On 10/23/2010 12:48 AM, Nirmal Guhan wrote:
> On Tue, Oct 19, 2010 at 3:58 PM, Serge E. Hallyn
> <serge.hal...@canonical.com> wrote:
>> Quoting Nirmal Guhan (vavat...@gmail.com):
>>> On Tue, Oct 19, 2010 at 3:03 PM, Serge E. Hallyn
>>> <serge.hal...@canonical.com> wrote:
>>>> Quoting Serge E. Hallyn (serge.hal...@canonical.com):
>>>>> Quoting Nirmal Guhan (vavat...@gmail.com):
>>>>>> Hi,
>>>>>>
>>>>>> I have a requirement to create two virtual interfaces (eth0, eth1) in
>>>>>> a linux container and separate traffic between the two based on ip
>>>>>> route. Basically eth0 (or eth1) should be used for external world and
>>>>>> eth1 for communication terminating at host. How do I go about doing
>>>>>> this?
>>>>>>
>>>>>> I created two interfaces in the config and can see both of them in the
>>>>>> container.
>>>>>>
>>>>>> lxc.network.type = veth
>>>>>> lxc.network.link = br0
>>>>>> lxc.network.ipv4 = 128.107.159.183/22
>>>>>> lxc.network.name = eth0
>>>>>> lxc.network.flags = up
>>>>>> lxc.network.mtu = 1500
>>>>>> lxc.network.type = veth
>>>>>> lxc.network.link = br0
>>>>>
>>>>> If you want eth1 to be connected internally only, then shouldn't
>>>>> you create a bridge br1, and use that here? Don't connect br1
>>>>> to the physical nic, and you'll have your host-only bridge.
>>>
>>> Ok. This is what I did.
>>> #brctl addbr br1
>>>
>>> Modified above config to lxc.network.link=br1 for eth1 and removed
>>> eth0 so there is only one i/f. Since br1 is not attached to nic, how
>>> do I now test host<->guest communication.Obviously I can't reach eth0
>>> ip from lxc.
>>
>> Easiest and most telling wrt whether your setup will work, would be
>> to create a second container the same way, and try to ping or
>> nc to each other.
>>
>> -serge
>>
> Thanks. Pinging between containers work. Going back to my original
> query, I need a tap interface as well in the bridge so it is actually
> tap<->bridge<->veth on container . So I created a tap 'gtap' interface
> in the host and added it to br1. Assinged IP to gtap and tried to ping
> from the container but that does not work. Here are some add'l info :
>
> 26: gtap:<BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast state UNKNOWN qlen 500
> link/ether fa:ad:bb:c0:d4:4c brd ff:ff:ff:ff:ff:ff
> inet 192.168.1.15/24 brd 192.168.1.255 scope global gtap
> inet6 fe80::f8ad:bbff:fec0:d44c/64 scope link
> valid_lft forever preferred_lft forever
> 27: br1:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
> UNKNOWN
> link/ether 92:e1:7e:95:4d:bc brd ff:ff:ff:ff:ff:ff
> inet6 fe80::f8ad:bbff:fec0:d44c/64 scope link
> valid_lft forever preferred_lft forever
>
> [128:~]$ brctl show
> bridge name bridge id STP enabled interfaces
> br1 8000.92e17e954dbc no gtap
> veths4EgPK
>
> $ ip route show
> 192.168.1.0/24 dev gtap proto kernel scope link src 192.168.1.15
> $sbin/arp
> Address HWtype HWaddress Flags Mask
> Iface
> 192.168.1.10 (incomplete)
> gtap
>
>> From container:
> $ip route show
> 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10
> $ /sbin/arp
> Address HWtype HWaddress Flags Mask
> Iface
> 192.168.1.15 (incomplete)
> eth1
>
> Do I assign IP address to br1 instead of gtap?
Yep, IP addresses must go to the bridge. No IP should be assigned to a
interface attached to the bridge.
-- Daniel
------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
