Re: [lxc-users] LXC 2.16 - vxlan. migrated from to

2017-09-26 Thread Stéphane Graber 
Things look fine. I'm not sure why the kernel would still be looking at
eth0 when you specifically told it to setup the tunnel on eth1...

I wonder if adding a static route for the multicast address to go to
eth1 would fix that somehow.


On Tue, Sep 26, 2017 at 12:48:01PM -0400, Ron Kelley wrote:
> Looks like I mistakenly said unicast.  In fact, we are using multicast group 
> IP (239.0.0.1) to setup our VXLAN interfaces (please see below).  Also, in 
> the example below, 10.250.1.21 is bound the eth0 (our management interface) 
> and 172.18.22.21 is bound to eth1 (VXLAN interface).  We have 8 servers 
> running thus far, and just increment the last octet to identify the server 
> (i.e.: .21=server-01, .22=server-02, etc).
> 
> Some more detailed information:
> 
> # --
> # The following script is run at boot time to setup VxLAN interfaces
> # /usr/local/bin/setup_vxlans.sh 
> # --
> #!/bin/bash
> 
> # Script to configure VxLAN networks
> ACTION="$1"
> 
> [ $ACTION == "up"   ]   && ip -4 route add 239.0.0.1 dev eth1
> [ $ACTION == "down"   ] && ip -4 route del 239.0.0.1 dev eth1
> 
> for i in {1101..1130}
> do
>[ $ACTION == "up"   ]  && ip link add vxlan.${i} type vxlan group 
> 239.0.0.1 dev eth1 dstport 0 id ${i} && ip link set vxlan.${i} up
>[ $ACTION == "down" ]  && ip link set vxlan.${i} down && ip link del 
> vxlan.${i}
> done
> # --
> 
> 
> 
> # --
> # The /etc/network/interfaces file:
> # --
> source /etc/network/interfaces.d/*
> 
> # The loopback network interface
> auto lo
> iface lo inet loopback
> 
> # The primary network interface
> auto eth0
> iface eth0 inet static
>   address 10.250.1.21
>   netmask 255.255.255.0
>   broadcast 10.251.1.255
>   gateway 10.251.1.1
>   dns-nameservers 8.8.8.8 4.2.2.2
> auto eth1
> iface eth1 inet static
>   address 172.17.22.21
>   netmask 255.255.255.0
> # --
> 
> 
> # --
> # Output from “lxc profile show ” snippet
> # --
> ...
>   limits.cpu: "2"
>   limits.memory: 2000MB
>   limits.memory.swap: “true"
> ...
> devices:
>   eth0:
> name: eth0
> nictype: macvlan
> parent: vxlan.1105
> type: nic
> ...
> # --
> 
> 
> Anything seem wrong or out of place?
> 
> Thanks,
> 
> -Ron
> 
> 
> 
> 
> > On Sep 26, 2017, at 10:59 AM, Stéphane Graber  wrote:
> > 
> > Hi,
> > 
> > Ok, so you're doing your own VXLAN youtside of LXD and then connecting
> > containers directly to it.
> > 
> > The kernel error is very odd for unicast vxlan... there's really no
> > reason for it to ever use the other interface...
> > 
> > So I'm assuming the 10.250.1.21 IP is on eth0 and 172.18.22.21 on eth1
> > (or the reverse)? that is, you don't have both subnets on eth1.
> > 
> > On Tue, Sep 26, 2017 at 09:52:37AM -0400, Ron Kelley wrote:
> >> Thanks Stephane.
> >> 
> >> Here is a “lxc network list” on the hosts:
> >> 
> >> rkelley@LXD-QA-Server-04:~$ lxc network list
> >> ++--+-+-+-+
> >> |  NAME  |   TYPE   | MANAGED | DESCRIPTION | USED BY |
> >> ++--+-+-+-+
> >> | eth0   | physical | NO  | | 0   |
> >> ++--+-+-+-+
> >> | eth1   | physical | NO  | | 2   |
> >> ++--+-+-+-+
> >> | virbr0 | bridge   | NO  | | 0   |
> >> ++--+-+-++
> >> 
> >> 
> >> Also, we are using vxlan in unicast mode via eth1.  Each LXD server has a 
> >> unicast IP address on eth1 that lives in a separate VLAN from eth0 on the 
> >> directly connected network switch.  If both eth0 and eth1 were in the same 
> >> VLAN, I could possible an issue.  Once a container is spun it, it is 
> >> attached to a VXLAN interface off eth1 (i.e.: vxlan.1115)
> >> 
> >> Thus, I am scratching my head..
> >> 
> >> -Ron
> >> 
> >> 
> >>> On Sep 26, 2017, at 9:02 AM, Stéphane Graber  wrote:
> >>> 
> >>> On Sun, Sep 24, 2017 at 03:27:27PM -0400, Ron Kelley wrote:
>  Greetings all,
>  
>  Trying to isolate a condition whereby a container providing firewall 
>  services seems to stop processing traffic for a short time.  We keep 
>  getting the below information in /var/log/syslog of the server running 
>  the firewall.  The IP addresses shown match the network interfaces of 
>  the remote LXD server running the web server.  These IPs are for the 
>  server itself, and not the container IP
>  
>  Sep 24 15:10:25

Re: [lxc-users] LXC 2.16 - vxlan. migrated from to

2017-09-26 Thread Ron Kelley 
Looks like I mistakenly said unicast.  In fact, we are using multicast group IP 
(239.0.0.1) to setup our VXLAN interfaces (please see below).  Also, in the 
example below, 10.250.1.21 is bound the eth0 (our management interface) and 
172.18.22.21 is bound to eth1 (VXLAN interface).  We have 8 servers running 
thus far, and just increment the last octet to identify the server (i.e.: 
.21=server-01, .22=server-02, etc).

Some more detailed information:

# --
# The following script is run at boot time to setup VxLAN interfaces
# /usr/local/bin/setup_vxlans.sh 
# --
#!/bin/bash

# Script to configure VxLAN networks
ACTION="$1"

[ $ACTION == "up"   ]   && ip -4 route add 239.0.0.1 dev eth1
[ $ACTION == "down"   ] && ip -4 route del 239.0.0.1 dev eth1

for i in {1101..1130}
do
   [ $ACTION == "up"   ]  && ip link add vxlan.${i} type vxlan group 239.0.0.1 
dev eth1 dstport 0 id ${i} && ip link set vxlan.${i} up
   [ $ACTION == "down" ]  && ip link set vxlan.${i} down && ip link del 
vxlan.${i}
done
# --



# --
# The /etc/network/interfaces file:
# --
source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 10.250.1.21
netmask 255.255.255.0
broadcast 10.251.1.255
gateway 10.251.1.1
dns-nameservers 8.8.8.8 4.2.2.2
auto eth1
iface eth1 inet static
  address 172.17.22.21
  netmask 255.255.255.0
# --


# --
# Output from “lxc profile show ” snippet
# --
...
  limits.cpu: "2"
  limits.memory: 2000MB
  limits.memory.swap: “true"
...
devices:
  eth0:
name: eth0
nictype: macvlan
parent: vxlan.1105
type: nic
...
# --


Anything seem wrong or out of place?

Thanks,

-Ron




> On Sep 26, 2017, at 10:59 AM, Stéphane Graber  wrote:
> 
> Hi,
> 
> Ok, so you're doing your own VXLAN youtside of LXD and then connecting
> containers directly to it.
> 
> The kernel error is very odd for unicast vxlan... there's really no
> reason for it to ever use the other interface...
> 
> So I'm assuming the 10.250.1.21 IP is on eth0 and 172.18.22.21 on eth1
> (or the reverse)? that is, you don't have both subnets on eth1.
> 
> On Tue, Sep 26, 2017 at 09:52:37AM -0400, Ron Kelley wrote:
>> Thanks Stephane.
>> 
>> Here is a “lxc network list” on the hosts:
>> 
>> rkelley@LXD-QA-Server-04:~$ lxc network list
>> ++--+-+-+-+
>> |  NAME  |   TYPE   | MANAGED | DESCRIPTION | USED BY |
>> ++--+-+-+-+
>> | eth0   | physical | NO  | | 0   |
>> ++--+-+-+-+
>> | eth1   | physical | NO  | | 2   |
>> ++--+-+-+-+
>> | virbr0 | bridge   | NO  | | 0   |
>> ++--+-+-++
>> 
>> 
>> Also, we are using vxlan in unicast mode via eth1.  Each LXD server has a 
>> unicast IP address on eth1 that lives in a separate VLAN from eth0 on the 
>> directly connected network switch.  If both eth0 and eth1 were in the same 
>> VLAN, I could possible an issue.  Once a container is spun it, it is 
>> attached to a VXLAN interface off eth1 (i.e.: vxlan.1115)
>> 
>> Thus, I am scratching my head..
>> 
>> -Ron
>> 
>> 
>>> On Sep 26, 2017, at 9:02 AM, Stéphane Graber  wrote:
>>> 
>>> On Sun, Sep 24, 2017 at 03:27:27PM -0400, Ron Kelley wrote:
 Greetings all,
 
 Trying to isolate a condition whereby a container providing firewall 
 services seems to stop processing traffic for a short time.  We keep 
 getting the below information in /var/log/syslog of the server running the 
 firewall.  The IP addresses shown match the network interfaces of the 
 remote LXD server running the web server.  These IPs are for the server 
 itself, and not the container IP
 
 Sep 24 15:10:25 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
 00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
 Sep 24 15:10:26 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
 Sep 24 15:10:27 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
 00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
 Sep 24 15:10:28 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
 Sep 24 15:10:29 LXD-Server-04

Re: [lxc-users] LXC 2.16 - vxlan. migrated from to

2017-09-26 Thread Stéphane Graber 
Hi,

Ok, so you're doing your own VXLAN youtside of LXD and then connecting
containers directly to it.

The kernel error is very odd for unicast vxlan... there's really no
reason for it to ever use the other interface...

So I'm assuming the 10.250.1.21 IP is on eth0 and 172.18.22.21 on eth1
(or the reverse)? that is, you don't have both subnets on eth1.

On Tue, Sep 26, 2017 at 09:52:37AM -0400, Ron Kelley wrote:
> Thanks Stephane.
> 
> Here is a “lxc network list” on the hosts:
> 
> rkelley@LXD-QA-Server-04:~$ lxc network list
> ++--+-+-+-+
> |  NAME  |   TYPE   | MANAGED | DESCRIPTION | USED BY |
> ++--+-+-+-+
> | eth0   | physical | NO  | | 0   |
> ++--+-+-+-+
> | eth1   | physical | NO  | | 2   |
> ++--+-+-+-+
> | virbr0 | bridge   | NO  | | 0   |
> ++--+-+-++
> 
> 
> Also, we are using vxlan in unicast mode via eth1.  Each LXD server has a 
> unicast IP address on eth1 that lives in a separate VLAN from eth0 on the 
> directly connected network switch.  If both eth0 and eth1 were in the same 
> VLAN, I could possible an issue.  Once a container is spun it, it is attached 
> to a VXLAN interface off eth1 (i.e.: vxlan.1115)
> 
> Thus, I am scratching my head..
> 
> -Ron
> 
> 
> > On Sep 26, 2017, at 9:02 AM, Stéphane Graber  wrote:
> > 
> > On Sun, Sep 24, 2017 at 03:27:27PM -0400, Ron Kelley wrote:
> >> Greetings all,
> >> 
> >> Trying to isolate a condition whereby a container providing firewall 
> >> services seems to stop processing traffic for a short time.  We keep 
> >> getting the below information in /var/log/syslog of the server running the 
> >> firewall.  The IP addresses shown match the network interfaces of the 
> >> remote LXD server running the web server.  These IPs are for the server 
> >> itself, and not the container IP
> >> 
> >> Sep 24 15:10:25 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> >> 00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
> >> Sep 24 15:10:26 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> >> 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
> >> Sep 24 15:10:27 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> >> 00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
> >> Sep 24 15:10:28 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> >> 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
> >> Sep 24 15:10:29 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> >> 00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
> >> Sep 24 15:10:30 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> >> 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
> >> Sep 24 15:10:31 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> >> 00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
> >> Sep 24 15:10:32 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> >> 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
> >> 
> >> Notice how they migrate from one interface to another and then back again. 
> >>  Any idea as to why these messages are getting logged?
> >> 
> >> Thanks.
> >> 
> >> -Ron
> > 
> > Hmm, so I think I'm going to need a bit more details on the setup.
> > Can you show the "lxc network show" for the network on both hosts?
> > 
> > My current guess is that you're using vxlan in multicast mode and both
> > your hosts have two IPs on two subnets. Multicast VXLAN works on both
> > those subnets and it can therefore see the same remote MAC on both,
> > having it flip/flop between the two paths.
> > 
> > -- 
> > Stéphane Graber
> > Ubuntu developer
> > http://www.ubuntu.com
> > ___
> > lxc-users mailing list
> > lxc-users@lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
> 
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com


signature.asc
Description: PGP signature
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] LXC 2.16 - vxlan. migrated from to

2017-09-26 Thread Ron Kelley 
Thanks Stephane.

Here is a “lxc network list” on the hosts:

rkelley@LXD-QA-Server-04:~$ lxc network list
++--+-+-+-+
|  NAME  |   TYPE   | MANAGED | DESCRIPTION | USED BY |
++--+-+-+-+
| eth0   | physical | NO  | | 0   |
++--+-+-+-+
| eth1   | physical | NO  | | 2   |
++--+-+-+-+
| virbr0 | bridge   | NO  | | 0   |
++--+-+-++


Also, we are using vxlan in unicast mode via eth1.  Each LXD server has a 
unicast IP address on eth1 that lives in a separate VLAN from eth0 on the 
directly connected network switch.  If both eth0 and eth1 were in the same 
VLAN, I could possible an issue.  Once a container is spun it, it is attached 
to a VXLAN interface off eth1 (i.e.: vxlan.1115)

Thus, I am scratching my head..

-Ron


> On Sep 26, 2017, at 9:02 AM, Stéphane Graber  wrote:
> 
> On Sun, Sep 24, 2017 at 03:27:27PM -0400, Ron Kelley wrote:
>> Greetings all,
>> 
>> Trying to isolate a condition whereby a container providing firewall 
>> services seems to stop processing traffic for a short time.  We keep getting 
>> the below information in /var/log/syslog of the server running the firewall. 
>>  The IP addresses shown match the network interfaces of the remote LXD 
>> server running the web server.  These IPs are for the server itself, and not 
>> the container IP
>> 
>> Sep 24 15:10:25 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
>> 00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
>> Sep 24 15:10:26 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
>> 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
>> Sep 24 15:10:27 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
>> 00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
>> Sep 24 15:10:28 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
>> 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
>> Sep 24 15:10:29 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
>> 00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
>> Sep 24 15:10:30 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
>> 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
>> Sep 24 15:10:31 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
>> 00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
>> Sep 24 15:10:32 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
>> 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
>> 
>> Notice how they migrate from one interface to another and then back again.  
>> Any idea as to why these messages are getting logged?
>> 
>> Thanks.
>> 
>> -Ron
> 
> Hmm, so I think I'm going to need a bit more details on the setup.
> Can you show the "lxc network show" for the network on both hosts?
> 
> My current guess is that you're using vxlan in multicast mode and both
> your hosts have two IPs on two subnets. Multicast VXLAN works on both
> those subnets and it can therefore see the same remote MAC on both,
> having it flip/flop between the two paths.
> 
> -- 
> Stéphane Graber
> Ubuntu developer
> http://www.ubuntu.com
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] LXC 2.16 - vxlan. migrated from to

2017-09-26 Thread Stéphane Graber 
On Sun, Sep 24, 2017 at 03:27:27PM -0400, Ron Kelley wrote:
> Greetings all,
> 
> Trying to isolate a condition whereby a container providing firewall services 
> seems to stop processing traffic for a short time.  We keep getting the below 
> information in /var/log/syslog of the server running the firewall.  The IP 
> addresses shown match the network interfaces of the remote LXD server running 
> the web server.  These IPs are for the server itself, and not the container IP
> 
> Sep 24 15:10:25 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> 00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
> Sep 24 15:10:26 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
> Sep 24 15:10:27 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> 00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
> Sep 24 15:10:28 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
> Sep 24 15:10:29 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> 00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
> Sep 24 15:10:30 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
> Sep 24 15:10:31 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> 00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
> Sep 24 15:10:32 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
> 
> Notice how they migrate from one interface to another and then back again.  
> Any idea as to why these messages are getting logged?
> 
> Thanks.
> 
> -Ron

Hmm, so I think I'm going to need a bit more details on the setup.
Can you show the "lxc network show" for the network on both hosts?

My current guess is that you're using vxlan in multicast mode and both
your hosts have two IPs on two subnets. Multicast VXLAN works on both
those subnets and it can therefore see the same remote MAC on both,
having it flip/flop between the two paths.

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com


signature.asc
Description: PGP signature
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] LXC 2.16 - vxlan. migrated from to

2017-09-24 Thread Ron Kelley 
Greetings all,

Trying to isolate a condition whereby a container providing firewall services 
seems to stop processing traffic for a short time.  We keep getting the below 
information in /var/log/syslog of the server running the firewall.  The IP 
addresses shown match the network interfaces of the remote LXD server running 
the web server.  These IPs are for the server itself, and not the container IP

Sep 24 15:10:25 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
Sep 24 15:10:26 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
Sep 24 15:10:27 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
Sep 24 15:10:28 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
Sep 24 15:10:29 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
Sep 24 15:10:30 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
Sep 24 15:10:31 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
Sep 24 15:10:32 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 

Notice how they migrate from one interface to another and then back again.  Any 
idea as to why these messages are getting logged?

Thanks.

-Ron
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users