Networking is broken
15 views
Skip to first unread message
Saint Michael
Sep 8, 2022, 1:31:39 PM9/8/22
to LXC users mailing-list, lxc-...@lists.linuxcontainers.org
The LXC network is broken, and this may be a problem with the Kernel more than with LXC.
5.15.53-1-pve
I have some containers that cannot be pinged from either the host or another host on the same LAN (same subnet), but can talk to the outer world fine.
They can also talk to a host on the same physical network that has an IP address from a different Class C network.
when I ping them, I can see with tcpdump the pings coming and going:
17:19:19.478299 IP XX.95.11.6 > XX.95.11.202: ICMP echo request, id 13089, seq 1216, length 64
17:19:19.478330 IP XX.95.11.202 > 3XX.95.11.6: ICMP echo reply, id 13089, seq 1216, length 64
17:19:20.502263 IP XX.95.11.6 > XX.95.11.202: ICMP echo request, id 13089, seq 1217, length 64
17:19:20.502288 IP XX.95.11.202 > XX.95.11.6: ICMP echo reply, id 13089, seq 1217, length 64
17:19:21.526234 IP XX.95.11.6 > 3XX.95.11.202: ICMP echo request, id 13089, seq 1218, length 64
17:19:21.526264 IP XX.95.11.202 > XX.95.11.6: ICMP echo reply, id 13089, seq 1218, length 64
In this case the container being pinged is XX.95.11.202, and the pinger is XX.95.11.6
if I use tcdump on the pinger, I see the packets leaving but no response arrives.
The network on both containers is similar, but the pinger can also be a physical host on the same LAN.
I tried with every combination of networking possible
lxc.net.0.type=macvlan
lxc.net.0.macvlan.mode = bridge
lxc.net.0.hwaddr = ca:26:e9:28:30:23
lxc.net.0.flags = up
lxc.net.0.link = eno49
lxc.net.0.name = eth0
lxc.net.0.l2proxy=1 (also tried 0)
or
lxc.net.0.type = ipvlan
lxc.net.0.ipvlan.mode =l2
lxc.net.0.flags = up
lxc.net.0.link = eno50
lxc.net.0.name = eth0
even creating a bridge and using veth
how do I fix this? My entire business is based on intercommunicating containers.
netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eno49 1500 14302849506 84611 1475 84611 13811614424 0 0 0 BMRU
eno50 1500 487169602 0 1151 0 942329 0 0 0 BMRU
eth1 1500 1155437 0 0 0 16 0 0 0 BMRU
eth2 1500 1154864 0 0 0 15 0 0 0 BMRU
lo 65536 908263 0 0 0 908263 0 0 0 LRU
Philip
5.15.53-1-pve
I have some containers that cannot be pinged from either the host or another host on the same LAN (same subnet), but can talk to the outer world fine.
They can also talk to a host on the same physical network that has an IP address from a different Class C network.
when I ping them, I can see with tcpdump the pings coming and going:
17:19:19.478299 IP XX.95.11.6 > XX.95.11.202: ICMP echo request, id 13089, seq 1216, length 64
17:19:19.478330 IP XX.95.11.202 > 3XX.95.11.6: ICMP echo reply, id 13089, seq 1216, length 64
17:19:20.502263 IP XX.95.11.6 > XX.95.11.202: ICMP echo request, id 13089, seq 1217, length 64
17:19:20.502288 IP XX.95.11.202 > XX.95.11.6: ICMP echo reply, id 13089, seq 1217, length 64
17:19:21.526234 IP XX.95.11.6 > 3XX.95.11.202: ICMP echo request, id 13089, seq 1218, length 64
17:19:21.526264 IP XX.95.11.202 > XX.95.11.6: ICMP echo reply, id 13089, seq 1218, length 64
In this case the container being pinged is XX.95.11.202, and the pinger is XX.95.11.6
if I use tcdump on the pinger, I see the packets leaving but no response arrives.
The network on both containers is similar, but the pinger can also be a physical host on the same LAN.
I tried with every combination of networking possible
lxc.net.0.type=macvlan
lxc.net.0.macvlan.mode = bridge
lxc.net.0.hwaddr = ca:26:e9:28:30:23
lxc.net.0.flags = up
lxc.net.0.link = eno49
lxc.net.0.name = eth0
lxc.net.0.l2proxy=1 (also tried 0)
or
lxc.net.0.type = ipvlan
lxc.net.0.ipvlan.mode =l2
lxc.net.0.flags = up
lxc.net.0.link = eno50
lxc.net.0.name = eth0
even creating a bridge and using veth
how do I fix this? My entire business is based on intercommunicating containers.
netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eno49 1500 14302849506 84611 1475 84611 13811614424 0 0 0 BMRU
eno50 1500 487169602 0 1151 0 942329 0 0 0 BMRU
eth1 1500 1155437 0 0 0 16 0 0 0 BMRU
eth2 1500 1154864 0 0 0 15 0 0 0 BMRU
lo 65536 908263 0 0 0 908263 0 0 0 LRU
Philip
Reply all
Reply to author
Forward
0 new messages