Network config of container (LXC) with multiple IPs not working after upgrade to Debian 9

Question

We have a proxy LXC container running on a Proxmox server with multiple IPs (and mac addresses) with no issues. The hosting company (OVH) indications have been to add each IP with its own virtual mac all pointing at the host machine default gateway. As explained this has been working fine for a while until we have now upgraded.

On Debian 9 for some unknown reason (probably related to the network config naming changes) the same setup only seems to work for the first IP but not subsequent ones. I've read similar issues happen on CentOS as it would not allow different interfaces pointing at the same gateway.

Proxmox solved this (up to Deb8 at least) by adding post up rules on the /etc/network/interfaces as so:

    # --- BEGIN PVE ---
    post-up ip route add xx.XX.XX.254 dev eth2
    post-up ip route add default via XX.XX.XX.254 dev eth2
    pre-down ip route del default via xx.XX.XX.254 dev eth2
    pre-down ip route del xx.XX.XX.254 dev eth2
    # END PVE ---

This does only seem to work now on the first interface but fails on the rest.

As we have not found the reason of the behaviour change from Deb8 to Deb9 we can only think of solutions in the form of:

1. Declaring all the secondary IPs without a gateway and find the way to create an IP ROUTE rule that does work similar to: ip route add default via xx.XX.XX.254 dev eth2 but not having clear why it does not work hard to implement
2. Declare only the first IP/MAC address on the container and use new syntax to add additional IPs to the same interface ip address add 94.xx.xx.xx/32 dev eth2 label eth2:extraIP1 but this approach will require to use a single virtual MAC address to ALL ips, which is something from our point of view removes in a way the reason of having various IPs

Any help would be greatly appreciated or alternatively some guidance about where to patch the suggested change... in order to PVE not to overwrite our changes on reboots or definition changes and ideally only if ethX has gone up (can not do it within interfaces definition itself as PVE insist in overwriting that file.

• /if-up.d/
• /interfaces.d/
• interfaces.tail (supposedly used by PVE at the end of interfaces)

Answer 1

After not finding out why the different behaviour on debian 8 container vs debian 9 we solved it by applying the second solution and changing the way we were defining containers in the past. This is:

• only one public ip is defined on the LXC definition of the container (net0) in the "traditional" way. This is that IP would point to the host machines gateway.
• all other IPs pointing to that container will share the same MAC address as that one

• within the container we added a script on the /if-up.d with:

  if [ "$IFACE" = eth0 ]; then
  ip address add XXXXXXXX/32 dev eth0 label eth0:ip2
  ip address add XXXXXXXX/32 dev eth0 label eth0:ip3
  fi
  

and a similar one to delete (del) on /if-post-down.d/

We do have an additional net1 local internal IP defined with no issues.