[Users] Bridged Container

Axton axton.grams at gmail.com
Fri Feb 28 10:37:24 PST 2014 

I approached this a little differently.  I use the following to add a veth
interface to a CT:

vzctl set CTID --netif_add eth40,,vethCTID.40,,vmbr40 --save

Where:
  a) eth40 is the name of the interface created in the CT
  b) vethCTID.40 is the veth interface create on the HE (CTID is replaced
with the ID of the CT when the command is run)
  c) vmbr40 is the existing interface on the HE with which to bridge

I have this patch applied to /usr/sbin/vznetaddbr; it causes vz actions
(start/stop/etc) to retain the MAC of of the bridge interface (c)
regardless of the MAC assigned to any given CT:

root at cluster-01:/usr/sbin# diff -ub vznetaddbr.orig vznetaddbr
--- vznetaddbr.orig     2014-02-28 12:26:02.880160551 -0600
+++ vznetaddbr  2014-02-25 10:41:47.691044968 -0600
@@ -29,6 +29,9 @@
     [ -n "$bridge" ] ||
        bridge=vmbr0

+    # Get the current mac address for the interface
+    brmac=`cat /sys/class/net/$bridge/address`
+
     echo "Adding interface $host_ifname to bridge $bridge on CT0 for
CT$VEID"
     ip link set dev "$host_ifname" up
     ip addr add 0.0.0.0/0 dev "$host_ifname"
@@ -36,6 +39,9 @@
     echo 1 >"/proc/sys/net/ipv4/conf/$host_ifname/forwarding"
     brctl addif "$bridge" "$host_ifname"

+    # Retain the bridge's existing MAC address when the veth interfaces
are added to the bridge
+    ip link set dev $bridge address $brmac
+
     break
 done


My interfaces end up looking like this:

-- physical interface (connected to a trunk port on the switch)
root at cluster-01:/usr/sbin# ifconfig -a eth1
eth1      Link encap:Ethernet  HWaddr 00:25:90:61:b7:a3
          inet6 addr: fe80::225:90ff:fe61:b7a3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2557986 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3034979 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2005381887 (1.8 GiB)  TX bytes:2248600912 (2.0 GiB)
          Interrupt:17 Memory:feae0000-feb00000

-- vlan interface (vlan 40)
root at cluster-01:/usr/sbin# ifconfig -a eth1.40
eth1.40   Link encap:Ethernet  HWaddr 00:25:90:61:b7:a3
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:112382 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44170 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:11706639 (11.1 MiB)  TX bytes:218350867 (208.2 MiB)

(bridge to the vlan interface)
root at cluster-01:/usr/sbin# ifconfig veth2000.40
veth2000.40 Link encap:Ethernet  HWaddr 00:18:51:17:55:76
          inet6 addr: fe80::218:51ff:fe17:5576/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:754 errors:0 dropped:0 overruns:0 frame:0
          TX packets:58455 errors:0 dropped:17 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:143467 (140.1 KiB)  TX bytes:5739453 (5.4 MiB)

(bridged to the bridge if)
veth1000.40 Link encap:Ethernet  HWaddr 00:18:51:c2:a6:97
          inet6 addr: fe80::218:51ff:fec2:a697/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15045 errors:0 dropped:0 overruns:0 frame:0
          TX packets:71670 errors:0 dropped:12 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1236221 (1.1 MiB)  TX bytes:8757252 (8.3 MiB)

...etc


My CTs are configured like this (other interfaces removed), so you can see
where the macs come from:
root at cluster-01:/usr/sbin# grep veth /etc/vz/conf/*.conf
/etc/vz/conf/1000.conf:NETIF="ifname=eth4,bridge=vmbr40,mac=00:18:51:08:CB:0B,host_ifname=veth1000.40,host_mac=00:18:51:C2:A6:97"
/etc/vz/conf/2000.conf:NETIF="ifname=eth4,bridge=vmbr40,mac=00:18:51:49:E4:D7,host_ifname=veth2000.40,host_mac=00:18:51:17:55:76"
/etc/vz/conf/3000.conf:NETIF="ifname=eth4,bridge=vmbr40,mac=00:18:51:5B:7A:6C,host_ifname=veth3000.40,host_mac=00:18:51:28:C0:2D"


And my bridges end up looking like this:
root at cluster-01:/usr/sbin# brctl showmacs vmbr40
port no mac addr                is local?       ageing timer
  2     00:18:51:08:cb:0b       no                37.05
  3     00:18:51:17:55:76       yes                0.00
  3     00:18:51:49:e4:d7       no               298.06
  2     00:18:51:c2:a6:97       yes                0.00
  1     00:25:90:09:9b:81       no                 2.54
  1     00:25:90:61:74:53       no                87.79
  1     00:25:90:61:b7:a3       yes                0.00
  1     ac:22:0b:51:32:de       no                 0.00


With this configuration I never have issues with network traffic
disruptions at the CT or HE.

Axton Grams


On Fri, Feb 28, 2014 at 11:11 AM, Matt <matt.mailinglists at gmail.com> wrote:

> I installed OpenVZ following this guide.
>
> http://openvz.org/Quick_Installation_CentOS_6
>
> I know its not an official guide but I need bridged containers.
> Installing Directadmin on them and they need control over there
> interfaces to add and remove IP addresses.
>
> >>Create a CT
>
> >># vzctl create 102 --ostemplate centos-6-x86_64 --config vswap-1g
>
> >>Configure the CT
>
> >> ...
> >># vzctl set 102 --save --netif_add eth0,,,FE:FF:FF:FF:FF:FF
> >> ...
>
> >>FE:FF:FF:FF:FF:FF will ensure a permanent MAC address on the bridge
> interface.
>
> This is the part I do not understand.  Why are we assigning it
> FE:FF:FF:FF:FF:FF?  Does everything else look ok?  I know I had to
> assign the Ethernet mac address too the bridge to avoid issues when
> restarting containers but otherwise this howto has worked well for me
> so far.
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://lists.openvz.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/users/attachments/20140228/d26f471c/attachment-0001.html>

More information about the Users mailing list