How to connect to MACVLAN LXCs from host?


#1

I have a bunch of containers getting IPs via DHCP over MACVLAN and everything works great, but I can’t access them from the host. @Simos’ excellent and extraordinarily useful blog says this is possible, but the page he links is from 2012 and doesn’t work with netplan and the new “ip” command.

Does anyone have a clear-cut easy to follow tutorial to do this in Ubuntu 18.04? My google-fu has failed me there, even though it seems like this would be a pretty common question! I tried adding a second IP to my host interface via ip addr add and then setting static routes over it but this did not work.

Network config:

config: {}
description: ""
name: eno1
type: physical
used_by:
- /1.0/containers/plex
managed: false
status: ""
locations: []

Container config:

architecture: x86_64
config:
  boot.autostart: "true"
  image.architecture: amd64
  image.description: ubuntu 18.04 LTS amd64 (release) (20180724)
  image.label: release
  image.os: ubuntu
  image.release: bionic
  image.serial: "20180724"
  image.version: "18.04"
  raw.lxc: lxc.cgroup.devices.allow=a
  security.privileged: "true"
  volatile.base_image: 38219778c2cf02521f34f950580ce3af0e4b61fbaf2b4411a7a6c4f0736071f9
  volatile.eth0.hwaddr: 00:16:3e:42:e5:dd
  volatile.idmap.base: "0"
  volatile.idmap.next: '[]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
devices:
  nas:
    path: /nas
    source: /media/Nastassia
    type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""

And profile:

config:
  environment.TZ: America/New_York
description: Default LXD profile
devices:
  eth0:
    name: eth0
    nictype: macvlan
    parent: eno1
    type: nic
  root:
    path: /
    pool: zfspool
    type: disk
name: default
used_by:
- /1.0/containers/plex

(Stéphane Graber) #2

No very easy way with macvlan. Basically the issue is that the design of macvlan doesn’t allow for traffic between the parent device (eno1) and any of the macvlan slave devices (the containers).

The usual workaround for this is to effectively unconfigure any IP you have on eno1 itself, then create yet another macvlan device (through ip link or your distro’s network management solution) and set your IP addresses and routes on that device instead.

With that, your host and containers will effectively all be at the same level and will be able to communicate with each other and with the outside.


#3

Yeah, was hoping for a walkthrough on how to do that.