[SOLVED] network unreachable inside the container

gabx · 2014-03-03 11:18:24

I managed a container with systemd-nspawn. The container boots, but the network is unreachable.
Below is my set up.

ON HOST

systemd-dhcpcd.service disable
systemd-networkd is enabled and started
network is started with two netctl profiles

Configuration files:
/etc/netctl/static-hortensia

Description='hortensia static ethernet connection'
Interface=enp7s0
Connection=ethernet
IP=static
Address=('192.168.1.87/24')
Gateway='192.168.1.254'

/etc/netctl/bridge-hortensia

Description="Bridge connection to container"
Interface=br0
Connection=bridge
BindsToInterfaces=()
IP=no

/etc/systemd/network/70-dahlia.netdev

[Match]
Host=host0 
Virtualization=container

[NetDev]
Name=br0
Kind=bridge

/etc/systemd/network/80-dahlia.network

[Match]
Virtualization=container

[Network]
DHCP=no
DNS=192.168.1.254

[Address]
Address=192.168.1.94/24

[Route]
Gateway=192.168.1.254

/etc/resolv.conf

# Generated by resolvconf
domain lan
nameserver 192.168.1.254

BEFORE I start the container:

$ ip addr
2: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.87/24 brd 192.168.1.255 scope global enp7s0
       valid_lft forever preferred_lft forever
    inet6 fe80::16da:e9ff:feb5:7a88/64 scope link 
       valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
    link/ether 9e:eb:1a:c5:12:34 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::9ceb:1aff:fec5:1234/64 scope link 
       valid_lft forever preferred_lft forever

start the container

# systemd-nspawn --machine=dahlia --network-bridge=br0 -bD /dahlia

$ ip addr
2: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.87/24 brd 192.168.1.255 scope global enp7s0
       valid_lft forever preferred_lft forever
    inet6 fe80::16da:e9ff:feb5:7a88/64 scope link 
       valid_lft forever preferred_lft forever
3: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 92:3c:ba:9e:24:07 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::9ceb:1aff:fec5:1234/64 scope link 
       valid_lft forever preferred_lft forever
4: vb-dahlia: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master br0 state DOWN group default qlen 1000

ON CONTAINER

systemd-dhcpcd.service disable
systemd-networkd is enabled and started
NO netctl profiles
NO conf files in /etc/systemd/network/

gab@dahlia ➤➤ ~ % ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 192.168.1.94/24 brd 192.168.1.255 scope global lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: host0: <NO-CARRIER,BROADCAST,ALLMULTI,AUTOMEDIA,NOTRAILERS,UP> mtu
1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether 3a:4f:1f:c5:b5:d1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.94/24 brd 192.168.1.255 scope global host0 
       valid_lft forever preferred_lft forever

Not sure this output is correct. Is it OK to get a IP adress for lo ? Then, interface host0 is DOWN. I guess this is not normal and could be the cause of my issue.

# ip link set dev host0 up

produces no change, host0 is still down

gab@dahlia ➤➤ ~ % ip route
default via 192.168.1.254 dev host0
192.168.1.0/24 dev host0  proto kernel  scope link  src 192.168.1.94

gab@dahlia ➤➤ ~ % ping -c 3 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 192.168.1.94 icmp_seq=1 Destination Host Unreachable

Configuration files :
/etc/resolv.conf

# Generated by resolvconf
domain lan
nameserver 192.168.1.254

/etc/hosts

#
# /etc/hosts: static lookup table for host names
#

#<ip-address>	<hostname.domain.org>	<hostname>
127.0.0.1	localhost.localdomain	localhost
::1		localhost.localdomain	localhost

# End of file

Maybe some error here? localhost ? (host0 ?)

Some debug command outputs:

gab@dahlia ➤➤ ~ # SYSTEMD_LOG_LEVEL=debug /lib/systemd/systemd-networkd
timestamp of '/etc/systemd/network' changed
timestamp of '/run/systemd/network' changed
host0: link (with ifindex 2) added
lo: link (with ifindex 1) added
Sent message type=method_call sender=n/a destination=org.freedesktop.DBus object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=Hello cookie=1 reply_cookie=0 error=n/a
Got message type=method_return sender=org.freedesktop.DBus destination=:1.6 object=n/a interface=n/a member=n/a cookie=1 reply_cookie=1 error=n/a
Got message type=signal sender=org.freedesktop.DBus destination=:1.6 object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=NameAcquired cookie=2 reply_cookie=0 error=n/a

gab@dahlia ➤➤ ~ % ip route
default via 192.168.1.254 dev host0 
192.168.1.0/24 dev host0  proto kernel  scope link  src 192.168.1.94

gab@dahlia ➤➤ ~ % cat /proc/net/dev
Inter-|   Receive                                                |  Transmit
 face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
 host0:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
    lo:     840       9    0    0    0     0          0         0      840       9    0    0    0     0       0          0

Same command ON HOST

gabx@hortensia ➤➤ ~ %  cat /proc/net/dev
Inter-|   Receive                                                |  Transmit
 face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
   br0:       0       0    0    0    0     0          0         0      648       8    0    0    0     0       0          0
vb-dahlia:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
    lo:    1700      34    0    0    0     0          0         0     1700      34    0    0    0     0       0          0
enp7s0: 15403401   19789    0    0    0     0          0         0  3834189   16721    0    0    0     0       0          0

gab@dahlia ➤➤ ~ % ping -c3 192.168.1.254
PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
64 bytes from 192.168.1.254: icmp_seq=1 ttl=64 time=0.036 ms

I can ping the gateway.

Any help is appreciated.

Last edited by gabx (2014-03-06 22:15:07)

Rexilion · 2014-03-03 13:05:28

I'm not familiar with containers. But I have some networking experience.

- The last block indicates that you are able to ping the router on the network from Dahlia? Confirm this by running tcpdump on the host attaching it to br0.
- The loopback in Dahlia also has 192.168.1.94/24. That could be in conflict with host0 despite with the routes being correct.
- Where does Dahlia get it's network configuration from? You mention you use systemd-networkd. But is that a static configuration or an ip from the DHCP @ 192.168.1.254?

gabx · 2014-03-03 20:15:44

When it comes to networking, I must admit I start quickly being lost.

On the host

gabx@hortensia ➤➤ ~ % sudo tcpdump -i br0 
tcpdump: WARNING: br0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes

0 packets captured
0 packets received by filter
0 packets dropped by kernel

This is no surprise as the output of ip addr do not return any IP for the device br0

2: enp7s0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.87/24 brd 192.168.1.255 scope global enp7s0
       valid_lft forever preferred_lft forever
    inet6 fe80::16da:e9ff:feb5:7a88/64 scope link 
       valid_lft forever preferred_lft forever
8: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
    link/ether e2:d2:94:ea:2a:52 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::e0d2:94ff:feea:2a52/64 scope link 
       valid_lft forever preferred_lft forever

What surprises me is that I can't assign one IP to enp7s0 (my Ethernet device) AND one to br0. I have tried as many combinations of netctl profiles (static,dhcp) as possible, its is either br0 or enp7s0 which get assigned one IP. Never both together.
Is this behavior supposed to be correct ?

Dahlia got its network configuration from only the /etc/systemd/network/ files. There is nothing configured on the container side.
I may be wrong when trying to route traffic trough host0 device. Maybe shall I instead route traffic to vb-dahlia ? I will try this way with a netctl profile on dahlia and vb-dahlia as network device.

gabx · 2014-03-04 11:44:50

After a few more test, I have a profile UP in the container, with an IP adress, but network is still unreachable.
The output of the following command puzzles me:

gab@dahlia ➤➤ /etc/netctl % cat /proc/net/dev                        
Inter-|   Receive                                                |  Transmit
 face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
 host0:    6004      28    0    0    0     0          0         0      774      11    0    0    0     0       0          0
    lo:     336       3    0    0    0     0          0         0      336       3    0    0    0     0       0          0

It seems there is some traffic going through host0.
some debug outputs on the container side

gab@dahlia ➤➤ /etc/netctl % ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: host0: <BROADCAST,ALLMULTI,AUTOMEDIA,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 8e:d4:16:e2:06:4a brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.91/24 brd 192.168.1.255 scope global host0
       valid_lft forever preferred_lft forever
    inet6 fe80::8cd4:16ff:fee2:64a/64 scope link 
       valid_lft forever preferred_lft forever

gab@dahlia ➤➤ /etc/netctl % ip route
default via 192.168.1.254 dev host0 
192.168.1.0/24 dev host0  proto kernel  scope link  src 192.168.1.91

gab@dahlia ➤➤ /etc/netctl % cat /etc/resolv.conf
# Generated by resolvconf
nameserver 192.168.1.254

Maybe a stupid question, but in case of my bridge, what device is the gateway : the host machine (192.168.1.87) OR the real router (192.168.1.254) ? I could be wrong when trying to indicate the router as the gateway ?
EDIT
Trying to use the host as gateway does not change anything: network still unreachable
More debug outputs.
on the container side

gab@dahlia ➤➤ ~ % ping -c3 192.168.1.254            
PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
64 bytes from 192.168.1.254: icmp_seq=1 ttl=64 time=0.044 ms
64 bytes from 192.168.1.254: icmp_seq=2 ttl=64 time=0.035 ms
64 bytes from 192.168.1.254: icmp_seq=3 ttl=64 time=0.027 ms

--- 192.168.1.254 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.027/0.035/0.044/0.008 ms
gab@dahlia ➤➤ ~ % ping -c3 192.168.1.87 
PING 192.168.1.87 (192.168.1.87) 56(84) bytes of data.
64 bytes from 192.168.1.87: icmp_seq=1 ttl=64 time=0.041 ms
64 bytes from 192.168.1.87: icmp_seq=2 ttl=64 time=0.036 ms
64 bytes from 192.168.1.87: icmp_seq=3 ttl=64 time=0.036 ms

--- 192.168.1.87 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.036/0.037/0.041/0.007 ms

I can ping gateway and host

on host side

gabx@hortensia ➤➤ systemd/network % ping -c3 192.168.1.94
PING 192.168.1.94 (192.168.1.94) 56(84) bytes of data.
From 192.168.1.87 icmp_seq=1 Destination Host Unreachable
From 192.168.1.87 icmp_seq=2 Destination Host Unreachable
From 192.168.1.87 icmp_seq=3 Destination Host Unreachable

--- 192.168.1.94 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2008ms
pipe 3

I can not ping container

Last edited by gabx (2014-03-04 12:07:32)

Rexilion · 2014-03-04 22:50:32

Yeah, maybe make the host the 'default' router and let it's own routing table handle the rest.

gabx · 2014-03-05 12:51:19

After more reading/posting/testing, I modified some configuration files.
I will then stop talking about host as this term is ambiguous. Let's say I have a machine hortensia running a virtualized container dahlia
On hortensia I modified the /etc/systemd/network/70-dahlia.netdev config file.

[Match]

[NetDev]
Name=br0
Kind=bridge

and /etc/systemd/network/80-dahlia.network

[Match]
Host=hortensia

[Network]
DHCP=no
#DNS=('212.147.10.162' '212.147.10.180')
DNS=192.168.1.254

[Address]
Address=192.168.1.93/24

[Route]
Gateway=192.168.1.254

Now, alongside with my two unchanged netctl profiles, this leave me with this on the hortensia machine:

gabx@hortensia ➤➤ ~ % ip addr                                
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 192.168.1.93/24 brd 192.168.1.255 scope global lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.87/24 brd 192.168.1.255 scope global enp7s0
       valid_lft forever preferred_lft forever
    inet 192.168.1.93/24 brd 192.168.1.255 scope global secondary enp7s0
       valid_lft forever preferred_lft forever
    inet6 fe80::16da:e9ff:feb5:7a88/64 scope link 
       valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
    link/ether 66:73:a3:0a:44:f9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.93/24 brd 192.168.1.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::6473:a3ff:fe0a:44f9/64 scope link 
       valid_lft forever preferred_lft forever

WWWooouuaahhhh !!! What a IP festival...

...My network on dahlia is still broken, and still no idea why.
Next try will be disabling any networkd config file from hortensia and set up everything in dahlia. I already tried this way with no success but will go again.
Then, last chance is Virtualbox

Rexilion · 2014-03-05 13:05:36

Yeah, I recommend ditching the automatic network handling and do everything manually with the ip and echo command (it's all you need). Configure your ip stack with ip and set DNS by echoing their hostname into /etc/resolv.conf.

gabx · 2014-03-05 13:31:00

Thank you for your support.
DELETED- out of topic

Last edited by gabx (2014-03-05 13:34:20)

gabx · 2014-03-06 22:14:36

I finally managed to understand how a bridge works and managed thw whole setup.
On my host hortensia, two /etc/netctl/profiles enabled:
hortensia

Description='A basic ethernet connection'
Interface=enp7s0
Connection=ethernet
IP=no
IP6=no

bridge-hortensia

Description="Bridge connection"
Interface=br0
Connection=bridge
BindsToInterfaces=(enp7s0 vb-dahlia)
IP=static
Address='192.168.1.87/24' 
Gateway='192.168.1.254'
DNS='192.168.1.254'

$ ip addr
2: enp7s0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.87/24 brd 192.168.1.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::16da:e9ff:feb5:7a88/64 scope link 
       valid_lft forever preferred_lft forever
5: vb-dahlia: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether 22:fc:36:08:34:4c brd ff:ff:ff:ff:ff:ff
    inet6 fe80::20fc:36ff:fe08:344c/64 scope link 
       valid_lft forever preferred_lft forever

on my container dahlia, one /etc/netctl profile enabled
static-dahlia

Description='ethernet connection'
Interface=host0
Connection=ethernet
IP=static
Address='192.168.1.93/24'
Gateway='192.168.1.254'
DNS='192.168.1.254'

$ ip addr
2: host0: <BROADCAST,MULTICAST,ALLMULTI,PORTSEL,NOTRAILERS,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether e6:3c:4e:49:43:a2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.94/24 brd 192.168.1.255 scope global host0
       valid_lft forever preferred_lft forever
    inet6 fe80::e43c:4eff:fe49:43a2/64 scope link 
       valid_lft forever preferred_lft forever

The only remaining issue is that when I boot the container, the vb-dahlia interface starts but is not UP by default. I shall manually

#  ip link set vb-dahlia up

EDIT
adding a new netctl profile on the host hortensia will make vb-dahlia interface UP when booting the container
dahlia

Description='A basic ethernet connection'
Interface=vb-dahlia
Connection=ethernet
IP=no
IP6=no

Last edited by gabx (2014-03-06 22:33:43)

Arch Linux

#1 2014-03-03 11:18:24

[SOLVED] network unreachable inside the container

#2 2014-03-03 13:05:28

Re: [SOLVED] network unreachable inside the container

#3 2014-03-03 20:15:44

Re: [SOLVED] network unreachable inside the container

#4 2014-03-04 11:44:50

Re: [SOLVED] network unreachable inside the container

#5 2014-03-04 22:50:32

Re: [SOLVED] network unreachable inside the container

#6 2014-03-05 12:51:19

Re: [SOLVED] network unreachable inside the container

#7 2014-03-05 13:05:36

Re: [SOLVED] network unreachable inside the container

#8 2014-03-05 13:31:00

Re: [SOLVED] network unreachable inside the container

#9 2014-03-06 22:14:36

Re: [SOLVED] network unreachable inside the container

Board footer