0

I have VPS server hosted using Xen from hosting provider. I am assigned few IP addresses (*.*.56.234, *.*.56.235, *.*.56.236, ...), however there is one physical network device eth0.

The host is using first one from the pool (*.*.56.234). I want my container to use *.*.56.235 and to be fully autonomous. That is to say, the .235 address should be only available to the container and .234 to the host so that I can start up two different services on both host and container where both of them are listening on the same port.

I guess I messed up the configuration entries as I was able to make network running on the container but:

  • There is short freeze when trying to access the internet (curl, wget) -- like it was looking for proper route but after curling ip-checking website it shows proper .235 IP
  • When I'm setting up listener within container on port that is not used in the host machine it sometimes works and sometimes doesn't (meaning sometimes I can or cannot connect to it)
  • If I host service inside container using the same port as one of the services on the host, I will always connect to the host's one even if I connect to .235 address

Here's my configuration (note that X, Y denote public range, none of these is LAN range)

Host's /etc/network/interfaces

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
        address X.Y.56.234
        netmask 255.255.255.248
        network X.Y.56.232
        broadcast X.Y.56.239
        gateway X.Y.56.233
        dns-nameservers 8.8.8.8

auto br0
iface br0 inet static
        bridge_ports eth0
        bridge_fd 0
        ###################
        address X.Y.56.235
        network X.Y.56.232
        broadcast X.Y.56.239
        gateway X.Y.56.233
        dns-nameservers 8.8.8.8

Container's /etc/network/interfaces

auto lxcnet0
iface lxcnet0 inet static
        address X.Y.56.235
        network X.Y.56.232
        broadcast X.Y.56.239
        gateway X.Y.56.233
        dns-nameservers 8.8.8.8

container's config entries

## Network
lxc.network.type = veth
lxc.network.flags = up
lxc.network.name = lxcnet0
lxc.network.hwaddr = 00:FF:AA:11:22:33
lxc.network.link = br0
lxc.network.ipv4 = X.Y.56.235/32
Mike
  • 162
  • 1
  • 1
  • 6

1 Answers1

2

You did partially wrong. Hosts's IP should be on the bridge interface (for some reason Linux network stack doesn't work properly when IP is configured on one of the legs), and container IP should be on the container's interface, but from a container side, not from host one (and that's probably why you are having spikes). Furthermore, you can omit container IP in it's config, it's enough to have IP configuration from container OS only (and it's ore handy to have container address in one place only).

drookie
  • 8,051
  • 1
  • 17
  • 27
  • Almost there! So I changed `address X.Y.56.235` to `address X.Y.56.234` in `br0`, removed `ipv4` entry from container's config and indeed it looks like it did the job but one problem remains. I can't access container from host and vice versa using .234/.235 public IP addresses. – Mike Feb 18 '16 at 13:14
  • Is the host *mac* visible from container and is the container mac visible from host ? – drookie Feb 18 '16 at 13:22
  • I don't know how to verify that. Host's eth0 and br0 ifaces have the same mac address where the container's one has the same I specified in the lxc's config (completely random as you can see). How can I "let know" both host and container about their macs? – Mike Feb 18 '16 at 13:25
  • Having same *mac* on eth0 and br0 is completely normal. You can check the mac visibility with `arp -an` on the container and on the host. Just to make sure - you do not have the `ebtables` filters, right ? – drookie Feb 18 '16 at 14:03
  • do `ebtables -L` show *ACCEPT* for all the three chains and no rules ? – drookie Feb 18 '16 at 14:04
  • Yes, it shows ACCEPT on all three and no chain rules. Running arp -an on both host and container shows the same output, namely `? (X.Z.186.42) at 00:1b:2b:99:e8:00 [ether] on br0 ? (X.Y.56.233) at 00:1b:2b:99:e8:00 [ether] on br0 ? (X.Z.187.74) at 00:1b:2b:99:e8:00 [ether] on br0` I don't know what's this X.Z one but X.Y is the gateway. – Mike Feb 18 '16 at 14:08