
>>
>> just to make sure i understand right - you mean it is not supported in
>> lxc-user-nic?  And never was, so not a regression?
>>
>> Or has something regressed?
>>
>> On Mon, Mar 23, 2020 at 09:15:57AM -0400, Saint Michael wrote:
>> > As I said, type=ipvlan does not work on the latest version if LXC from
>> git.
>> > BUT there is a workaround: create as many ipvlan interfaces as you need
>> at
>> > the host level, which shall be used later as type="phys" networking on
>> > containers. That works.
>> >
>> >
>> >
>> > On Mon, Mar 23, 2020 at 8:26 AM Fajar A. Nugraha <list at fajar.net>
>> wrote:
>> >
>> > > On Fri, Mar 20, 2020 at 5:36 PM Saint Michael <venefax at gmail.com>
>> wrote:
>> > > >
>> > > > I use plain LXC, not LXD. is  ipvlan supported?
>> > >
>> > >
>> https://linuxcontainers.org/lxc/manpages//man5/lxc.container.conf.5.html
>> > >
>> > > --
>> > > Fajar
>> > > _______________________________________________
>> > > lxc-users mailing list
>> > > lxc-users at lists.linuxcontainers.org
>> > > http://lists.linuxcontainers.org/listinfo/lxc-users
>> > >
>>
>> > _______________________________________________
>> > lxc-users mailing list
>> > lxc-users at lists.linuxcontainers.org
>> > http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>
>
>
> ---------- Forwarded message ----------
> From: "Fajar A. Nugraha" <list at fajar.net>
> To: LXC users mailing-list <lxc-users at lists.linuxcontainers.org>
> Cc:
> Bcc:
> Date: Tue, 24 Mar 2020 15:19:57 +0700
> Subject: Re: [lxc-users] Networking
> On Mon, Mar 23, 2020 at 11:48 PM Saint Michael <venefax at gmail.com> wrote:
> >
> > It is supported, there is no error, but there is no communication at all
> with the gateway. If you start the same exact network configuration in the
> container with the type=phys, it works fine, ergo, the issue is type=ipvlan.
>
> "exact network configuration" inside the container? I'm pretty sure it
> would fail.
>
> If you read what I wrote earlier:
> "
> set /etc/resolv.conf on the container manually, and disable network
> interface setup inside the container.
> "
>
> This works in my test (using lxc 3.2.1 from
> https://launchpad.net/~ubuntu-lxc/+archive/ubuntu/daily):
> # Network configuration
> lxc.net.0.name = eth0
> lxc.net.0.type = ipvlan
> lxc.net.0.ipvlan.mode = l3s
> lxc.net.0.l2proxy = 1
> lxc.net.0.link = eth0
> lxc.net.0.ipv4.gateway = dev
> lxc.net.0.ipv4.address = 10.0.3.222/32
> lxc.net.0.flags = up
>
>
> While inside the container, setup resolv.conf manually, and disable
> networking setup (e.g. removing everything under /etc/netplan/ on
> ubuntu should work).
>
> Common issue with macvlan/ipvlan of "container not being able to
> contact the host" would still apply.
>
> --
> Fajar
>
>
>
>
> ---------- Forwarded message ----------
> From: Saint Michael <venefax at gmail.com>
> To: LXC users mailing-list <lxc-users at lists.linuxcontainers.org>
> Cc:
> Bcc:
> Date: Tue, 24 Mar 2020 07:22:02 -0400
> Subject: Re: [lxc-users] Networking
> That scheme in my case would not work. I have two interfaces inside the
> container, and each one talks to a different network, for business reasons.
> I use policy-based-routing to make sure that packets go to the right
> places. I need that the container can hold a full configuration. In my
> case, I use ifupdown, not netplan, since my containers are for an older
> version of Debian.
> It is "not right" that ipvlan does not work out-of-the-box like macvlan or
> veth. Somebody has to fix it. I cannot use macvlan because Vmware only
> allows multiple macs if the entire network is set in promiscuous mode, and
> that kills performance. So basically the only workaround is ipvlan. As I
> said, if you use type=phys and ipvlan inside the host, it works fine,
> without altering the container.
>
> On Tue, Mar 24, 2020 at 4:20 AM Fajar A. Nugraha <list at fajar.net> wrote:
>
>> On Mon, Mar 23, 2020 at 11:48 PM Saint Michael <venefax at gmail.com> wrote:
>> >
>> > It is supported, there is no error, but there is no communication at
>> all with the gateway. If you start the same exact network configuration in
>> the container with the type=phys, it works fine, ergo, the issue is
>> type=ipvlan.
>>
>> "exact network configuration" inside the container? I'm pretty sure it
>> would fail.
>>
>> If you read what I wrote earlier:
>> "
>> set /etc/resolv.conf on the container manually, and disable network
>> interface setup inside the container.
>> "
>>
>> This works in my test (using lxc 3.2.1 from
>> https://launchpad.net/~ubuntu-lxc/+archive/ubuntu/daily):
>> # Network configuration
>> lxc.net.0.name = eth0
>> lxc.net.0.type = ipvlan
>> lxc.net.0.ipvlan.mode = l3s
>> lxc.net.0.l2proxy = 1
>> lxc.net.0.link = eth0
>> lxc.net.0.ipv4.gateway = dev
>> lxc.net.0.ipv4.address = 10.0.3.222/32
>> lxc.net.0.flags = up
>>
>>
>> While inside the container, setup resolv.conf manually, and disable
>> networking setup (e.g. removing everything under /etc/netplan/ on
>> ubuntu should work).
>>
>> Common issue with macvlan/ipvlan of "container not being able to
>> contact the host" would still apply.
>>
>> --
>> Fajar
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20200324/58855ad0/attachment.htm>


More information about the lxc-users mailing list