On Sun, Oct 24, 2010 at 3:07 PM, Daniel Lezcano <dlezc...@fr.ibm.com> wrote: > On 10/23/2010 12:48 AM, Nirmal Guhan wrote: >> >> On Tue, Oct 19, 2010 at 3:58 PM, Serge E. Hallyn >> <serge.hal...@canonical.com> wrote: >>> >>> Quoting Nirmal Guhan (vavat...@gmail.com): >>>> >>>> On Tue, Oct 19, 2010 at 3:03 PM, Serge E. Hallyn >>>> <serge.hal...@canonical.com> wrote: >>>>> >>>>> Quoting Serge E. Hallyn (serge.hal...@canonical.com): >>>>>> >>>>>> Quoting Nirmal Guhan (vavat...@gmail.com): >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I have a requirement to create two virtual interfaces (eth0, eth1) in >>>>>>> a linux container and separate traffic between the two based on ip >>>>>>> route. Basically eth0 (or eth1) should be used for external world and >>>>>>> eth1 for communication terminating at host. How do I go about doing >>>>>>> this? >>>>>>> >>>>>>> I created two interfaces in the config and can see both of them in >>>>>>> the >>>>>>> container. >>>>>>> >>>>>>> lxc.network.type = veth >>>>>>> lxc.network.link = br0 >>>>>>> lxc.network.ipv4 = 128.107.159.183/22 >>>>>>> lxc.network.name = eth0 >>>>>>> lxc.network.flags = up >>>>>>> lxc.network.mtu = 1500 >>>>>>> lxc.network.type = veth >>>>>>> lxc.network.link = br0 >>>>>> >>>>>> If you want eth1 to be connected internally only, then shouldn't >>>>>> you create a bridge br1, and use that here? Don't connect br1 >>>>>> to the physical nic, and you'll have your host-only bridge. >>>> >>>> Ok. This is what I did. >>>> #brctl addbr br1 >>>> >>>> Modified above config to lxc.network.link=br1 for eth1 and removed >>>> eth0 so there is only one i/f. Since br1 is not attached to nic, how >>>> do I now test host<->guest communication.Obviously I can't reach eth0 >>>> ip from lxc. >>> >>> Easiest and most telling wrt whether your setup will work, would be >>> to create a second container the same way, and try to ping or >>> nc to each other. >>> >>> -serge >>> >> Thanks. Pinging between containers work. Going back to my original >> query, I need a tap interface as well in the bridge so it is actually >> tap<->bridge<->veth on container . So I created a tap 'gtap' interface >> in the host and added it to br1. Assinged IP to gtap and tried to ping >> from the container but that does not work. Here are some add'l info : >> >> 26: gtap:<BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc >> pfifo_fast state UNKNOWN qlen 500 >> link/ether fa:ad:bb:c0:d4:4c brd ff:ff:ff:ff:ff:ff >> inet 192.168.1.15/24 brd 192.168.1.255 scope global gtap >> inet6 fe80::f8ad:bbff:fec0:d44c/64 scope link >> valid_lft forever preferred_lft forever >> 27: br1:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state >> UNKNOWN >> link/ether 92:e1:7e:95:4d:bc brd ff:ff:ff:ff:ff:ff >> inet6 fe80::f8ad:bbff:fec0:d44c/64 scope link >> valid_lft forever preferred_lft forever >> >> [128:~]$ brctl show >> bridge name bridge id STP enabled interfaces >> br1 8000.92e17e954dbc no gtap >> veths4EgPK >> >> $ ip route show >> 192.168.1.0/24 dev gtap proto kernel scope link src 192.168.1.15 >> $sbin/arp >> Address HWtype HWaddress Flags Mask >> Iface >> 192.168.1.10 (incomplete) >> gtap >> >>> From container: >> >> $ip route show >> 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10 >> $ /sbin/arp >> Address HWtype HWaddress Flags Mask >> Iface >> 192.168.1.15 (incomplete) >> eth1 >> >> Do I assign IP address to br1 instead of gtap? > > Yep, IP addresses must go to the bridge. No IP should be assigned to a > interface attached to the bridge. > > -- Daniel > How does it work when I have eth0 in lxc attached to br0? I still assign IP to eth0 in this case as part of lxc config. Is this a special case where IP is required for interface attached to the bridge? -Nirmal
------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
