2018-05-05 03:18:42 UTC
using a macvlan that the host CAN ping a container?
According to what I previously understood, and supported by this
and the main reason I hadn't bothered even trying out a macvlan
is because I need access to my local hosted containers and it
"just works" with a normal bridge. However, now when I finally
get around to testing macvlan I find I can immediately ping a
new macvlan based containers IP.
Has something changed recently regarding this macvlan restriction?
~ apt install lxd
~ lxc profile copy default macvlan (which has no eth0 device yet)
~ ip r (to get my hosts eth0 device)
~ lxc profile device add macvlan eth0 nic nictype=macvlan parent=enp4s0f1 name=eth0
~ lxc launch images:ubuntu/bionic macvlantest -p macvlan
~ lxc list --format csv
macvlantest,RUNNING,192.168.0.206 (eth0),"fdcc:3922:7dfd::6b7 (eth0)
~ ping -c1 192.168.0.206
PING 192.168.0.206 (192.168.0.206) 56(84) bytes of data.
64 bytes from 192.168.0.206: icmp_seq=1 ttl=64 time=1.98 ms
OIC, from inside the macvlantest container I can't ping the host.
But still, from this comment I would tend to assume I should not
be able to ping the container from the host either...
"@stgraber An even easier alternative to this would be using macvlan as it won't require any bridging at all, but it does come with the annoying caveat that the host will not be able to communicate with the containers."
Would anyone care to clarify this macvlan limitation please?