OnWorks Linux and Windows Online WorkStations

Logo

Free Hosting Online for WorkStations

< Previous | Contents | Next >

6.4. Networking


By default LXC creates a private network namespace for each container, which includes a layer 2 networking stack. Containers usually connect to the outside world by either having a physical NIC or a veth tunnel endpoint passed into the container. LXC creates a NATed bridge, lxcbr0, at host startup. Containers created using the default configuration will have one veth NIC with the remote end plugged into the lxcbr0 bridge. A NIC can only exist in one namespace at a time, so a physical NIC passed into the container is not usable on the host.


It is possible to create a container without a private network namespace. In this case, the container will have access to the host networking like any other application. Note that this is particularly dangerous if the

container is running a distribution with upstart, like Ubuntu, since programs which talk to init, like shutdown, will talk over the abstract Unix domain socket to the host's upstart, and shut down the host.


To give containers on lxcbr0 a persistent ip address based on domain name, you can write entries to /etc/ lxc/dnsmasq.conf like:


dhcp-host=lxcmail,10.0.3.100 dhcp-host=ttrss,10.0.3.101


If it is desirable for the container to be publicly accessible, there are a few ways to go about it. One is to use

iptables to forward host ports to the container, for instance


iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 587 -j DNAT \

--to-destination 10.0.3.100:587


Another is to bridge the host's network interfaces (see the Ubuntu Server Guide's Network Configuration chapter, Section 1.4, “Bridging” [p. 46]). Then, specify the host's bridge in the container configuration file in place of lxcbr0, for instance


lxc.network.type = veth lxc.network.link = br0


Finally, you can ask LXC to use macvlan for the container's NIC. Note that this has limitations and depending on configuration may not allow the container to talk to the host itself. Therefore the other two options are preferred and more commonly used.


There are several ways to determine the ip address for a container. First, you can use lxc-ls --fancy which will print the ip addresses for all running containers, or lxc-info -i -H -n C1 which will print C1's ip address. If dnsmasq is installed on the host, you can also add an entry to /etc/dnsmasq.conf as follows


server=/lxc/10.0.3.1


after which dnsmasq will resolve C1.lxc locally, so that you can do:


ping C1 ssh C1


For more information, see the lxc.conf manpage as well as the example network configurations under /usr/ share/doc/lxc/examples/.


  

 

< Previous | Contents | Next >

  

Top OS Cloud Computing at OnWorks: