Re: [lxc-users] LXC 2.16 - vxlan. migrated from to

Tue, 26 Sep 2017 06:03:50 -0700 

On Sun, Sep 24, 2017 at 03:27:27PM -0400, Ron Kelley wrote:
> Greetings all,
> 
> Trying to isolate a condition whereby a container providing firewall services 
> seems to stop processing traffic for a short time.  We keep getting the below 
> information in /var/log/syslog of the server running the firewall.  The IP 
> addresses shown match the network interfaces of the remote LXD server running 
> the web server.  These IPs are for the server itself, and not the container IP
> 
> Sep 24 15:10:25 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> 00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
> Sep 24 15:10:26 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
> Sep 24 15:10:27 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> 00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
> Sep 24 15:10:28 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
> Sep 24 15:10:29 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> 00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
> Sep 24 15:10:30 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
> Sep 24 15:10:31 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> 00:11:22:aa:66:a3 migrated from 10.250.1.21  to 172.18.22.21
> Sep 24 15:10:32 LXD-Server-04 kernel: [144272.412154] vxlan.1104: 
> 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 
> 
> Notice how they migrate from one interface to another and then back again.  
> Any idea as to why these messages are getting logged?
> 
> Thanks.
> 
> -Ron

Hmm, so I think I'm going to need a bit more details on the setup.
Can you show the "lxc network show" for the network on both hosts?

My current guess is that you're using vxlan in multicast mode and both
your hosts have two IPs on two subnets. Multicast VXLAN works on both
those subnets and it can therefore see the same remote MAC on both,
having it flip/flop between the two paths.

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com

Attachment: signature.asc
Description: PGP signature

_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Reply via email to