[lxc-users] Networking
Saint Michael
venefax at gmail.com
Wed Mar 25 13:59:34 UTC 2020
I use L2. Can somebody clarify what advantage/disadvantage is there for
L2,L3,L3S?
I need also to be able to use DHCP inside the container. In a first boot I
get an IP from DHCP, and set the interface down and turn that IP into
static.
Any way, ipvlan should work as simply as the other network options.
Another question for the networking gurus, how do you represent this
configuration with netplan?
-------------------
auto lo eth0 eth1
iface lo inet loopback
allow-hotplug eth0 eth1
iface eth0 inet dhcp
iface eth1 inet static
address X.XX.X.215
netmask 255.255.255.0
mtu 1500
post-up echo "Setting up $IFACE"
post-up ip route replace default via X.XX.X .1 dev $IFACE
post-up ip rule add from X.XX.X.215 table $IFACE
post-up ip route replace default via X.XX.X .1 dev $IFACE table
$IFACE
post-up ip rule add iif $IFACE table $IFACE
post-up ip route replace default via 192.168.88.1 dev eth0
post-up ip route show table $IFACE
given
/etc/iproute2/rt_tables
1 eth0
2 eth1
The purpose is to send to eth1 only packets going X.XX.X.0, which is a
public IPs network, and anything else via eth0 192.168.88.1.
I tried to figure this scheme out with Netplan and I cannot see the light.
On Wed, Mar 25, 2020, 5:31 AM Fajar A. Nugraha <list at fajar.net> wrote:
> On Tue, Mar 24, 2020 at 6:22 PM Saint Michael <venefax at gmail.com> wrote:
> >
> > That scheme in my case would not work. I have two interfaces inside the
> container, and each one talks to a different network, for business reasons.
> I use policy-based-routing to make sure that packets go to the right
> places. I need that the container can hold a full configuration. In my
> case, I use ifupdown, not netplan, since my containers are for an older
> version of Debian.
> > It is "not right" that ipvlan does not work out-of-the-box like macvlan
> or veth. Somebody has to fix it. I cannot use macvlan because Vmware only
> allows multiple macs if the entire network is set in promiscuous mode, and
> that kills performance. So basically the only workaround is ipvlan. As I
> said, if you use type=phys and ipvlan inside the host, it works fine,
> without altering the container.
>
>
> Apparently this also works, as long as you have the same ip in
> container config and inside the container
>
> Container config:
> # Network configuration
> lxc.net.0.name = eth0
> lxc.net.0.type = ipvlan
> lxc.net.0.ipvlan.mode = l3s
> lxc.net.0.l2proxy = 1
> lxc.net.0.link = eth0
> lxc.net.0.ipv4.address = 10.0.3.222
>
> inside the container -> normal networking config (e.g.
> /etc/netplan/10-lxc.yaml)
> network:
> version: 2
> ethernets:
> eth0:
> dhcp4: no
> addresses: [10.0.3.222/24]
> gateway4: 10.0.3.1
> nameservers:
> addresses: [10.0.3.1]
>
> --
> Fajar
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20200325/1e703e88/attachment.htm>
More information about the lxc-users
mailing list