I was speaking of our network devices routing traffic between DCs.
I don’t really understand how yet, but this is definitively related to the container configuration.
If I add “lxc.net.0.macvlan.mode = bridge” I get the opposite behavior:
OK, so you have a router connected to each vlan and routing traffic between them.
I believe that lxc.net.0.macvlan.mode = bridge is the default if not specified. This isn’t the same as a bridge NIC though (which connects to a native linux bridge).
See https://linuxcontainers.org/lxc/manpages//man5/lxc.container.conf.5.html for the different macvlan modes.
What mode did you have it on before? I think you need to perform some tcpdumps at various points of the network and break down the traffic flows on each hope, and check things like source/destination MAC addresses. It may be your switches/routers are performing MAC filtering perhaps.
No, reading the doc, it looks like the default mode is private.
There is no filtering on our devices but I will make more tests to understand what happens.
Indeed, I’d inadvertently skipped ahead to the ipvlan section (which does default to bridge) in my haste.
As an aside, LXD doesn’t provided a MACVLAN mode and defaults to bridge as well.
But in your case private is certainly not what you want. This would only be useful if you wanted containers to communicate with each other.