Programming, Sysadmin, Open Source
A few days ago, for the first time, I needed to perform ÌP aliasing on a single LXC container running (and hosted on) Debian Wheezy. For the story, the container will run a shared web hosting service with some SSL-enabled websites. Since I don't use SNI yet, each of these websites requires a different IP address.
My first approach was to define one of these aliases using the standard method I've always used on Debian, which is to add this sort of lines to the /etc/network/interfaces file :
auto eth0 iface eth0 inet static address 192.0.2.1 netmask 255.255.255.0 gateway 192.0.2.254 # The alias auto eth0:0 iface eth0:0 inet static address 192.0.2.2 netmask 255.255.255.0
Result : it didn't work ! I was unable to ping the 192.0.2.2 alias !
Note that my setup is a classical linux bridge (br0) and veth network interfaces, defined as this in the container config file :
lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 lxc.network.name = eth0 lxc.network.hwaddr = 42:00:00:00:00:01
I began to test different setup, including the interesting macvlan networking interface type, but nothing worked !
A little desperate, I began to wonder if IP aliasing could work in LXC. So I asked on IRC channel #lxcontainers on freenode, and got this helpful response :
basically it's the same for the container as it is for the host. all the same rules apply. if eth0 works, then all IP aliases will work though I would suggest using the /sbin/ip tool instead of ifconfig nowadays
Hum, using /sbin/ip, good idea. I sometimes play with Pacemaker, and know that the way Pacemaker binds IP addresses is not exactly the same as the ifconfig(8) way. And this is also true for ip(8). Here are some explanations : http://askubuntu.com/questions/227457/ifconfig-not-showing-all-ips-bound-to-the-machine.
So I tried to add my alias using :
ip addr add 192.0.2.2/24 dev eth0
And... It worked well ! Thanks IRC !
Finally, the remaining thing is to be able to activate ip(8)-style IP addresses at Debian startup. After some internet queries, the better solution is to define several blocks for the same interface (the other is to call ip(8) commands in post-up options) :
auto eth0 iface eth0 inet static address 192.0.2.1 netmask 255.255.255.0 gateway 192.0.2.254 # The alias iface eth0 inet static address 192.0.2.2 netmask 255.255.255.0
Oh, one more thing : ifconfig(8) and route(8) are deprecated now, so you'd better use ip(8) instead. And I talk primarily to myself :-)