On Wed, Jan 21, 2015 at 7:09 PM, scrumpyjack <scrumpyj...@me.com> wrote:
> Yes, i want to give a /32 to a container. > > If i stick to > > lxc.network.type = macvlan > lxc.network.flags = up > lxc.network.link = eth0 > lxc.network.name = eth1 > lxc.network.ipv4 = 21.45.463.23/32 (fake IP, obvs) > lxc.network.ipv4.gateway = 21.45.463.23 > > would you expect that to work? > > Nope. Your main mistake is that you thought since the /32 IP works in the host (e.g. when used as "eth0:1"), it would automagically work inside the container, the host would simply "know" where to route the packet. It doesn't work that way. Network-wise, the host and the container are two separate entities, which might have a private link (i.e. thru a private bridge or something). The generic explanation of a working setup can be "stolen" from xen wiki: http://wiki.xen.org/wiki/Vif-route Basically they use a combination of /32, specific route, and proxy arp. I use a similar but slightly different method. This is on ubuntu server. The host has 100.0.0.10/24, router is on 100.0.0.1, the container is on 100.0.0.11 (fake IPs, of course). The host communicates with the container thru a PRIVATE bridge with IP 192.168.124.1 (note that this IP doesn't even have to be in the same network as host and container's IP) Relevant part of host's /etc/network/interfaces ### auto eth0 iface eth0 inet static address 100.0.0.10 netmask 255.255.255.0 gateway 100.0.0.1 # this part functions similar as proxy arp, force eth0 to accepts packets # destined for the container's IP using static arp up arp -i eth0 -Ds 100.0.0.11 eth0 pub || true # this is an internal bridge used to connect the host to the container auto br0 iface br0 inet manual bridge_ports none bridge_maxwait 0 bridge_stp off bridge_fd 0 # add specific route for the container IP up ip route add 100.0.0.11/32 dev br0 || true ### Relevant part of container config. Note that this only sets the bridge and persistent vif mac & name. ### lxc.network.type=veth lxc.network.link=br0 lxc.network.veth.pair=veth-c1-0 lxc.network.flags=up lxc.network.hwaddr = 00:16:3E:FD:46:25 ### Relevant part of container's /etc/network/interfaces ### auto eth0 iface eth0 inet static address 100.0.0.11 netmask 255.255.255.255 # force route for host's br0 up ip route add 192.168.124.1 dev eth0 # ... and use it for default route up ip route add default via 192.168.124.1 ### Relevant output of several commands in the host ### # ip route ... default via 100.0.0.1 dev eth0 100.0.0.0/24 dev eth0 proto kernel scope link src 100.0.0.10 100.0.0.11 dev br0 scope link ... # arp -n Address HWtype HWaddress Flags Mask Iface ... 100.0.0.11 ether 00:16:3e:fd:46:25 C br0 100.0.0.11 * <from_interface> MP eth0 ... # brctl show bridge name bridge id STP enabled interfaces ... br0 8000.feb01cb4ee91 no veth-c1-0 ... ### -- Fajar
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users