[libvirt] [PATCH] lxc: support <interface type='ethernet'>

Laine Stump laine at laine.org
Wed May 25 15:00:25 UTC 2016 

On 05/25/2016 08:58 AM, Vasiliy Tolstov wrote:
> 2016-05-24 19:33 GMT+03:00 Laine Stump <laine at laine.org>:
>> So ignoring the IPv6 addresses for now. You now have a tap device on the
>> *host* that has the following IP addresses:
>>
>>          $HOST_IP peer $VM_IP/32
>>          $VM_GW
>>          169.254.169.254
>>
>> I'm guessing that in the guest you configure its ethernet to have
>>
>>             $VM_IP peer $HOST_IP/24   (or some other prefix < 32)
>>            route add default $VM_GW   ($VM_GW on same subnet as $HOST_IP/24)
> No, inside guest i'm assign address via dhcp to  $VM_IP/24 (not using peer)
> and  route add default $VM_GW

So $VM_GW is on the same subnet as $VM_IP/24 ? Is that also the same 
subnet as $HOST_IP? Or is that on a completely different network?

(This is all very useful, because it's pointing out that the config of 
the two ends definitely aren't mirror images, so we really do need 
independent settings for both).


>
> peer only used on host machine to determine on which interface kernel
> needs to send traffic

Well, you *could* do the same thing with a /30 subnet for each tap (so 
that your routing daemon would get a bunch of /30 routes pointing to 
your host for all of them), but that would use up a lot more address space.

>
>> (I'm not sure what the guest does with 169.254.169.254)
>>
>> What if you instead set the host to:
>>
>>          $HOST_IP peer $VM_IP/32
>>
>> and set the guest to:
>>
>>          $VM_IP peer $HOST_IP/32
>>          route add default $HOST_IP
>>
>> ??
>>
> I don't use this scheme... If i set $VM_IP peer $HOST_IP/32 on host
> machine i think kernel recieves packet and drop it =)

No - you would set that on the *guest*, not the host. I setup an LXC 
container in this manner and everything seemed to work properly.


>
>> Anyway, it's important to know if you set the IP config on host and guest to
>> exact mirrors of each other. It seems like the answer is "no", though, so
>> i'm going to make a patch that allows what I was talking about last week:
>>
>>
>>         <interface type='ethernet'>
>>            <source>
>>              <ip address='HOST_IP' family='ipv4' peer='VM_IP' prefix='32'/>
>>              <ip address='VM_GW' family='ipv4' prefix='32'/>
>>            </source>
>>            <ip address='VM_IP' family='ipv4' peer='HOST_IP' prefix='24'/>
>>            <route family='ipv4' address='0.0.0.0' gateway='HOST_IP'/>
>>            ...
>>        </interface>
>>
>> On qemu only the address info inside <source> would be used, since we don't
>> have control over the guest's network config. On LXC, we can set both.
>>
>> Does that sound usable?
> Yes, but don't cleanup please  <ip address='VM_IP' family='ipv4'
> peer='HOST_IP' prefix='24'/> in qemu case, because on somedays we can
> launch dnsmasq or orhet software that can provide dhcp and use this
> element..

An interesting point - even if libvirt itself doesn't launch the 
dnsmasq, it could be done by a more intelligent script (one that 
received the full interface XML on stdin, as I discussed in my last 
mail), so we should probably just ignore it rather than complaining that 
it's unsupported...

Thanks for the info!

More information about the libvir-list mailing list