3

I am trying to understand namespaces in the context of lxd / lxc.

I have two containers which respective eth0 is bridged to br1 and br2 on the host. This is done via a Virtual Ethernet interfaces

root@srv:~# ip link
(...)

5: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether fe:f0:ca:e8:c4:ae brd ff:ff:ff:ff:ff:ff
6: br2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether fe:45:66:a8:37:a7 brd ff:ff:ff:ff:ff:ff
11: vethHRMPOM@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br1 state UP mode DEFAULT group default qlen 1000
    link/ether fe:f0:ca:e8:c4:ae brd ff:ff:ff:ff:ff:ff link-netnsid 1
27: vethNTG58H@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br2 state UP mode DEFAULT group default qlen 1000
    link/ether fe:45:66:a8:37:a7 brd ff:ff:ff:ff:ff:ff link-netnsid 0

I wonder where the other side of, say, vethHRMPOM@if10 is?

ip netns list is empty.

/var/run/netns does not exist (this is an Ubuntu 15.10)

ip netns list-id shows

nsid 0 
nsid 1

which seem to correspond to the last element in the ip list above. How can I get more information about these nsid 0 an 1 since all commands refer to a namespace by name (and not ID)?

WoJ
  • 3,607
  • 9
  • 49
  • 79

2 Answers2

3

By default LXC doesn't register the network namespaces with iproute2 utils, but you can register them manually:

root@host:~# lxc-info -n testlxc
Name:           testlxc
State:          RUNNING
PID:            8888
<snip>
root@host:~# mkdir -p /var/run/netns/
root@host:~# ln -s /proc/8888/ns/net /var/run/netns/testlxc

After the netns is registered, it's easy to answer the question:

root@host:~# ip netns list
testlxc (id: 0)
root@host:~# ip addr show | grep -A2 -B1 "link-netnsid 0"
15: veth9ICKL6@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br1 state UP group default qlen 1000
    link/ether fe:b2:e0:99:81:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::fcb2:e0ff:fe99:8153/64 scope link 
       valid_lft forever preferred_lft forever
styrofoam fly
  • 158
  • 6
1

I wonder where the other side of, say, vethHRMPOM@if10 is?

While I don't know how to directly map host veth devices to LXC veth device, I know how to do the inverse:

root@server:~# lxc-ls
bugzilla4
root@server:~# lxc-info -n bugzilla4 -p
PID:            7072
root@server:~# mkdir -p /var/run/netns/
root@server:~# ln -sf /proc/7072/ns/net /var/run/netns/bugzilla4
root@server:~# ip netns list
bugzilla4
root@server:~# ip netns exec bugzilla4 ethtool -S eth0
NIC statistics:
     peer_ifindex: 41
root@server:~# ip link show | grep '^41:'
41: vXsomething: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br1 state UP mode DEFAULT group default qlen 1000

If ethtool is not available on the guest I think you can just get the guest ifindex and increment with one to get the host ifindex (40 -> 41):

root@server:~# ip netns exec bugzilla4 ip link show eth0
40: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff

To answer your original question: you can write a script which will go over each LXC, get the host veth device, and stop if it's the one you're interested in (vethHRMPOM@if10).

A better solution in my opinion would be to name your veth devices properly. Example:

lxc.network.veth.pair = vXbugzilla4

The veth device is called vXbugzilla4 on the host:

root@server:~# ip link show vXbugzilla4
41: vXbugzilla4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br1 state UP mode DEFAULT group default qlen 1000
    link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff
11181
  • 111
  • 2