[lxc-users] Remaining virtual ethernet interfaces (veth) after container has been deleted

Sebert, Holger.ext Holger.Sebert.ext at karlstorz.com
Mon Mar 30 12:45:30 UTC 2020 

Hi all,

Thank you all for your help so far! :)

I'll try renaming the vethXXXX-interfaces to something more intelligible
and remove them in my container-deletion-script.

Best,
Holger

________________________________________
Von: Guido Jäkel <G.Jaekel at DNB.DE>
Gesendet: Freitag, 27. März 2020 07:57:14
An: LXC users mailing-list; Sebert, Holger.ext
Betreff: Re: [lxc-users] Remaining virtual ethernet interfaces (veth) after container has been deleted

On 26/03/2020 16.14, Sebert, Holger.ext wrote:
> Hi,
>
> we use LXD containers on our CI-build nodes. For each build a container is
> created and deleted afterwards. So, container creation and deletion happens
> quite often.
>
> Here is the problem: After some time, many virtual ethernet interfaces (veth*)
> accumulate, they look like this:
>
> [...]
>
> These interfaces are not connected to any running container and cannot be
> removed. It seems to me that they are somehow leftovers from previous
> containers which don't exist anymore.


Dear Holger, Mike and others,

the veth interface might be also "hold" by a dangling connection, e.g. if you had have an incomming connection to a deamon/service in the container and the container and/or service wasn't shut down gracefully. Then, the TCP connection may linger for the TCP closedown period of (default) up to 6min.

In addition to Mike's proposal to use a fixed name and to "down" and "delete" the interface(s), I suggest to *rename" it also to "free" the name at shutdown. Here a snipped from my central lxc admin (wrapper) script

        IF_AWAY() { # $1: container
          local CONTAINER=$1; shift
          local DEVS="$(cd /sys/class/net && ls ${CONTAINER}* -1d 2>/dev/null)" # $CONTAINER, $CONTAINER-1
          for DEV in $DEVS; do
            DEV_AWAY="away.$RANDOM"     # $RANDOM is a bash-buildin !
            ip link set dev $DEV down >/dev/null 2>&1 && LOG "veth \"$DEV\" forced down"
            ip link set dev $DEV name $DEV_AWAY >/dev/null 2>&1 && LOG "veth \"$DEV\" renamed to \"$DEV_AWAY\""
          done
        }


greetings

Guido

More information about the lxc-users mailing list