Hello all,
I have an OVH VPS running Ubuntu 20.04. I tried to configure my LXD containers to use a public IPV4 failover /32. Unfortunately, I only managed to make it work on LXD containers running Ubuntu 16.04 (using ifupdown for network configuration) but NOT on LXD containers running Ubuntu 20.04 (using netplan).
A bridge device br0 is configured on my VPS with public IP HOST_IP. I have two additional IPs provided by OVH: OVH_FAILOVER_IP1 and OVH_FAILOVER_IP2.
I have configured two LXD profiles, and both containers c1 and c2 use both of them:
-
“default”:
config: {}
description: Default LXD profile
devices:
eth0:
name: eth0
nictype: bridged
parent: lxdbr0
type: nic
root:
path: /
pool: default
type: disk
name: default
used_by:- /1.0/instances/c1
- /1.0/instances/c2
-
“extbridge”:
config: {}
description: Lets containers use public network interface
devices:
eth0:
name: eth0
nictype: bridged
parent: br0
type: nic
name: extbridge
used_by:- /1.0/instances/c1
- /1.0/instances/c2
This is the output of “lxc network list”:
+--------+----------+---------+-------------+---------+
| NAME | TYPE | MANAGED | DESCRIPTION | USED BY |
+--------+----------+---------+-------------+---------+
| br0 | bridge | NO | | 3 |
+--------+----------+---------+-------------+---------+
| ens3 | physical | NO | | 0 |
+--------+----------+---------+-------------+---------+
| lxcbr0 | bridge | NO | | 0 |
+--------+----------+---------+-------------+---------+
| lxdbr0 | bridge | YES | | 1 |
+--------+----------+---------+-------------+---------+
In container c1, I have the following configuration (inspired by this blog: https://thomas-leister.de/en/lxd-use-public-interface/):
-
in /etc/network/interfaces:
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback auto eth0 # iface eth0 inet dhcp iface eth0 inet static address OVH_FAILOVER_IP1/32 gateway GATEWAY_IP dns-nameservers DNS_IP source /etc/network/interfaces.d/*.cfg # NOTE: directory /etc/network/interfaces.d/ is empty -
in /etc/resolv.conf:
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver DNS_IP
In container c2, I have the following configuration:
-
in /etc/netplan/10-lxc.yaml:
network: version: 2 renderer: networkd ethernets: eth0: dhcp4: no dhcp6: no addresses: - OVH_FAILOVER_IP2/32 gateway4: GATEWAY_IP nameservers: addresses: - DNS_IP -
in /etc/resolv.conf:
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "systemd-resolve --status" to see details about the actual nameservers. nameserver DNS_IP nameserver 127.0.0.53
The output of “lxc list” is:
+--------------+---------+------------------------+------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+--------------+---------+------------------------+------+-----------+-----------+
| c1 | RUNNING | OVH_FAILOVER_IP1 (eth0)| | CONTAINER | 0 |
+--------------+---------+---------------------+------+-----------+--------------+
| c2 | RUNNING | OVH_FAILOVER_IP2 (eth0)| | CONTAINER | 0 |
+--------------+---------+---------------------+------+-----------+--------------+
Container c1 works correctly: from within the container I can ping the internet (e.g., “ping -c 4 www.ubuntu.com”) and I can also netcat the container from the host and from outside (e.g., “netcat -l 80” on the container and “netcat OVH_FAILOVER_IP1 80” on the host or outside).
Container c2 does not work: from within the container I cannot ping the internet (“Network unreachable”) and the container is not accessible from neither the host nor outside.
I am a bit confused: it seems to me that the two configurations are the same (except one uses ifupdown and the other uses netplan, but the result should be the same?).
One thing I have noticed is that in container c1, the command “ip addr” gives something like:
eth0@if45: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet OVH_FAILOVER_IP1/32 brd OVH_FAILOVER_IP1 scope global eth0
...
while in container c2 it gives:
eth0@if47: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 54.38.226.92/32 scope global eth0
...
I am not sure if broadcasting is relevant here…
Another difference is the output of “networkctl”:
-
in c1:
WARNING: systemd-networkd is not running, output will be incomplete. IDX LINK TYPE OPERATIONAL SETUP 1 lo loopback n/a unmanaged 44 eth0 ether n/a unmanaged -
in c2:
IDX LINK TYPE OPERATIONAL SETUP 1 lo loopback carrier unmanaged 46 eth0 ether routable failed
Do you have any clue of what may cause the difference in behaviour?
Thanks a lot