Home / server / Questions / 765789
Accepted
WoJ
Asked: 2016-03-24 23:29:07 +0800 CST

Where are network namespaces in lxc / lxd?

  • 772

I am trying to understand namespaces in the context of lxd / lxc.

I have two containers which respective eth0 is bridged to br1 and br2 on the host. This is done via a Virtual Ethernet interfaces

root@srv:~# ip link
(...)

5: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether fe:f0:ca:e8:c4:ae brd ff:ff:ff:ff:ff:ff
6: br2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether fe:45:66:a8:37:a7 brd ff:ff:ff:ff:ff:ff
11: vethHRMPOM@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br1 state UP mode DEFAULT group default qlen 1000
    link/ether fe:f0:ca:e8:c4:ae brd ff:ff:ff:ff:ff:ff link-netnsid 1
27: vethNTG58H@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br2 state UP mode DEFAULT group default qlen 1000
    link/ether fe:45:66:a8:37:a7 brd ff:ff:ff:ff:ff:ff link-netnsid 0

I wonder where the other side of, say, vethHRMPOM@if10 is?

ip netns list is empty.

/var/run/netns does not exist (this is an Ubuntu 15.10)

ip netns list-id shows

nsid 0 
nsid 1

which seem to correspond to the last element in the ip list above. How can I get more information about these nsid 0 an 1 since all commands refer to a namespace by name (and not ID)?

networking

2 Answers

  1. Best Answer

    By default LXC doesn't register the network namespaces with iproute2 utils, but you can register them manually:

    root@host:~# lxc-info -n testlxc
Name:           testlxc
State:          RUNNING
PID:            8888
<snip>
root@host:~# mkdir -p /var/run/netns/
root@host:~# ln -s /proc/8888/ns/net /var/run/netns/testlxc

    After the netns is registered, it's easy to answer the question:

    root@host:~# ip netns list
testlxc (id: 0)
root@host:~# ip addr show | grep -A2 -B1 "link-netnsid 0"
15: veth9ICKL6@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br1 state UP group default qlen 1000
    link/ether fe:b2:e0:99:81:53 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::fcb2:e0ff:fe99:8153/64 scope link 
       valid_lft forever preferred_lft forever
    • 3

  2. I wonder where the other side of, say, vethHRMPOM@if10 is?

    While I don't know how to directly map host veth devices to LXC veth device, I know how to do the inverse:

    root@server:~# lxc-ls
bugzilla4
root@server:~# lxc-info -n bugzilla4 -p
PID:            7072
root@server:~# mkdir -p /var/run/netns/
root@server:~# ln -sf /proc/7072/ns/net /var/run/netns/bugzilla4
root@server:~# ip netns list
bugzilla4
root@server:~# ip netns exec bugzilla4 ethtool -S eth0
NIC statistics:
     peer_ifindex: 41
root@server:~# ip link show | grep '^41:'
41: vXsomething: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br1 state UP mode DEFAULT group default qlen 1000

    If ethtool is not available on the guest I think you can just get the guest ifindex and increment with one to get the host ifindex (40 -> 41):

    root@server:~# ip netns exec bugzilla4 ip link show eth0
40: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff

    To answer your original question: you can write a script which will go over each LXC, get the host veth device, and stop if it's the one you're interested in (vethHRMPOM@if10).

    A better solution in my opinion would be to name your veth devices properly. Example:

    lxc.network.veth.pair = vXbugzilla4

    The veth device is called vXbugzilla4 on the host:

    root@server:~# ip link show vXbugzilla4
41: vXbugzilla4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br1 state UP mode DEFAULT group default qlen 1000
    link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff
    • 1