On Tue, Sep 15, 2015 at 3:29 PM, Andrey Repin <anrdae...@yandex.ru> wrote: > Greetings, Fajar A. Nugraha! > >>> We will have to do some thorough testing with the 4.2 (or possibly 4.1) >>> kernel over the next few weeks to make sure this kernel doesn't introduce >>> new issues. > >> That would seem like the best option for you. > >>> new issues. Our only other option would be to fall back to KVM instead of >>> containers and that's not something we really want to do. > >> Assuming your problem is caused by bridging the veth interface, >> there's an alternate networking setup with proxyarp + route that might >> work. It doesn't use bridge, and only works for privileged containers. > > Aren't you overcomplicating it? >
It depends on what the root cause of the problem is. > 1. Containers config: > > lxc.network.type = macvlan > lxc.network.macvlan.mode = bridge I assumed the problem has something to do with bonding and multiple mac combination. Proxyarp only presents one mac on the interface: the host, thus eliminating one possible problem source. The assumption might or might not be valid, thus needs to be tested. Also, with routing + proxyarp, there's the bonus of "container can only use IP address assigned to it, and a rogue container can't use another container's/host's IP address" Of course, in the end, use whatever is more appropriate for your needs. -- Fajar _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users