Re: [lxc-users] LXC containers w/ static IPs work on some hosts, not on others

[Marat Khalili]

Hello,

I use lxc (not lxd!) with static IP addresses. Here's my config (Ubuntu 
16.04):

/etc/network/interfaces:

auto br1
iface br1 inet static
    bridge_ports eno1
    bridge_fd 0
    address 10... # host ip configuration follows
/etc/lxc/default.conf:
lxc.network.type = veth
lxc.network.link = br1
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
/var/lib/lxc/test/rootfs/etc/network/interfaces:
auto eth0
iface eth0 inet static
    address 10... #container ip configuration follows

You seem to use macvlan. It is explicitly designed to prevent containers 
from talking to each other (they can only talk via external router), and 
it complicates things, e.g. requires router support (which might be a 
problem in your case). Unless you specifically need this feature you may 
have better results (and performance) with bridge like above.

Unfortunately, many places on the web teach people to configure macvlan 
with containers without really explaining why.

--

With Best Regards,
Marat Khalili
 

On 20/10/16 20:33, Michael Peek wrote:
Hi gurus,

I'm scratching my head again.  I'm using the following commands to 
create an LXC container with a static IP address:

    # lxc-create -n my-container-1 -t download -- -d ubuntu -r xenial
    -a amd64

    # vi /var/lib/lxc/my-container-1/config

    Change:
    # Network configuration
    # lxc.network.type = veth
    # lxc.network.link = lxcbr0
    # lxc.network.flags = up
    # lxc.network.hwaddr = 00:16:3e:0d:ec:13
    lxc.network.type = macvlan
    lxc.network.link = eno1

    # vi /var/lib/lxc/my-container-1/rootfs/etc/network/interfaces

    Change:
    #iface eth0 inet dhcp
    iface eth0 inet static
      address xxx.xxx.xxx.4
      netmask 255.255.255.0
      network xxx.xxx.xxx.0
      broadcast xxx.xxx.xxx.255
      gateway xxx.xxx.xxx.1
      dns-nameservers xxx.xxx.0.66 xxx.xxx.128.66 8.8.8.8
      dns-search my.domain

    # lxc-start -n my-container-1 -d


It failed to work.  I reviewed my notes from past posts to the list 
but found no discrepancies.  So I deleted the container and tried it 
on another host -- and it worked.  Next I deleted that container and 
went back to the first host, and it failed.  Lastly, I tried the above 
steps on multiple hosts and found that it works fine on some hosts, 
but not on others, and I have no idea why.  On hosts where this fails 
there are no error messages, but the container can't access the 
network, and nothing on the network can access the container.

Is there some step that I'm missing?

Thanks for any help,

Michael Peek


_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users