[lxc-devel] netns: Issues with deleting virtual interfaces during namespace cleanup

[Ward, David - 0663 - MITLL]

A patch was applied to the kernel in November 2008 that deletes virtual network interfaces when network namespaces are cleaned up (d0c082cea6dfb9b674b4f6e1e84025662dbd24e8). A discussion about this patch took place on the OpenVZ list (https://lists.linux-foundation.org/pipermail/containers/2008-October/013460.html), where Daniel Lezcano wrote:

/  After discussing with Benjamin, this patch means an user can no longer

/>/  manage a pool of virtual devices because they will be automatically
/>/  destroyed when the namespace exits. I don't think it is a big concern,
/>/  but just in case I am asking :)
/


I currently have two use cases where this behavior is not desirable:

  1. I use a veth pair device to connect two containers together (as
     opposed to connecting a container to the host).  To do this, I
     create the veth pair device manually in the host with iproute2
     ("ip link add type veth").  Then when I start each container, it
     pulls in one of the interfaces of the veth pair device with
     "lxc.network.type = phys".  When I stop one of the containers, its
     interface to the veth pair device is deleted instead of moved back
     to the host, so I can not just start the stopped container again
     and re-establish the same link.
  2. I start a process in the host that creates a TUN/TAP interface,
     such as a VPN client.  I pull the TUN/TAP interface into the
     container with "lxc.network.type = phys".  When the container
     exits, the TUN/TAP interface is deleted because it is a virtual
     interface, while the VPN client process continues to run in the
     host.  Again I can not just start the container again with the
     same connection; I have to restart the VPN client.






David

P.S. should I send this message to the netdev list instead?

It makes sense that virtual network interfaces that get created inside a container should be deleted when the container exits. However, I feel that network interfaces from the host that get assigned to the container should be returned to the host when the container exits, whether they are physical or virtual. Can the kernel distinguish between network interfaces that were created inside the namespace, and network interfaces that were moved there?

smime.p7s
Description: S/MIME Cryptographic Signature

------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in 
Real-Time with Splunk. Collect, index and harness all the fast moving IT data 
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business 
insights. http://p.sf.net/sfu/splunk-dev2dev 
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel