Re: [Lxc-users] Two virtual interfaces in a container
On Mon, Oct 25, 2010 at 4:15 AM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 10/25/2010 07:24 AM, Nirmal Guhan wrote: On Sun, Oct 24, 2010 at 3:07 PM, Daniel Lezcanodlezc...@fr.ibm.com wrote: [ snip ] How does it work when I have eth0 in lxc attached to br0? I still assign IP to eth0 in this case as part of lxc config. Is this a special case where IP is required for interface attached to the bridge? I assume you are talking about a veth + bridge, right ? The network stacks are separated between the host and the container and the veth is a pass-through network device, it is a pair device (vethA - vethB). When the packets are injected to vethA, they are received by vethB and when they are injected to vethB, they are received by vethA. Practically, when the container is created, the vethA is attached to the bridge and vethB is moved inside the container and renamed eth0 for convenience. No IP address is assigned to vethA but it is assigned to vethB. Assuming you have an IP address 1.2.3.4 on vethB and another host with the IP 1.2.3.5, if you ping from the container to the host, here is what happens: (container) : search the route for dest address 1.2.3.5 (container) : found the dev where to send packet is eth0 (aka vethB) (container) : send the packet to this device (host) : the packet arrives from vethA (host) : the bridge hooks the packet (host) : lookup the destination with the mac @ (host) : send the packet on all the ports (host) : the packet goes through the real device eth0 (peer) : the packet arrives to the peer and this one answers (host) : the packet arrives on the real device eth0 (host) : the packet is hooked by the bridge code (host) : the bridge look for the dest mac @ and find vethA (host) : the bridge send the packet to vethA (container) : the packet arrives to eth0 (aka vethB) Thanks for the detailed explanation. So, if I have multiple interfaces (eth, tap) attached to bridge, I will assign IP to bridge. As I tested, I was also able to assign IP to tap interface attached to bridge (so there are two IPs and still ping both of them. Only missing piece is - bridge is a layer 2 device that can take an L3 IP too :-) This helps me, though!! ~Nirmal -- Nokia and ATT present the 2010 Calling All Innovators-North America contest Create new apps games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Two virtual interfaces in a container
On 10/23/2010 12:48 AM, Nirmal Guhan wrote: On Tue, Oct 19, 2010 at 3:58 PM, Serge E. Hallyn serge.hal...@canonical.com wrote: Quoting Nirmal Guhan (vavat...@gmail.com): On Tue, Oct 19, 2010 at 3:03 PM, Serge E. Hallyn serge.hal...@canonical.com wrote: Quoting Serge E. Hallyn (serge.hal...@canonical.com): Quoting Nirmal Guhan (vavat...@gmail.com): Hi, I have a requirement to create two virtual interfaces (eth0, eth1) in a linux container and separate traffic between the two based on ip route. Basically eth0 (or eth1) should be used for external world and eth1 for communication terminating at host. How do I go about doing this? I created two interfaces in the config and can see both of them in the container. lxc.network.type = veth lxc.network.link = br0 lxc.network.ipv4 = 128.107.159.183/22 lxc.network.name = eth0 lxc.network.flags = up lxc.network.mtu = 1500 lxc.network.type = veth lxc.network.link = br0 If you want eth1 to be connected internally only, then shouldn't you create a bridge br1, and use that here? Don't connect br1 to the physical nic, and you'll have your host-only bridge. Ok. This is what I did. #brctl addbr br1 Modified above config to lxc.network.link=br1 for eth1 and removed eth0 so there is only one i/f. Since br1 is not attached to nic, how do I now test host-guest communication.Obviously I can't reach eth0 ip from lxc. Easiest and most telling wrt whether your setup will work, would be to create a second container the same way, and try to ping or nc to each other. -serge Thanks. Pinging between containers work. Going back to my original query, I need a tap interface as well in the bridge so it is actually tap-bridge-veth on container . So I created a tap 'gtap' interface in the host and added it to br1. Assinged IP to gtap and tried to ping from the container but that does not work. Here are some add'l info : 26: gtap:BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500 link/ether fa:ad:bb:c0:d4:4c brd ff:ff:ff:ff:ff:ff inet 192.168.1.15/24 brd 192.168.1.255 scope global gtap inet6 fe80::f8ad:bbff:fec0:d44c/64 scope link valid_lft forever preferred_lft forever 27: br1:BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN link/ether 92:e1:7e:95:4d:bc brd ff:ff:ff:ff:ff:ff inet6 fe80::f8ad:bbff:fec0:d44c/64 scope link valid_lft forever preferred_lft forever [128:~]$ brctl show bridge name bridge id STP enabled interfaces br1 8000.92e17e954dbc no gtap veths4EgPK $ ip route show 192.168.1.0/24 dev gtap proto kernel scope link src 192.168.1.15 $sbin/arp Address HWtype HWaddress Flags Mask Iface 192.168.1.10 (incomplete) gtap From container: $ip route show 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10 $ /sbin/arp Address HWtype HWaddress Flags Mask Iface 192.168.1.15 (incomplete) eth1 Do I assign IP address to br1 instead of gtap? Yep, IP addresses must go to the bridge. No IP should be assigned to a interface attached to the bridge. -- Daniel -- Nokia and ATT present the 2010 Calling All Innovators-North America contest Create new apps games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Two virtual interfaces in a container
On 10/23/2010 11:08 PM, Nirmal Guhan wrote: On Fri, Oct 22, 2010 at 3:48 PM, Nirmal Guhanvavat...@gmail.com wrote: On Tue, Oct 19, 2010 at 3:58 PM, Serge E. Hallyn serge.hal...@canonical.com wrote: Quoting Nirmal Guhan (vavat...@gmail.com): On Tue, Oct 19, 2010 at 3:03 PM, Serge E. Hallyn serge.hal...@canonical.com wrote: Quoting Serge E. Hallyn (serge.hal...@canonical.com): Quoting Nirmal Guhan (vavat...@gmail.com): Hi, I have a requirement to create two virtual interfaces (eth0, eth1) in a linux container and separate traffic between the two based on ip route. Basically eth0 (or eth1) should be used for external world and eth1 for communication terminating at host. How do I go about doing this? I created two interfaces in the config and can see both of them in the container. lxc.network.type = veth lxc.network.link = br0 lxc.network.ipv4 = 128.107.159.183/22 lxc.network.name = eth0 lxc.network.flags = up lxc.network.mtu = 1500 lxc.network.type = veth lxc.network.link = br0 If you want eth1 to be connected internally only, then shouldn't you create a bridge br1, and use that here? Don't connect br1 to the physical nic, and you'll have your host-only bridge. Ok. This is what I did. #brctl addbr br1 Modified above config to lxc.network.link=br1 for eth1 and removed eth0 so there is only one i/f. Since br1 is not attached to nic, how do I now test host-guest communication.Obviously I can't reach eth0 ip from lxc. Easiest and most telling wrt whether your setup will work, would be to create a second container the same way, and try to ping or nc to each other. -serge Thanks. Pinging between containers work. Going back to my original query, I need a tap interface as well in the bridge so it is actually tap-bridge-veth on container . So I created a tap 'gtap' interface in the host and added it to br1. Assinged IP to gtap and tried to ping from the container but that does not work. Here are some add'l info : 26: gtap:BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500 link/ether fa:ad:bb:c0:d4:4c brd ff:ff:ff:ff:ff:ff inet 192.168.1.15/24 brd 192.168.1.255 scope global gtap inet6 fe80::f8ad:bbff:fec0:d44c/64 scope link valid_lft forever preferred_lft forever 27: br1:BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN link/ether 92:e1:7e:95:4d:bc brd ff:ff:ff:ff:ff:ff inet6 fe80::f8ad:bbff:fec0:d44c/64 scope link valid_lft forever preferred_lft forever [128:~]$ brctl show bridge name bridge id STP enabled interfaces br1 8000.92e17e954dbc no gtap veths4EgPK $ ip route show 192.168.1.0/24 dev gtap proto kernel scope link src 192.168.1.15 $sbin/arp Address HWtype HWaddress Flags Mask Iface 192.168.1.10 (incomplete) gtap From container: $ip route show 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10 $ /sbin/arp Address HWtype HWaddress Flags Mask Iface 192.168.1.15 (incomplete) eth1 Do I assign IP address to br1 instead of gtap? Thanks, Nirmal Here is an update : After adding a route as ip route add 192.168.1.0/24 dev br1 I can ping tap interface from container. But two weird things : 1.tcpdump -i gtap does not show any packet but tcpdump -i br1 shows the packets. That's logical, the bridge is the aggregator of your interfaces. You can not assume the interface will act as you expect when it is attached to the bridge because the traffic is hooked in the kernel and the packets are redirected to the bridge code. 2. If I bring down gtap as in ifconfig gtap down am still able to ping gtap ip with the above ip route configured. Still looking for reasoning... When you assign an IP address to an interfaces that automatically create the routes. Assigning IP addresses is a way to automatically create / destroy the routes. You can create some routes without an IP address on an interface and the packet will reach at least the layer 3 of the network stack. If you want to delete an IP address to your interface you can use ip addr del ip/prefix dev gtap or ifconfig gtap 0.0.0.0 -- Nokia and ATT present the 2010 Calling All Innovators-North America contest Create new apps games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net
Re: [Lxc-users] Two virtual interfaces in a container
On Sun, Oct 24, 2010 at 3:07 PM, Daniel Lezcano dlezc...@fr.ibm.com wrote: On 10/23/2010 12:48 AM, Nirmal Guhan wrote: On Tue, Oct 19, 2010 at 3:58 PM, Serge E. Hallyn serge.hal...@canonical.com wrote: Quoting Nirmal Guhan (vavat...@gmail.com): On Tue, Oct 19, 2010 at 3:03 PM, Serge E. Hallyn serge.hal...@canonical.com wrote: Quoting Serge E. Hallyn (serge.hal...@canonical.com): Quoting Nirmal Guhan (vavat...@gmail.com): Hi, I have a requirement to create two virtual interfaces (eth0, eth1) in a linux container and separate traffic between the two based on ip route. Basically eth0 (or eth1) should be used for external world and eth1 for communication terminating at host. How do I go about doing this? I created two interfaces in the config and can see both of them in the container. lxc.network.type = veth lxc.network.link = br0 lxc.network.ipv4 = 128.107.159.183/22 lxc.network.name = eth0 lxc.network.flags = up lxc.network.mtu = 1500 lxc.network.type = veth lxc.network.link = br0 If you want eth1 to be connected internally only, then shouldn't you create a bridge br1, and use that here? Don't connect br1 to the physical nic, and you'll have your host-only bridge. Ok. This is what I did. #brctl addbr br1 Modified above config to lxc.network.link=br1 for eth1 and removed eth0 so there is only one i/f. Since br1 is not attached to nic, how do I now test host-guest communication.Obviously I can't reach eth0 ip from lxc. Easiest and most telling wrt whether your setup will work, would be to create a second container the same way, and try to ping or nc to each other. -serge Thanks. Pinging between containers work. Going back to my original query, I need a tap interface as well in the bridge so it is actually tap-bridge-veth on container . So I created a tap 'gtap' interface in the host and added it to br1. Assinged IP to gtap and tried to ping from the container but that does not work. Here are some add'l info : 26: gtap:BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500 link/ether fa:ad:bb:c0:d4:4c brd ff:ff:ff:ff:ff:ff inet 192.168.1.15/24 brd 192.168.1.255 scope global gtap inet6 fe80::f8ad:bbff:fec0:d44c/64 scope link valid_lft forever preferred_lft forever 27: br1:BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN link/ether 92:e1:7e:95:4d:bc brd ff:ff:ff:ff:ff:ff inet6 fe80::f8ad:bbff:fec0:d44c/64 scope link valid_lft forever preferred_lft forever [128:~]$ brctl show bridge name bridge id STP enabled interfaces br1 8000.92e17e954dbc no gtap veths4EgPK $ ip route show 192.168.1.0/24 dev gtap proto kernel scope link src 192.168.1.15 $sbin/arp Address HWtype HWaddress Flags Mask Iface 192.168.1.10 (incomplete) gtap From container: $ip route show 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10 $ /sbin/arp Address HWtype HWaddress Flags Mask Iface 192.168.1.15 (incomplete) eth1 Do I assign IP address to br1 instead of gtap? Yep, IP addresses must go to the bridge. No IP should be assigned to a interface attached to the bridge. -- Daniel How does it work when I have eth0 in lxc attached to br0? I still assign IP to eth0 in this case as part of lxc config. Is this a special case where IP is required for interface attached to the bridge? -Nirmal -- Nokia and ATT present the 2010 Calling All Innovators-North America contest Create new apps games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Two virtual interfaces in a container
On Fri, Oct 22, 2010 at 3:48 PM, Nirmal Guhan vavat...@gmail.com wrote: On Tue, Oct 19, 2010 at 3:58 PM, Serge E. Hallyn serge.hal...@canonical.com wrote: Quoting Nirmal Guhan (vavat...@gmail.com): On Tue, Oct 19, 2010 at 3:03 PM, Serge E. Hallyn serge.hal...@canonical.com wrote: Quoting Serge E. Hallyn (serge.hal...@canonical.com): Quoting Nirmal Guhan (vavat...@gmail.com): Hi, I have a requirement to create two virtual interfaces (eth0, eth1) in a linux container and separate traffic between the two based on ip route. Basically eth0 (or eth1) should be used for external world and eth1 for communication terminating at host. How do I go about doing this? I created two interfaces in the config and can see both of them in the container. lxc.network.type = veth lxc.network.link = br0 lxc.network.ipv4 = 128.107.159.183/22 lxc.network.name = eth0 lxc.network.flags = up lxc.network.mtu = 1500 lxc.network.type = veth lxc.network.link = br0 If you want eth1 to be connected internally only, then shouldn't you create a bridge br1, and use that here? Don't connect br1 to the physical nic, and you'll have your host-only bridge. Ok. This is what I did. #brctl addbr br1 Modified above config to lxc.network.link=br1 for eth1 and removed eth0 so there is only one i/f. Since br1 is not attached to nic, how do I now test host-guest communication.Obviously I can't reach eth0 ip from lxc. Easiest and most telling wrt whether your setup will work, would be to create a second container the same way, and try to ping or nc to each other. -serge Thanks. Pinging between containers work. Going back to my original query, I need a tap interface as well in the bridge so it is actually tap-bridge-veth on container . So I created a tap 'gtap' interface in the host and added it to br1. Assinged IP to gtap and tried to ping from the container but that does not work. Here are some add'l info : 26: gtap: BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500 link/ether fa:ad:bb:c0:d4:4c brd ff:ff:ff:ff:ff:ff inet 192.168.1.15/24 brd 192.168.1.255 scope global gtap inet6 fe80::f8ad:bbff:fec0:d44c/64 scope link valid_lft forever preferred_lft forever 27: br1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN link/ether 92:e1:7e:95:4d:bc brd ff:ff:ff:ff:ff:ff inet6 fe80::f8ad:bbff:fec0:d44c/64 scope link valid_lft forever preferred_lft forever [128:~]$ brctl show bridge name bridge id STP enabled interfaces br1 8000.92e17e954dbc no gtap veths4EgPK $ ip route show 192.168.1.0/24 dev gtap proto kernel scope link src 192.168.1.15 $sbin/arp Address HWtype HWaddress Flags Mask Iface 192.168.1.10 (incomplete) gtap From container: $ip route show 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10 $ /sbin/arp Address HWtype HWaddress Flags Mask Iface 192.168.1.15 (incomplete) eth1 Do I assign IP address to br1 instead of gtap? Thanks, Nirmal Here is an update : After adding a route as ip route add 192.168.1.0/24 dev br1 I can ping tap interface from container. But two weird things : 1.tcpdump -i gtap does not show any packet but tcpdump -i br1 shows the packets. 2. If I bring down gtap as in ifconfig gtap down am still able to ping gtap ip with the above ip route configured. Still looking for reasoning... -Nirmal -- Nokia and ATT present the 2010 Calling All Innovators-North America contest Create new apps games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Two virtual interfaces in a container
On Tue, Oct 19, 2010 at 3:58 PM, Serge E. Hallyn serge.hal...@canonical.com wrote: Quoting Nirmal Guhan (vavat...@gmail.com): On Tue, Oct 19, 2010 at 3:03 PM, Serge E. Hallyn serge.hal...@canonical.com wrote: Quoting Serge E. Hallyn (serge.hal...@canonical.com): Quoting Nirmal Guhan (vavat...@gmail.com): Hi, I have a requirement to create two virtual interfaces (eth0, eth1) in a linux container and separate traffic between the two based on ip route. Basically eth0 (or eth1) should be used for external world and eth1 for communication terminating at host. How do I go about doing this? I created two interfaces in the config and can see both of them in the container. lxc.network.type = veth lxc.network.link = br0 lxc.network.ipv4 = 128.107.159.183/22 lxc.network.name = eth0 lxc.network.flags = up lxc.network.mtu = 1500 lxc.network.type = veth lxc.network.link = br0 If you want eth1 to be connected internally only, then shouldn't you create a bridge br1, and use that here? Don't connect br1 to the physical nic, and you'll have your host-only bridge. Ok. This is what I did. #brctl addbr br1 Modified above config to lxc.network.link=br1 for eth1 and removed eth0 so there is only one i/f. Since br1 is not attached to nic, how do I now test host-guest communication.Obviously I can't reach eth0 ip from lxc. Easiest and most telling wrt whether your setup will work, would be to create a second container the same way, and try to ping or nc to each other. -serge Thanks. Pinging between containers work. Going back to my original query, I need a tap interface as well in the bridge so it is actually tap-bridge-veth on container . So I created a tap 'gtap' interface in the host and added it to br1. Assinged IP to gtap and tried to ping from the container but that does not work. Here are some add'l info : 26: gtap: BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500 link/ether fa:ad:bb:c0:d4:4c brd ff:ff:ff:ff:ff:ff inet 192.168.1.15/24 brd 192.168.1.255 scope global gtap inet6 fe80::f8ad:bbff:fec0:d44c/64 scope link valid_lft forever preferred_lft forever 27: br1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN link/ether 92:e1:7e:95:4d:bc brd ff:ff:ff:ff:ff:ff inet6 fe80::f8ad:bbff:fec0:d44c/64 scope link valid_lft forever preferred_lft forever [128:~]$ brctl show bridge name bridge id STP enabled interfaces br1 8000.92e17e954dbc no gtap veths4EgPK $ ip route show 192.168.1.0/24 dev gtap proto kernel scope link src 192.168.1.15 $sbin/arp Address HWtype HWaddress Flags MaskIface 192.168.1.10 (incomplete) gtap From container: $ip route show 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10 $ /sbin/arp Address HWtype HWaddress Flags MaskIface 192.168.1.15 (incomplete) eth1 Do I assign IP address to br1 instead of gtap? Thanks, Nirmal -- Nokia and ATT present the 2010 Calling All Innovators-North America contest Create new apps games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] Two virtual interfaces in a container
Hi, I have a requirement to create two virtual interfaces (eth0, eth1) in a linux container and separate traffic between the two based on ip route. Basically eth0 (or eth1) should be used for external world and eth1 for communication terminating at host. How do I go about doing this? I created two interfaces in the config and can see both of them in the container. lxc.network.type = veth lxc.network.link = br0 lxc.network.ipv4 = 128.107.159.183/22 lxc.network.name = eth0 lxc.network.flags = up lxc.network.mtu = 1500 lxc.network.type = veth lxc.network.link = br0 lxc.network.ipv4 = 128.107.159.185/22 lxc.network.name = eth1 lxc.network.flags = up 159: eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP qlen 1000 161: eth1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP qlen 1000 The problem is using eth1, I cannot ping the default gw. # ip route show 128.107.156.0/22 dev eth0 proto kernel scope link src 128.107.159.183 128.107.156.0/22 dev eth1 proto kernel scope link src 128.107.159.185 default via 128.107.159.175 dev eth1 Added host as well in the route as just adding default gw didn't work default via 128.107.156.2 dev eth1 default gw default via 128.107.156.2 dev eth0 BTW, I run 2.6.32 + fedora 12. Thanks, Nirmal -- Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Two virtual interfaces in a container
On Tue, Oct 19, 2010 at 3:03 PM, Serge E. Hallyn serge.hal...@canonical.com wrote: Quoting Serge E. Hallyn (serge.hal...@canonical.com): Quoting Nirmal Guhan (vavat...@gmail.com): Hi, I have a requirement to create two virtual interfaces (eth0, eth1) in a linux container and separate traffic between the two based on ip route. Basically eth0 (or eth1) should be used for external world and eth1 for communication terminating at host. How do I go about doing this? I created two interfaces in the config and can see both of them in the container. lxc.network.type = veth lxc.network.link = br0 lxc.network.ipv4 = 128.107.159.183/22 lxc.network.name = eth0 lxc.network.flags = up lxc.network.mtu = 1500 lxc.network.type = veth lxc.network.link = br0 If you want eth1 to be connected internally only, then shouldn't you create a bridge br1, and use that here? Don't connect br1 to the physical nic, and you'll have your host-only bridge. Ok. This is what I did. #brctl addbr br1 Modified above config to lxc.network.link=br1 for eth1 and removed eth0 so there is only one i/f. Since br1 is not attached to nic, how do I now test host-guest communication.Obviously I can't reach eth0 ip from lxc. (BTW, I assume that the reason you failed to ping then was that your eth1 in the container had an address on a different subnet, and - I assume - there was no route known on the host to that subnet. I could be wrong, but since your test seemed to be unrelated to your end goal I thought I'd comment first on how to do what you want) It is in same subnet. I think it was to do with ip route setup. --Nirmal -serge -- Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
