[lxc-users] Remaining virtual ethernet interfaces (veth) after container has been deleted

Fri Mar 27 06:57:14 UTC 2020

On 26/03/2020 16.14, Sebert, Holger.ext wrote:
> Hi,
> 
> we use LXD containers on our CI-build nodes. For each build a container is
> created and deleted afterwards. So, container creation and deletion happens
> quite often.
> 
> Here is the problem: After some time, many virtual ethernet interfaces (veth*)
> accumulate, they look like this:
>
> [...]
>
> These interfaces are not connected to any running container and cannot be
> removed. It seems to me that they are somehow leftovers from previous
> containers which don't exist anymore.

Dear Holger, Mike and others,

the veth interface might be also "hold" by a dangling connection, e.g. if you had have an incomming connection to a deamon/service in the container and the container and/or service wasn't shut down gracefully. Then, the TCP connection may linger for the TCP closedown period of (default) up to 6min.

In addition to Mike's proposal to use a fixed name and to "down" and "delete" the interface(s), I suggest to *rename" it also to "free" the name at shutdown. Here a snipped from my central lxc admin (wrapper) script

	IF_AWAY() { # $1: container 
	  local CONTAINER=$1; shift
	  local DEVS="$(cd /sys/class/net && ls ${CONTAINER}* -1d 2>/dev/null)" # $CONTAINER, $CONTAINER-1
	  for DEV in $DEVS; do
	    DEV_AWAY="away.$RANDOM"	# $RANDOM is a bash-buildin !
	    ip link set dev $DEV down >/dev/null 2>&1 && LOG "veth \"$DEV\" forced down"
	    ip link set dev $DEV name $DEV_AWAY >/dev/null 2>&1 && LOG "veth \"$DEV\" renamed to \"$DEV_AWAY\""
	  done
	}

greetings

Guido