Lost connection between ipvlan mode containers

Hello,

I have 2 containers, “webserver” and “app” installed by default, with apache/php installed on “app”.
I can receive data to “webserver” from “app”, like this

root@webserver:~# curl app/test.php
Hi!
root@webserver:~#

Now I need to have a third container, IP from the LAN.
I created it according to

Everything works great except of connection between containers

root@ipvlan:~# curl app/test.php
curl: (6) Could not resolve host: app
root@ipvlan:~#

Even after I created another “app” with ipvlan result is the same

Any help appreciated

Please show lxc config show <instance> --expanded for each instance as well as ip r and ip a on the LXD host and within the instances.

Hi Thomas, thank You for Your reply

root@bphost:~# lxc config show webserver -e
architecture: x86_64
config:
  boot.autostart: "true"
  image.architecture: amd64
  image.description: ubuntu 20.04 LTS amd64 (release) (20220131.1)
  image.label: release
  image.os: ubuntu
  image.release: focal
  image.serial: "20220131.1"
  image.type: squashfs
  image.version: "20.04"
  volatile.base_image: 57263910d51e637a64d2d94f6a94832acbd886b2eda532ab0b522b4f9b85bd86
  volatile.eth0.host_name: veth31dc0c98
  volatile.eth0.hwaddr: 00:16:3e:de:b4:fa
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.power: RUNNING
  volatile.uuid: f6d0301b-3167-48cc-b9eb-5f3a8a8dbfef
devices:
  eth0:
    ipv4.address: 10.155.37.2
    name: eth0
    network: lxdbr0
    type: nic
  root:
    path: /
    pool: default
    type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""

root@bphost:~# lxc config show app -e
architecture: x86_64
config:
  image.architecture: amd64
  image.description: ubuntu 20.04 LTS amd64 (release) (20220505)
  image.label: release
  image.os: ubuntu
  image.release: focal
  image.serial: "20220505"
  image.type: squashfs
  image.version: "20.04"
  volatile.base_image: e3e1bd82cdc7fa1256cf2409dd8543630eefa1fca631ff0c78c0970babddc69f
  volatile.eth0.host_name: veth01458e2c
  volatile.eth0.hwaddr: 00:16:3e:ea:d8:9a
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.power: RUNNING
  volatile.uuid: b5c705ca-5995-425d-8e8b-daaa2ab107a5
devices:
  eth0:
    ipv4.address: 10.155.37.231
    name: eth0
    network: lxdbr0
    type: nic
  root:
    path: /
    pool: default
    type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""

root@bphost:~# lxc config show ipvlan -e
architecture: x86_64
config:
  image.architecture: amd64
  image.description: ubuntu 20.04 LTS amd64 (release) (20220711)
  image.label: release
  image.os: ubuntu
  image.release: focal
  image.serial: "20220711"
  image.type: squashfs
  image.version: "20.04"
  user.network-config: |
    #cloud-config
    version: 2
    ethernets:
      eth0:
        addresses:
          - 192.168.0.10/32
        dhcp4: no
        dhcp6: no
        nameservers:
          addresses: [8.8.8.8, 1.1.1.1]
        routes:
         - to: 0.0.0.0/0
           via: 169.254.0.1
           on-link: true
  volatile.base_image: e9589b6e9c886888b3df98aee0f0e16c5805383418b3563cd8845220f43b40ff
  volatile.eth0.host_name: lxdc7b8a4bf
  volatile.eth0.last_state.created: "false"
  volatile.eth0.name: eth0
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.power: RUNNING
  volatile.uuid: 91fd9d48-d7f2-4390-a01f-bdb1f766f463
devices:
  eth0:
    ipv4.address: 192.168.0.10
    nictype: ipvlan
    parent: eno1
    type: nic
  root:
    path: /
    pool: default
    type: disk
ephemeral: false
profiles:
- default
- ipvlan_192.168.0.10
stateful: false
description: ""

root@bphost:~# ip r
default via 192.168.0.1 dev eno1 proto dhcp src 192.168.0.213 metric 100
10.0.3.0/24 dev lxcbr0 proto kernel scope link src 10.0.3.1 linkdown
10.155.37.0/24 dev lxdbr0 proto kernel scope link src 10.155.37.1
192.168.0.0/24 dev eno1 proto kernel scope link src 192.168.0.213
192.168.0.1 dev eno1 proto dhcp scope link src 192.168.0.213 metric 100
192.168.0.10 dev lo scope link
192.168.0.11 dev lo scope link

root@bphost:~# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eno1:  mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether fc:4d:d4:3d:12:36 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.213/24 brd 192.168.0.255 scope global dynamic eno1
       valid_lft 70096sec preferred_lft 70096sec
    inet6 fe80::fe4d:d4ff:fe3d:1236/64 scope link
       valid_lft forever preferred_lft forever
3: lxcbr0:  mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 00:16:3e:00:00:00 brd ff:ff:ff:ff:ff:ff
    inet 10.0.3.1/24 brd 10.0.3.255 scope global lxcbr0
       valid_lft forever preferred_lft forever
4: lxdbr0:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:1f:2e:51 brd ff:ff:ff:ff:ff:ff
    inet 10.155.37.1/24 scope global lxdbr0
       valid_lft forever preferred_lft forever
    inet6 fd42:a247:bb99:d67d::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::216:3eff:fe1f:2e51/64 scope link
       valid_lft forever preferred_lft forever
6: veth01458e2c@if5:  mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
    link/ether 62:dd:a3:ba:6f:1b brd ff:ff:ff:ff:ff:ff link-netnsid 0
10: veth03b4b5c6@if9:  mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
    link/ether 02:c4:bd:ac:2b:96 brd ff:ff:ff:ff:ff:ff link-netnsid 3
12: vethbb545a58@if11:  mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
    link/ether 0e:ae:95:02:a7:77 brd ff:ff:ff:ff:ff:ff link-netnsid 4
14: veth31dc0c98@if13:  mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
    link/ether 92:86:c9:dc:4e:6b brd ff:ff:ff:ff:ff:ff link-netnsid 5

root@webserver:~# ip r
default via 10.155.37.1 dev eth0 proto dhcp src 10.155.37.2 metric 100
10.155.37.0/24 dev eth0 proto kernel scope link src 10.155.37.2
10.155.37.1 dev eth0 proto dhcp scope link src 10.155.37.2 metric 100

root@webserver:~# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
13: eth0@if14:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:de:b4:fa brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.155.37.2/24 brd 10.155.37.255 scope global dynamic eth0
       valid_lft 3031sec preferred_lft 3031sec
    inet6 fd42:a247:bb99:d67d:216:3eff:fede:b4fa/64 scope global dynamic mngtmpaddr noprefixroute
       valid_lft 3169sec preferred_lft 3169sec
    inet6 fe80::216:3eff:fede:b4fa/64 scope link
       valid_lft forever preferred_lft forever

root@app:~# ip r
default via 10.155.37.1 dev eth0 proto dhcp src 10.155.37.231 metric 100
10.155.37.0/24 dev eth0 proto kernel scope link src 10.155.37.231
10.155.37.1 dev eth0 proto dhcp scope link src 10.155.37.231 metric 100

root@app:~# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
5: eth0@if6:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:ea:d8:9a brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.155.37.231/24 brd 10.155.37.255 scope global dynamic eth0
       valid_lft 2785sec preferred_lft 2785sec
    inet6 fd42:a247:bb99:d67d:216:3eff:feea:d89a/64 scope global dynamic mngtmpaddr noprefixroute
       valid_lft 3542sec preferred_lft 3542sec
    inet6 fe80::216:3eff:feea:d89a/64 scope link
       valid_lft forever preferred_lft forever

root@ipvlan:~# ip r
default via 169.254.0.1 dev eth0 proto static onlink

root@ipvlan:~# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
17: eth0@if2:  mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether fc:4d:d4:3d:12:36 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.10/32 brd 192.168.0.11 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::fc4d:d400:53d:1236/64 scope link
       valid_lft forever preferred_lft forever

Right I see, so you have 2 instances connected to the private managed bridge lxdbr0 and one instance connected to the parent interface eno1 using ipvlan.

I wouldn’t expect the ipvlan instance to be able to communicate with the other 2 instances because you have connected them to different networks and ipvlan doesn’t allow instance<->LXD host communication (meaning that the LXD host cannot act as a router between the two networks).

What was the reason for connecting the third instance to ipvlan eno1 rather than lxdbr0 bridge?

Thanks for the quick response

Alas I’m newbie in these matters.
I thought this was the only way to connect ipvlan to my router.

If I connect it to lxdbr0 can the router still see it?

Maybe it would be easier to start with what are you trying to achieve?

We already have a certain architecture with many containers, and one dedicated container with a database that is common to everyone.
Previously, this interacted with the router through HAProxy.
Now, there are reasons why I need to expose these containers to the Internet directly, without Haproxy.
But for security reasons, I would like to keep the database private and work with it exclusively inside the LAN

Have you consider using lxc network forward or proxy devices for routing inbound requests from the external network to the private instance?

See:

Yes i’m completely newb((

After accurately installing “webserver” and “app” (both ipvlan) instances, everything works like a charm.

Many thanks for your time