Re: [lxc-users] Networking

2020-03-24 Thread Fajar A. Nugraha 
On Mon, Mar 23, 2020 at 11:48 PM Saint Michael  wrote:
>
> It is supported, there is no error, but there is no communication at all with 
> the gateway. If you start the same exact network configuration in the 
> container with the type=phys, it works fine, ergo, the issue is type=ipvlan.

"exact network configuration" inside the container? I'm pretty sure it
would fail.

If you read what I wrote earlier:
"
set /etc/resolv.conf on the container manually, and disable network
interface setup inside the container.
"

This works in my test (using lxc 3.2.1 from
https://launchpad.net/~ubuntu-lxc/+archive/ubuntu/daily):
# Network configuration
lxc.net.0.name = eth0
lxc.net.0.type = ipvlan
lxc.net.0.ipvlan.mode = l3s
lxc.net.0.l2proxy = 1
lxc.net.0.link = eth0
lxc.net.0.ipv4.gateway = dev
lxc.net.0.ipv4.address = 10.0.3.222/32
lxc.net.0.flags = up


While inside the container, setup resolv.conf manually, and disable
networking setup (e.g. removing everything under /etc/netplan/ on
ubuntu should work).

Common issue with macvlan/ipvlan of "container not being able to
contact the host" would still apply.

-- 
Fajar
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Networking

2020-03-24 Thread Saint Michael 
That scheme in my case would not work. I have two interfaces inside the
container, and each one talks to a different network, for business reasons.
I use policy-based-routing to make sure that packets go to the right
places. I need that the container can hold a full configuration. In my
case, I use ifupdown, not netplan, since my containers are for an older
version of Debian.
It is "not right" that ipvlan does not work out-of-the-box like macvlan or
veth. Somebody has to fix it. I cannot use macvlan because Vmware only
allows multiple macs if the entire network is set in promiscuous mode, and
that kills performance. So basically the only workaround is ipvlan. As I
said, if you use type=phys and ipvlan inside the host, it works fine,
without altering the container.

On Tue, Mar 24, 2020 at 4:20 AM Fajar A. Nugraha  wrote:

> On Mon, Mar 23, 2020 at 11:48 PM Saint Michael  wrote:
> >
> > It is supported, there is no error, but there is no communication at all
> with the gateway. If you start the same exact network configuration in the
> container with the type=phys, it works fine, ergo, the issue is type=ipvlan.
>
> "exact network configuration" inside the container? I'm pretty sure it
> would fail.
>
> If you read what I wrote earlier:
> "
> set /etc/resolv.conf on the container manually, and disable network
> interface setup inside the container.
> "
>
> This works in my test (using lxc 3.2.1 from
> https://launchpad.net/~ubuntu-lxc/+archive/ubuntu/daily):
> # Network configuration
> lxc.net.0.name = eth0
> lxc.net.0.type = ipvlan
> lxc.net.0.ipvlan.mode = l3s
> lxc.net.0.l2proxy = 1
> lxc.net.0.link = eth0
> lxc.net.0.ipv4.gateway = dev
> lxc.net.0.ipv4.address = 10.0.3.222/32
> lxc.net.0.flags = up
>
>
> While inside the container, setup resolv.conf manually, and disable
> networking setup (e.g. removing everything under /etc/netplan/ on
> ubuntu should work).
>
> Common issue with macvlan/ipvlan of "container not being able to
> contact the host" would still apply.
>
> --
> Fajar
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Networking

2020-03-24 Thread Saint Michael 
The 6.7 solution from Vmware is very expensive in terms of licensing,
nobody is going to upgrade because of that. The 6.5 solution is useless
because the mac addresses never age, they accumulate. The real solution is
to use a kernel 5.X plus ipvlan, and I already know it works fine, no need
to set the whole network in promiscuous mode. It should be ideal if LXC
would make ipvlan work for real, meanwhile, just add many ipvlans
interfaces to the host, and export each one to a different container as
type=phys.

On Tue, Mar 24, 2020 at 8:20 AM Michael Honeyman 
wrote:

> I don't often write to this list so apologies as I'm probably messing up
> the thread somehow.
>
> Saint Michael wrote: "... Vmware only allows multiple macs if the entire
> network is set in promiscuous mode..."
>
> Not strictly LXC/LXD related, but VMware has implemented two solutions to
> this problem since 6.5. They first released the MAC-learning dVfilter fling
> which still requires promiscuous mode but removed the flooding behaviour
> (more like a filtered hub than a switch - not sure if this improves the
> performance problem).
>
> There is also the Learnswitch which requires a distributed virtual switch,
> but implements proper MAC flooding and learning, which removes the
> requirement for promiscuous mode. This allows the VM to have multiple MACs
> behind one NIC, just as you'd expect on a physical network. This fling was
> released as a standard feature in 6.7, but as it requires DVS it is
> unfortunately locked behind a license. I haven't seen if the MAC-learning
> dVfilter fling has been ported to vSphere 6.7 yet or not.
>
> Hope that helps,
> Michael.
>
> On Tue, 24 Mar 2020 at 23:00, 
> wrote:
>
>> Send lxc-users mailing list submissions to
>> lxc-users@lists.linuxcontainers.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>> or, via email, send a message with subject or body 'help' to
>> lxc-users-requ...@lists.linuxcontainers.org
>>
>> You can reach the person managing the list at
>> lxc-users-ow...@lists.linuxcontainers.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of lxc-users digest..."
>> Today's Topics:
>>
>>1. Re: Networking (Fajar A. Nugraha)
>>2. Re: Networking (Saint Michael)
>>3. Re: Networking (Serge E. Hallyn)
>>4. Re: Networking (Saint Michael)
>>5. Re: Networking (Fajar A. Nugraha)
>>6. Re: Networking (Saint Michael)
>>
>>
>>
>> -- Forwarded message --
>> From: "Fajar A. Nugraha" 
>> To: LXC users mailing-list 
>> Cc:
>> Bcc:
>> Date: Mon, 23 Mar 2020 19:26:18 +0700
>> Subject: Re: [lxc-users] Networking
>> On Fri, Mar 20, 2020 at 5:36 PM Saint Michael  wrote:
>> >
>> > I use plain LXC, not LXD. is  ipvlan supported?
>>
>> https://linuxcontainers.org/lxc/manpages//man5/lxc.container.conf.5.html
>>
>> --
>> Fajar
>>
>>
>>
>>
>> -- Forwarded message --
>> From: Saint Michael 
>> To: LXC users mailing-list 
>> Cc:
>> Bcc:
>> Date: Mon, 23 Mar 2020 09:15:57 -0400
>> Subject: Re: [lxc-users] Networking
>> As I said, type=ipvlan does not work on the latest version if LXC from
>> git. BUT there is a workaround: create as many ipvlan interfaces as you
>> need at the host level, which shall be used later as type="phys" networking
>> on containers. That works.
>>
>>
>>
>> On Mon, Mar 23, 2020 at 8:26 AM Fajar A. Nugraha  wrote:
>>
>>> On Fri, Mar 20, 2020 at 5:36 PM Saint Michael  wrote:
>>> >
>>> > I use plain LXC, not LXD. is  ipvlan supported?
>>>
>>> https://linuxcontainers.org/lxc/manpages//man5/lxc.container.conf.5.html
>>>
>>> --
>>> Fajar
>>> ___
>>> lxc-users mailing list
>>> lxc-users@lists.linuxcontainers.org
>>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>>
>>
>>
>>
>> -- Forwarded message --
>> From: "Serge E. Hallyn" 
>> To: LXC users mailing-list 
>> Cc:
>> Bcc:
>> Date: Mon, 23 Mar 2020 11:37:18 -0500
>> Subject: Re: [lxc-users] Networking
>> Hi,
>>
>> just to make sure i understand right - you mean it is not supported in
>> lxc-user-nic?  And never was, so not a regression?
>>
>> Or has something regressed?
>>
>> On Mon, Mar 23, 2020 at 09:15:57AM -0400, Saint Michael wrote:
>> > As I said, type=ipvlan does not work on the latest version if LXC from
>> git.
>> > BUT there is a workaround: create as many ipvlan interfaces as you need
>> at
>> > the host level, which shall be used later as type="phys" networking on
>> > containers. That works.
>> >
>> >
>> >
>> > On Mon, Mar 23, 2020 at 8:26 AM Fajar A. Nugraha 
>> wrote:
>> >
>> > > On Fri, Mar 20, 2020 at 5:36 PM Saint Michael 
>> wrote:
>> > > >
>> > > > I use plain LXC, not LXD. is  ipvlan supported?
>> > >
>> > >
>> https://linuxcontainers.org/lxc/manpages//man5/lxc.container.conf.5.html
>> > >
>> > > --
>> > > Fajar
>> > > ___