On 26/03/2020 16.14, Sebert, Holger.ext wrote: > Hi, > > we use LXD containers on our CI-build nodes. For each build a container is > created and deleted afterwards. So, container creation and deletion happens > quite often. > > Here is the problem: After some time, many virtual ethernet interfaces (veth*) > accumulate, they look like this: > > [...] > > These interfaces are not connected to any running container and cannot be > removed. It seems to me that they are somehow leftovers from previous > containers which don't exist anymore.
Dear Holger, Mike and others, the veth interface might be also "hold" by a dangling connection, e.g. if you had have an incomming connection to a deamon/service in the container and the container and/or service wasn't shut down gracefully. Then, the TCP connection may linger for the TCP closedown period of (default) up to 6min. In addition to Mike's proposal to use a fixed name and to "down" and "delete" the interface(s), I suggest to *rename" it also to "free" the name at shutdown. Here a snipped from my central lxc admin (wrapper) script IF_AWAY() { # $1: container local CONTAINER=$1; shift local DEVS="$(cd /sys/class/net && ls ${CONTAINER}* -1d 2>/dev/null)" # $CONTAINER, $CONTAINER-1 for DEV in $DEVS; do DEV_AWAY="away.$RANDOM" # $RANDOM is a bash-buildin ! ip link set dev $DEV down >/dev/null 2>&1 && LOG "veth \"$DEV\" forced down" ip link set dev $DEV name $DEV_AWAY >/dev/null 2>&1 && LOG "veth \"$DEV\" renamed to \"$DEV_AWAY\"" done } greetings Guido _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users