Thanks Stephane. Here is a “lxc network list” on the hosts:
rkelley@LXD-QA-Server-04:~$ lxc network list +--------+----------+---------+-------------+---------+ | NAME | TYPE | MANAGED | DESCRIPTION | USED BY | +--------+----------+---------+-------------+---------+ | eth0 | physical | NO | | 0 | +--------+----------+---------+-------------+---------+ | eth1 | physical | NO | | 2 | +--------+----------+---------+-------------+---------+ | virbr0 | bridge | NO | | 0 | +--------+----------+---------+-------------+————+ Also, we are using vxlan in unicast mode via eth1. Each LXD server has a unicast IP address on eth1 that lives in a separate VLAN from eth0 on the directly connected network switch. If both eth0 and eth1 were in the same VLAN, I could possible an issue. Once a container is spun it, it is attached to a VXLAN interface off eth1 (i.e.: vxlan.1115) Thus, I am scratching my head.. -Ron > On Sep 26, 2017, at 9:02 AM, Stéphane Graber <stgra...@ubuntu.com> wrote: > > On Sun, Sep 24, 2017 at 03:27:27PM -0400, Ron Kelley wrote: >> Greetings all, >> >> Trying to isolate a condition whereby a container providing firewall >> services seems to stop processing traffic for a short time. We keep getting >> the below information in /var/log/syslog of the server running the firewall. >> The IP addresses shown match the network interfaces of the remote LXD >> server running the web server. These IPs are for the server itself, and not >> the container IP >> >> Sep 24 15:10:25 LXD-Server-04 kernel: [144272.412154] vxlan.1104: >> 00:11:22:aa:66:a3 migrated from 10.250.1.21 to 172.18.22.21 >> Sep 24 15:10:26 LXD-Server-04 kernel: [144272.412154] vxlan.1104: >> 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 >> Sep 24 15:10:27 LXD-Server-04 kernel: [144272.412154] vxlan.1104: >> 00:11:22:aa:66:a3 migrated from 10.250.1.21 to 172.18.22.21 >> Sep 24 15:10:28 LXD-Server-04 kernel: [144272.412154] vxlan.1104: >> 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 >> Sep 24 15:10:29 LXD-Server-04 kernel: [144272.412154] vxlan.1104: >> 00:11:22:aa:66:a3 migrated from 10.250.1.21 to 172.18.22.21 >> Sep 24 15:10:30 LXD-Server-04 kernel: [144272.412154] vxlan.1104: >> 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 >> Sep 24 15:10:31 LXD-Server-04 kernel: [144272.412154] vxlan.1104: >> 00:11:22:aa:66:a3 migrated from 10.250.1.21 to 172.18.22.21 >> Sep 24 15:10:32 LXD-Server-04 kernel: [144272.412154] vxlan.1104: >> 00:11:22:aa:66:a3 migrated from 172.18.22.21 to 10.250.1.21 >> >> Notice how they migrate from one interface to another and then back again. >> Any idea as to why these messages are getting logged? >> >> Thanks. >> >> -Ron > > Hmm, so I think I'm going to need a bit more details on the setup. > Can you show the "lxc network show" for the network on both hosts? > > My current guess is that you're using vxlan in multicast mode and both > your hosts have two IPs on two subnets. Multicast VXLAN works on both > those subnets and it can therefore see the same remote MAC on both, > having it flip/flop between the two paths. > > -- > Stéphane Graber > Ubuntu developer > http://www.ubuntu.com > _______________________________________________ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users