I'm trying to setup a container on a new VLAN that only allows tagged traffic and I'm getting varied success. Maybe somebody can point me in the right direction. I can ping the gateway from the host but not from the container and I can't see what I'm missing. I'm using LXC 1.1.5 on Debian Jessie. The container is unprivileged. The host itself is a VM running off of VMware. The VM has 3 NIC's. eth0 is for my management network and the other two NIC's (eth1 and eth2) are setup to connect to this VLAN (vlan id 500).
/etc/network/interfaces # The second network interface auto eth1 iface eth1 inet manual # The third network interface auto eth2 iface eth2 inet static address 10.240.78.4/24 gateway 10.240.78.1 iface eth1.500 inet manual vlan-raw-device eth1 auto br0-500 iface br0-500 inet manual bridge_ports eth1.500 bridge_stp off bridge_fd 0 bridge_maxwait 0 I've setup br0-500 to use with my container: # Network configuration lxc.network.type = veth lxc.network.link = br0-500 lxc.network.ipv4 = 10.240.78.3/24 lxc.network.ipv4.gateway = 10.240.78.1 lxc.network.flags = up lxc.network.hwaddr = 00:16:3e:3d:51:af When I start the container everything seems to be in order: eth0 Link encap:Ethernet HWaddr 00:16:3e:3d:51:af inet addr:10.240.78.3 Bcast:10.240.78.255 Mask:255.255.255.0 inet6 addr: fe80::216:3eff:fe3d:51af/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:11 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:774 (774.0 B) Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.240.78.1 0.0.0.0 UG 0 0 0 eth0 10.240.78.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 But when I try to ping the gateway I get no response: PING 10.240.78.1 (10.240.78.1) 56(84) bytes of data. >From 10.240.78.3 icmp_seq=1 Destination Host Unreachable >From 10.240.78.3 icmp_seq=2 Destination Host Unreachable >From 10.240.78.3 icmp_seq=3 Destination Host Unreachable >From 10.240.78.3 icmp_seq=4 Destination Host Unreachable >From 10.240.78.3 icmp_seq=5 Destination Host Unreachable >From 10.240.78.3 icmp_seq=6 Destination Host Unreachable ^C --- 10.240.78.1 ping statistics --- 7 packets transmitted, 0 received, +6 errors, 100% packet loss, time 6030ms Address HWtype HWaddress Flags Mask Iface 10.240.78.1 (incomplete) eth0 Running tcpdump on eth1 on the host, I can see the arp requests coming through the host but there is no reply from the gateway. lxcuser@prvlxc01:~$ su root -c "tcpdump -i eth1 -Uw - | tcpdump -en -r - vlan 500" Password: tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes reading from file -, link-type EN10MB (Ethernet) 11:35:34.589795 00:16:3e:3d:51:af > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 500, p 0, ethertype ARP, Request who-has 10.240.78.1 tell 10.240.78.3, length 28 11:35:35.587647 00:16:3e:3d:51:af > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 500, p 0, ethertype ARP, Request who-has 10.240.78.1 tell 10.240.78.3, length 28 11:35:36.587413 00:16:3e:3d:51:af > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 500, p 0, ethertype ARP, Request who-has 10.240.78.1 tell 10.240.78.3, length 28 11:35:37.604816 00:16:3e:3d:51:af > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 500, p 0, ethertype ARP, Request who-has 10.240.78.1 tell 10.240.78.3, length 28 11:35:38.603408 00:16:3e:3d:51:af > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 500, p 0, ethertype ARP, Request who-has 10.240.78.1 tell 10.240.78.3, length 28 11:35:39.603387 00:16:3e:3d:51:af > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 500, p 0, ethertype ARP, Request who-has 10.240.78.1 tell 10.240.78.3, length 28 11:35:40.620677 00:16:3e:3d:51:af > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 500, p 0, ethertype ARP, Request who-has 10.240.78.1 tell 10.240.78.3, length 28 11:35:41.619399 00:16:3e:3d:51:af > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 500, p 0, ethertype ARP, Request who-has 10.240.78.1 tell 10.240.78.3, length 28 ^C Session terminated, terminating shell...tcpdump: pcap_loop: error reading dump file: Interrupted system call 16 packets captured 17 packets received by filter 0 packets dropped by kernel I feel that this is a setup problem with the router, but I'm not getting much help from my networking team so I'm kind of asking all around to see if anybody has any good ideas. The only other source of the problem I can think of is with VMware. Maybe somebody more familiar with the hypervisor has seen this issue before? I have every port group on the VM host in promiscuous mode. Thanks, Joshua
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users