主页 / user-398918

JumpAlways's questions

Martin Hope
JumpAlways
Asked: 2017-02-13 16:50:16 +0800 CST
  • 1

我正在尝试 LXC 容器之间的不同网络配置来学习一些东西并从中获得乐趣。

我刚刚发现两个容器只能与一对 veth 通信,所以我想从专家那里知道为什么所有教程都显示了在主机中包含连接到 veth 端的网桥的过程。

我虽然一个简单的 veth 对可以轻松替换主机无法与容器通信的 MACvlan 桥接模式。
是否存在一些安全隐患?

采用这种配置(只有两个命名空间)的 Linux Bridges 和 Open vSwitches 的真正优势是什么?

virtualization linux networking bridge openvswitch
Martin Hope
JumpAlways
Asked: 2017-02-06 17:49:57 +0800 CST
  • 2

我刚刚开始使用 LXC 容器,我发现即使我在 lxc 容器配置文件上设置了一个特定的 IP 地址,lxc-ls --fancy也总是显示另一个 IP,它是可 ping 的,并且/etc/network/interfaces设置不会覆盖lxc-net设置。

我正在使用lxc2.0.7。


容器配置:

lxc.network.type = veth
lxc.network.hwaddr = 00:1a:b2:ff:62:32
lxc.network.link = lxcbr0
lxc.network.ipv4 = 10.0.3.2/24
lxc.network.ipv4.gateway = 10.0.3.1
lxc.network.flags = up

lxc.rootfs = /var/lib/lxc/debcontainer/rootfs
lxc.rootfs.backend = dir

# Common configuration
lxc.include = /usr/share/lxc/config/debian.common.conf

# Container specific configuration
lxc.tty = 4
lxc.utsname = debcontainer
lxc.arch = amd64


接口配置:

auto eth0

iface eth0 inet static
 address 10.0.3.3
 netmask 255.255.255.0
 gateway 10.0.3.1


主机接口:

eth0      Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
          ...

lo        Link encap:Local Loopback
          ...

lxcbr0    Link encap:Ethernet  HWaddr 00:16:3e:00:00:00  
          inet addr:10.0.3.1  Bcast:0.0.0.0  Mask:255.255.255.0
          inet6 addr: fe80::216:3eff:fe00:0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:137 errors:0 dropped:0 overruns:0 frame:0
          TX packets:131 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:16641 (16.2 KiB)  TX bytes:14826 (14.4 KiB)

vethE2RLT9 Link encap:Ethernet  HWaddr fe:66:28:6b:1a:f1  
          inet6 addr: fe80::fc66:28ff:fe6b:1af1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:137 errors:0 dropped:0 overruns:0 frame:0
          TX packets:161 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:18559 (18.1 KiB)  TX bytes:19428 (18.9 KiB)


容器配置:

eth0      Link encap:Ethernet  HWaddr 00:1a:b2:ff:62:32  
          inet addr:10.0.3.2  Bcast:255.255.255.255  Mask:255.255.255.255
          inet6 addr: fe80::216:abff:fec4:63ff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:170 errors:0 dropped:0 overruns:0 frame:0
          TX packets:147 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:20061 (19.5 KiB)  TX bytes:20259 (19.7 KiB)

lo        Link encap:Local Loopback
          ...


lxc-fs输出:

user@debian-8-test:~$ sudo lxc-ls --fancy
NAME         STATE   AUTOSTART GROUPS IPV4                 IPV6 
debcontainer RUNNING 0         -      10.0.3.2, 10.0.3.211 -
linux networking bridge containers lxc