On 09/06/2015 09:52 AM, Guido Jäkel wrote:
Dear Peter,
don't use a MAC prefix that is lower than that of the upstream device of the
bridge the containers are attached: The Linux software bridge will use the
lowest MAC of it's attached devices as the MAC of the outgoing packets.
Therefore, you will risk short traffic interruptions to others, if you shutdown
a Container and this one was the one with the lowest MAC on it's bridge.
Because then, all network affected components outside have to learn a new MAC
to route the packets for the remaining Containers to.
I'm currently using a "quite high" prefix and a tail that is derived from the assigned
IP. The same "formula" is used to setup a auxiliary DHCP server because use DHCP for the
container network setup.
HWADDR=`IP=${IP#*.}; printf "00:50:C2:%02X:%02X:%02X" ${IP//./ }` #
a.b.c.d -> 00:50:C2:bb:cc:dd (hex)
I was not aware of this behavior. Although I don't believe we've noticed
any suspicious behavior in our network traffic, I can easily change our
automation logic to use a high prefix for the containers that we create.
Thanks for the tip.
Peter
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
