Re: [Lxc-users] native (non-NAT) routing?
Ulli Horlacher frams...@rus.uni-stuttgart.de wrote: host zoo 129.69.1.39 container LXC 129.69.1.219 router129.69.1.254 In LXC.conf is: lxc.utsname = LXC lxc.network.type = veth lxc.network.link = br0 lxc.network.flags = up lxc.network.name = eth0 lxc.network.mtu = 1500 lxc.network.ipv4 = 129.69.1.219/24 Same configuration on another host (vms2, with another ip) works as expected! zoo runs on virtual hardware (VMware ESXi), where vms2 runs on real hardware. I assume now, lxc bridge networking is not compatible with ESXi! What is configured on ESXi? Regards, Töns -- There is no safe distance. -- Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm-webcastpromo ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] native (non-NAT) routing?
On Tue 2011-04-12 (09:28), Toens Bueker wrote: zoo runs on virtual hardware (VMware ESXi), where vms2 runs on real hardware. I assume now, lxc bridge networking is not compatible with ESXi! What is configured on ESXi? A virtual switch for this VLAN. I have tested it with and without promiscous mode. -- Ullrich Horlacher Server- und Arbeitsplatzsysteme Rechenzentrum E-Mail: horlac...@rus.uni-stuttgart.de Universitaet Stuttgart Tel:++49-711-685-65868 Allmandring 30 Fax:++49-711-682357 70550 Stuttgart (Germany) WWW:http://www.rus.uni-stuttgart.de/ -- Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm-webcastpromo ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] native (non-NAT) routing?
On Sat 2011-04-09 (18:30), Brian K. White wrote: He's asking you to run ip addr on the host and post the result here. Sorry for my lameness :-) root@zoo:/lxc# ip addr 1: lo: LOOPBACK,UP,LOWER_UP mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:50:56:8e:00:03 brd ff:ff:ff:ff:ff:ff inet6 fe80::250:56ff:fe8e:3/64 scope link valid_lft forever preferred_lft forever 3: eth1: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:50:56:8e:00:22 brd ff:ff:ff:ff:ff:ff 4: eth2: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:50:56:8e:00:23 brd ff:ff:ff:ff:ff:ff 5: eth3: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:50:56:8e:00:24 brd ff:ff:ff:ff:ff:ff 6: eth4: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:50:56:8e:00:25 brd ff:ff:ff:ff:ff:ff 7: eth5: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:50:56:8e:00:26 brd ff:ff:ff:ff:ff:ff 8: eth6: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:50:56:8e:00:27 brd ff:ff:ff:ff:ff:ff 9: eth7: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:50:56:8e:00:28 brd ff:ff:ff:ff:ff:ff 10: eth8: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:50:56:8e:00:2e brd ff:ff:ff:ff:ff:ff 11: eth9: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:50:56:8e:00:2f brd ff:ff:ff:ff:ff:ff 12: br0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN link/ether 00:50:56:8e:00:03 brd ff:ff:ff:ff:ff:ff inet 129.69.1.39/24 brd 129.69.1.255 scope global br0 inet6 fe80::250:56ff:fe8e:3/64 scope link valid_lft forever preferred_lft forever -- Ullrich Horlacher Server- und Arbeitsplatzsysteme Rechenzentrum E-Mail: horlac...@rus.uni-stuttgart.de Universitaet Stuttgart Tel:++49-711-685-65868 Allmandring 30 Fax:++49-711-682357 70550 Stuttgart (Germany) WWW:http://www.rus.uni-stuttgart.de/ -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] native (non-NAT) routing?
On Mon 2011-04-04 (19:35), Ulli Horlacher wrote: My first Ubuntu 10.04 container is up and running on a Ubuntu 10.04 host, but the container can only connect to the host (and vice versa), but not to the world outside. I saw a lot of configurations for NAT, but I want native routing for my containers. My setup is: host zoo 129.69.1.39 container LXC 129.69.1.219 router129.69.1.254 In LXC.conf is: lxc.utsname = LXC lxc.network.type = veth lxc.network.link = br0 lxc.network.flags = up lxc.network.name = eth0 lxc.network.mtu = 1500 lxc.network.ipv4 = 129.69.1.219/24 Same configuration on another host (vms2, with another ip) works as expected! zoo runs on virtual hardware (VMware ESXi), where vms2 runs on real hardware. I assume now, lxc bridge networking is not compatible with ESXi! -- Ullrich Horlacher Server- und Arbeitsplatzsysteme Rechenzentrum E-Mail: horlac...@rus.uni-stuttgart.de Universitaet Stuttgart Tel:++49-711-685-65868 Allmandring 30 Fax:++49-711-682357 70550 Stuttgart (Germany) WWW:http://www.rus.uni-stuttgart.de/ -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] native (non-NAT) routing?
On Wed 2011-04-06 (12:31), Daniel Lezcano wrote: root@zoo:/lxc# brctl show bridge name bridge id STP enabled interfaces br0 8000.0050568e0003 no eth0 is your container up when you show the bridge information ? Yes: root@zoo:/lxc# brctl show bridge name bridge id STP enabled interfaces br0 8000.0050568e0003 no eth0 root@zoo:/lxc# lxc -l container size (MB) start-PID fex 377 0 test 376 0 ubuntu 6003311 is it possible you give the ip addr result on the host ? What do you mean? Which result? -- Ullrich Horlacher Server- und Arbeitsplatzsysteme Rechenzentrum E-Mail: horlac...@rus.uni-stuttgart.de Universitaet Stuttgart Tel:++49-711-685-65868 Allmandring 30 Fax:++49-711-682357 70550 Stuttgart (Germany) WWW:http://www.rus.uni-stuttgart.de/ -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] native (non-NAT) routing?
On 4/9/2011 3:00 AM, Ulli Horlacher wrote: On Wed 2011-04-06 (12:31), Daniel Lezcano wrote: root@zoo:/lxc# brctl show bridge name bridge id STP enabled interfaces br0 8000.0050568e0003 no eth0 is your container up when you show the bridge information ? Yes: root@zoo:/lxc# brctl show bridge name bridge id STP enabled interfaces br0 8000.0050568e0003 no eth0 root@zoo:/lxc# lxc -l container size (MB) start-PID fex 377 0 test 376 0 ubuntu 6003311 is it possible you give the ip addr result on the host ? What do you mean? Which result? He's asking you to run ip addr on the host and post the result here. -- bkw -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] native (non-NAT) routing?
On 04/05/2011 02:56 PM, Ulli Horlacher wrote: On Tue 2011-04-05 (14:53), Daniel Lezcano wrote: Can you give the bridge setup ? (brctl show) root@zoo:/lxc# brctl show bridge name bridge id STP enabled interfaces br0 8000.0050568e0003 no eth0 Hi Ulli, is your container up when you show the bridge information ? is it possible you give the ip addr result on the host ? Thanks -- Daniel ps : In the past, I did exactly the same configuration than you and it worked, so I know what you are trying to achieve should work. -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] native (non-NAT) routing?
On Mon 2011-04-04 (19:35), Ulli Horlacher wrote: My first Ubuntu 10.04 container is up and running on a Ubuntu 10.04 host, but the container can only connect to the host (and vice versa), but not to the world outside. I found a workaround: I have added an extra ethernet card dedicated to the container. -- Ullrich Horlacher Server- und Arbeitsplatzsysteme Rechenzentrum E-Mail: horlac...@rus.uni-stuttgart.de Universitaet Stuttgart Tel:++49-711-685-65868 Allmandring 30 Fax:++49-711-682357 70550 Stuttgart (Germany) WWW:http://www.rus.uni-stuttgart.de/ -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] native (non-NAT) routing?
On Mon, 4 Apr 2011, Ulli Horlacher wrote: My first Ubuntu 10.04 container is up and running on a Ubuntu 10.04 host, but the container can only connect to the host (and vice versa), but not to the world outside. I saw a lot of configurations for NAT, but I want native routing for my containers. I know nothing about Ubuntu, but I got a similar setup working with bridging. The host's IP is assigned to bridge br0 which has host's physical network interface eth0 and guest's VETH interface gw1-eth0 as ports: host# ip addr show br0 4: br0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN link/ether 00:19:99:5f:f2:87 brd ff:ff:ff:ff:ff:ff inet 130.xxx.xxx.xxx/24 brd 130.xxx.xxx.255 scope global br0 valid_lft forever preferred_lft forever host# brctl show bridge name bridge id STP enabled interfaces br0 8000.0019995ff287 no eth0 gw1-eth0 No manual mutilation of routing tables is needed, only IP forwarding allowed (net.ipv4.ip_forward = 1). BR, Antti Tanhuanpää -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] native (non-NAT) routing?
On 04/04/2011 07:35 PM, Ulli Horlacher wrote: My first Ubuntu 10.04 container is up and running on a Ubuntu 10.04 host, but the container can only connect to the host (and vice versa), but not to the world outside. I saw a lot of configurations for NAT, but I want native routing for my containers. My setup is: host zoo 129.69.1.39 container LXC 129.69.1.219 router129.69.1.254 In LXC.conf is: lxc.utsname = LXC lxc.network.type = veth lxc.network.link = br0 lxc.network.flags = up lxc.network.name = eth0 lxc.network.mtu = 1500 lxc.network.ipv4 = 129.69.1.219/24 root@LXC:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 129.69.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 0.0.0.0 129.69.1.2540.0.0.0 UG0 00 eth0 root@LXC:~# ping -c 1 129.69.1.39 PING 129.69.1.39 (129.69.1.39) 56(84) bytes of data. 64 bytes from 129.69.1.39: icmp_seq=1 ttl=64 time=11.5 ms --- 129.69.1.39 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 11.547/11.547/11.547/0.000 ms root@LXC:~# ping -c 1 129.69.1.254 PING 129.69.1.254 (129.69.1.254) 56(84) bytes of data. From 129.69.1.219 icmp_seq=1 Destination Host Unreachable --- 129.69.1.254 ping statistics --- 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms root@zoo:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 129.69.1.0 0.0.0.0 255.255.255.0 U 0 00 br0 0.0.0.0 129.69.1.2540.0.0.0 UG10000 br0 root@zoo:~# ping -c 1 129.69.1.219 PING 129.69.1.219 (129.69.1.219) 56(84) bytes of data. 64 bytes from 129.69.1.219: icmp_seq=1 ttl=64 time=0.058 ms --- 129.69.1.219 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.058/0.058/0.058/0.000 ms root@zoo:~# ping -c 1 129.69.1.254 PING 129.69.1.254 (129.69.1.254) 56(84) bytes of data. 64 bytes from 129.69.1.254: icmp_seq=1 ttl=255 time=0.509 ms --- 129.69.1.254 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.509/0.509/0.509/0.000 ms root@zoo:~# iptables -n -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination root@zoo:~# sysctl -a | grep forward net.ipv4.conf.all.forwarding = 1 net.ipv4.conf.all.mc_forwarding = 0 net.ipv4.conf.default.forwarding = 1 net.ipv4.conf.default.mc_forwarding = 0 net.ipv4.conf.lo.forwarding = 1 net.ipv4.conf.lo.mc_forwarding = 0 net.ipv4.conf.eth0.forwarding = 1 net.ipv4.conf.eth0.mc_forwarding = 0 net.ipv4.conf.br0.forwarding = 1 net.ipv4.conf.br0.mc_forwarding = 0 net.ipv4.conf.virbr0.forwarding = 1 net.ipv4.conf.virbr0.mc_forwarding = 0 net.ipv4.conf.vethMx2A0v.forwarding = 1 net.ipv4.conf.vethMx2A0v.mc_forwarding = 0 net.ipv4.ip_forward = 1 Any debugging hints? Can you give the bridge setup ? (brctl show) -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] native (non-NAT) routing?
Quoting Ulli Horlacher (frams...@rus.uni-stuttgart.de): On Mon 2011-04-04 (19:35), Ulli Horlacher wrote: My first Ubuntu 10.04 container is up and running on a Ubuntu 10.04 host, but the container can only connect to the host (and vice versa), but not to the world outside. I found a workaround: I have added an extra ethernet card dedicated to the container. If you're happy with what you've got, great. If you'd like to figure out what went wrong originally, I suspect the answer might lie in the results of 'brctl show'. -serge -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] native (non-NAT) routing?
On Tue 2011-04-05 (14:53), Daniel Lezcano wrote: Can you give the bridge setup ? (brctl show) root@zoo:/lxc# brctl show bridge name bridge id STP enabled interfaces br0 8000.0050568e0003 no eth0 -- Ullrich Horlacher Server- und Arbeitsplatzsysteme Rechenzentrum E-Mail: horlac...@rus.uni-stuttgart.de Universitaet Stuttgart Tel:++49-711-685-65868 Allmandring 30 Fax:++49-711-682357 70550 Stuttgart (Germany) WWW:http://www.rus.uni-stuttgart.de/ -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] native (non-NAT) routing?
Hi Ulli, I have managed to set up routed networking with lxc, it isn't very different from xen or qemu. I've created a webpage explaining how I did it: http://j.9souldier.org/trunk/lxc/ Comments are welcome. John ps. I think your setup is wrong in that you need to route through the host and not your router, the host will take care of routing through the routes that are relevant (i.e. communication between guests don't need to go through the router). -- Current excuse: network down, IP packets delivered via UPS On Mon, 4 Apr 2011 19:35:09 +0200 Ulli Horlacher frams...@rus.uni-stuttgart.de wrote: My first Ubuntu 10.04 container is up and running on a Ubuntu 10.04 host, but the container can only connect to the host (and vice versa), but not to the world outside. I saw a lot of configurations for NAT, but I want native routing for my containers. My setup is: host zoo 129.69.1.39 container LXC 129.69.1.219 router129.69.1.254 In LXC.conf is: lxc.utsname = LXC lxc.network.type = veth lxc.network.link = br0 lxc.network.flags = up lxc.network.name = eth0 lxc.network.mtu = 1500 lxc.network.ipv4 = 129.69.1.219/24 root@LXC:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 129.69.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 0.0.0.0 129.69.1.254 0.0.0.0 UG0 00 eth0 root@LXC:~# ping -c 1 129.69.1.39 PING 129.69.1.39 (129.69.1.39) 56(84) bytes of data. 64 bytes from 129.69.1.39: icmp_seq=1 ttl=64 time=11.5 ms --- 129.69.1.39 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 11.547/11.547/11.547/0.000 ms root@LXC:~# ping -c 1 129.69.1.254 PING 129.69.1.254 (129.69.1.254) 56(84) bytes of data. From 129.69.1.219 icmp_seq=1 Destination Host Unreachable --- 129.69.1.254 ping statistics --- 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms root@zoo:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 129.69.1.0 0.0.0.0 255.255.255.0 U 0 00 br0 0.0.0.0 129.69.1.2540.0.0.0 UG10000 br0 root@zoo:~# ping -c 1 129.69.1.219 PING 129.69.1.219 (129.69.1.219) 56(84) bytes of data. 64 bytes from 129.69.1.219: icmp_seq=1 ttl=64 time=0.058 ms --- 129.69.1.219 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.058/0.058/0.058/0.000 ms root@zoo:~# ping -c 1 129.69.1.254 PING 129.69.1.254 (129.69.1.254) 56(84) bytes of data. 64 bytes from 129.69.1.254: icmp_seq=1 ttl=255 time=0.509 ms --- 129.69.1.254 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.509/0.509/0.509/0.000 ms root@zoo:~# iptables -n -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination root@zoo:~# sysctl -a | grep forward net.ipv4.conf.all.forwarding = 1 net.ipv4.conf.all.mc_forwarding = 0 net.ipv4.conf.default.forwarding = 1 net.ipv4.conf.default.mc_forwarding = 0 net.ipv4.conf.lo.forwarding = 1 net.ipv4.conf.lo.mc_forwarding = 0 net.ipv4.conf.eth0.forwarding = 1 net.ipv4.conf.eth0.mc_forwarding = 0 net.ipv4.conf.br0.forwarding = 1 net.ipv4.conf.br0.mc_forwarding = 0 net.ipv4.conf.virbr0.forwarding = 1 net.ipv4.conf.virbr0.mc_forwarding = 0 net.ipv4.conf.vethMx2A0v.forwarding = 1 net.ipv4.conf.vethMx2A0v.mc_forwarding = 0 net.ipv4.ip_forward = 1 Any debugging hints? -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
