I want to understand/make sure that a container that is using an OVN network can’t just change it’s vlan or subnet.
I already tried changing the vlan and subnet of an existing container and wasn’t able to reach anything - but I’m not sure if it’s just by chance or if it’s by design?
My host has 2 nics bonded together, with 3 vlans and one bridge for each vlan.
I created a network GUESTS
that uses the br-guests
as bridge.
I created a project core
with features.networks=true
and features.networks.zones=true
. Inside the project I created a network core --type ovn
.
I launch the instances with e.g. lxc launch ubuntu:22.04 t1 --network core --project core
network GUESTS
config:
bgp.peers.r01.address: 172.18.40.1
bgp.peers.r01.asn: "4200000001"
dns.nameservers: 8.8.8.8
ipv4.gateway: 172.18.40.1/22
ipv4.ovn.ranges: 172.18.41.10-172.18.41.200
ipv4.routes: 10.128.0.0/9
volatile.last_state.created: "false"
description: ""
name: GUESTS
type: physical
used_by:
- /1.0/networks/core?project=core
managed: true
status: Created
locations:
- f01
- n13
- n16
network core
config:
bridge.mtu: "1442"
ipv4.address: 10.128.0.1/24
ipv4.nat: "false"
ipv6.address: fd42:550b:f0b8:b240::1/64
ipv6.nat: "true"
network: GUESTS
volatile.network.ipv4.address: 172.18.41.10
description: ""
name: core
type: ovn
used_by: []
managed: true
status: Created
locations:
- f01
- n13
- n16
project core
config:
features.images: "true"
features.networks: "true"
features.networks.zones: "true"
features.profiles: "true"
features.storage.buckets: "true"
features.storage.volumes: "true"
description: ""
name: core
used_by:
- /1.0/profiles/default?project=core
- /1.0/networks/core?project=core
netplan
network:
ethernets:
eth0:
match:
macaddress: XXXXXXX
dhcp4: no
dhcp6: no
set-name: eth0
mtu: 9000
eth1:
match:
macaddress: XXXXXXX
dhcp4: no
dhcp6: no
set-name: eth1
mtu: 9000
bonds:
bond-sw01:
interfaces:
- eth0
- eth1
link-local: []
accept-ra : false
dhcp4: false
dhcp6: false
mtu: 1500
parameters:
mode: 802.3ad
lacp-rate: fast
mii-monitor-interval: 100
transmit-hash-policy: layer3+4
vlans:
bond-sw01.hosts:
link: bond-sw01
id: 1005
link-local: []
accept-ra: false
dhcp4: false
dhcp6: false
mtu: 1500
bond-sw01.guests:
link: bond-sw01
id: 2005
link-local: []
accept-ra: false
dhcp4: false
dhcp6: false
mtu: 1500
# to ISP, currently to pfsense
bond-sw01.uplink:
link: bond-sw01
id: 3003
link-local: []
accept-ra: false
dhcp4: false
dhcp6: false
mtu: 1500
bridges:
br-hosts:
interfaces:
- bond-sw01.hosts
accept-ra: true
dhcp4: false
dhcp6: false
mtu: 1500
addresses:
- 172.18.38.1/22
routes:
- to: default
via: 172.18.36.1
on-link: true
nameservers:
addresses:
- 8.8.8.8
br-guests:
interfaces:
- bond-sw01.guests
link-local: []
accept-ra: false
dhcp4: false
dhcp6: false
mtu: 1500
br-uplink:
interfaces:
- bond-sw01.uplink
link-local: []
accept-ra: false
dhcp4: false
dhcp6: false
mtu: 1500