Networking Issues in LXC Container

Strive · March 22, 2020, 7:35pm

Hi,

I have a requirement to setup LXC containers in a OpenWRT Machine.

My System Details:
Laptop OS: Debian GNU/Linux bullseye/sid, 9.12 – Network is available. Everything works fine

VM OS: OpenWRT 19.07.2 – Network is available. Everything works fine

Container OS: OpenWRT 19.07 – Network is Unavailable. This is the issue

The VMs Configurations are as follows:

lxc-checkconfig
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled

--- Control groups ---
Cgroups: enabled

Cgroup v1 mount points: 
/sys/fs/cgroup

Cgroup v2 mount points: 

Cgroup v1 systemd controller: /usr/bin/lxc-checkconfig: line 167: printf \033[1;31m: not found

Cgroup v1 freezer controller: /usr/bin/lxc-checkconfig: line 174: printf \033[1;31m: not found

Cgroup v1 clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled, loaded
Macvlan: enabled, loaded
Vlan: enabled, not loaded
Bridges: enabled, not loaded
Advanced netfilter: enabled, not loaded
CONFIG_NF_NAT_IPV4: enabled, loaded
CONFIG_NF_NAT_IPV6: missing
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: missing
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: missing
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, loaded
FUSE (for use with lxcfs): missing

--- Checkpoint/Restore ---
checkpoint restore: missing
CONFIG_FHANDLE: missing
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: missing
CONFIG_INET_DIAG: missing
CONFIG_PACKET_DIAG: missing
CONFIG_NETLINK_DIAG: missing
File capabilities: enabled

brctl show
bridge name	   bridge id		     STP enabled	   interfaces
br-mng		   7fff.0800272bc85f	 no		           eth0
							                           vethXH0YJS

cat /proc/net/arp
IP address       HW type     Flags       HW address            Mask     Device
10.0.XX.XX        0x1         0x2         52:54:00:12:35:02     *        eth1
192.168.XX.XX     0x1         0x2         0a:00:27:00:00:03     *        br-mng

The /etc/lxc/default.conf file in Virtual Machine has the following entries

lxc.net.0.type = veth
lxc.network.link = br-mng
lxc.network.flags = up
lxc.network.hwaddr = 08:00:27:2b:c8:5f

The ifconfig -a output of the VM is:

br-mng    Link encap:Ethernet  HWaddr 08:00:27:2B:C8:5F  
                --- Some lines ---

eth0      Link encap:Ethernet  HWaddr 08:00:27:2B:C8:5F  
          		  --- Some lines ---

eth1      Link encap:Ethernet  HWaddr 08:00:27:79:CB:CF  
              --- Some lines ---

eth2      Link encap:Ethernet  HWaddr 08:00:27:4F:C7:A5  
             --- Some lines ---

lo        Link encap:Local Loopback  
           --- Some lines ---

vethXH0YJS Link encap:Ethernet  HWaddr FE:61:34:FE:61:12 
          --- Some lines ---

I have created a container inside the VM. The container starts fine and i am able to perform lxc-attach and other basic operations.

In VM, the entries of /srv/lxc/MyContainer/config are:

lxc.net.0.type = veth
lxc.net.0.link = br-mng
lxc.net.0.flags = up
lxc.net.0.hwaddr = 08:00:27:2B:C8:5F

However the container doesn’t have network access.

When i try to run opkg update command inside MyContainer, it throws error message Failed to establish connection. ping gogle.com also doesn’t work

The brctl show and /proc/net/arp commands give blank response inside container

Additional Info:

I have set Promiscuous mode in Virtual Box as Allow All. Irrespective of the option that i choose in this dropdown, network is not available inside the conatiner
When i execute the command lxc-ls -f, i see the IPv4 address as 192.168.1.1 for a brief moment and then it disappears and it is shown as -

Could you please help me to resolve the network issues in my container.

Am i missing anything?

tomp · March 23, 2020, 11:17am

I dont think having this line lxc.network.hwaddr = 08:00:27:2b:c8:5f in /etc/lxc/default.conf, and by extension, /srv/lxc/MyContainer/config is going to work, as that means:

A) That all of your containers will have the same MAC address (expect Ethernet conflicts).
B) The MAC address you’ve specified is the same MAC as the parent bridge interface.

Unless you want a specific MAC address ‘pattern’, then I would suggest removing that line from /etc/lxc/default.conf and changing the MAC address line in /srv/lxc/MyContainer/config to a different MAC address.

Strive · March 23, 2020, 12:15pm

@tomp thanks for your response.

I removed the line lxc.network.hwaddr from /etc/lxc/default.conf
Then i tried setting different mac addresses in /srv/lxc/MyContainer/config. Still same issue - Network unavailable.

I also tried by removing the lxc.network.hwaddr line from /srv/lxc/MyContainer/config. Basically no hwaddr lines in any conf file. This also did not work.

Strive · March 25, 2020, 12:53pm

lxc-net service is not available in my OpenWRT virtual machine. I think this is the reason for networking issues inside the container.

unable to install lxc-net package. I am getting error as package not found.

stgraber · March 25, 2020, 1:44pm

lxc-net is a script that comes with LXC itself usually, but maybe it wasn’t included in openwrt as openwrt itself is quite capable of creating bridges and running DHCP/DNS on them.

Strive · March 25, 2020, 1:56pm

Thank you. I will rebuild the OpenWRT image and try again.

Strive · March 28, 2020, 4:14pm

Finally, the issue is resolved.

The issue in case was Adapter-1 of the VM (in virtual box) was host only adapter. I had three adapters:
Adapter-1: Host Only
Adapter-2: NAT
Adapter-3: Bridged

Having only NAT and Bridged worked for me.

Other configurations are same as mentioned in my question.