Host interface name fix between containers restart

geodb27 · August 21, 2023, 12:58pm

Hi,
Is there a way to have consistent interface name between containers restart from the host’s point of view ?
For now, I have containers attached to a bridge (lxc network attach lxdbr0 lxc-test eth0) with fixed IP address on the bridge (lxc config device set lxc-test eth0 ipv4.address 192.168.220.7). This part works fine.
However, after the container is started, I get with either ifconfig or ip ad an interface name built like that : vethxxxx@ifNN on the host.
If I restart the container (lxc restart lxc-test), I will get a new interface name vethyyyy@ifMM
As asked on irc, here is the output of one of my container (lxc-test) expanded config :

lxc config show lxc-test --expanded
architecture: x86_64
config:
image.architecture: amd64
image.description: ubuntu 22.04 LTS amd64 (release) (20230815)
image.label: release
image.os: ubuntu
image.release: jammy
image.serial: “20230815”
image.type: squashfs
image.version: “22.04”
volatile.base_image: ebed156c664de5e9f86c1a2eee7b61031af072af35e90048d2944b3e485f8303
volatile.cloud-init.instance-id: 85136a9a-cb3c-4265-968e-18055478d31f
volatile.eth0.host_name: veth@test
volatile.eth0.name: eth0
volatile.idmap.base: “0”
volatile.idmap.current: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’
volatile.idmap.next: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’
volatile.last_state.idmap: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’
volatile.last_state.power: RUNNING
volatile.last_state.ready: “false”
volatile.uuid: b815887a-7d31-4fe2-aa9f-d598c470f7f7
volatile.uuid.generation: b815887a-7d31-4fe2-aa9f-d598c470f7f7
devices:
eth0:
host_name: veth@test
hwaddr: 00:16:3e:54:62:ed
ipv4.address: 192.168.220.7
network: lxdbr0
type: nic
root:
path: /
pool: default
type: disk
ephemeral: false
profiles:

default
stateful: false
description: “”

Thanks for any help provided on this specific demand.

tomp · August 21, 2023, 1:31pm

You should just specify a single word (no @ sign).

E.g. foo as the host_name setting.

tomp · August 21, 2023, 1:32pm

If that works could you open an issue here https://github.com/canonical/lxd/issues to improve the validation of that setting. Thanks

geodb27 · August 21, 2023, 1:45pm

I did as you suggested :
Changed host_name to veth-test in the container config.
ip ad reports :

veth-test@if14: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master lxdbr0 state LOWERLAYERDOWN group default qlen 1000
    link/ether f6:b8:fc:5c:0a:0d brd ff:ff:ff:ff:ff:ff link-netnsid 1

So, I restarted the container and now ip ad reports

veth-test@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
    link/ether fe:85:81:53:3e:60 brd ff:ff:ff:ff:ff:ff link-netnsid 1

So, between restarts, the left part of the veth interface name is consistent between restarts. That’s half of the solution. The right part increases it’s digits by two after a restart.
To follow the documentation, I set the “name” key value to “eth0-test”. I expected that to set the “ifxx” part of the interface name, but it didn’t.
Maybe this issue has nothing to do with lxd after all but with the kernel itself or some piece of software that sets the veth name when building it at container startup… Just wondering.
Aside of this, I fixed the mac address, as you can see on the config I shared earlier. But, here again, you will see that the mac displayed has nothing to do with the one I chose.

To be continued …

tomp · August 21, 2023, 1:51pm

The part on the left hand side is the interface name, the kernel controls the part on the right hand side of the @ character.

tomp · August 21, 2023, 1:52pm

The MAC address will be fixed on the peer interface inside the container, not the host side of the veth pair.

geodb27 · August 21, 2023, 2:12pm

Well, thank you for your kind help @tomp.

From what I saw at a glance, this can not be addressed. The kernel is it’s own master on this part.

The context I wanted to have all the interface name consistent is that we monitor each container’s interface traffic with check_mk and a nagvis map (check_mk version 1.5.0p2 that we can’t upgrade at the moment).
On some production servers, I had the left hand side of the interface set per container (like here in this thread veth-name) and found a way to set up the nagvis map to use the interface description as name of the service (iirc, I did it monthes ago). But I figured out that after restarting either the server or any of the containers, the map was broken because it searches for the interface index (the digits set by the kernel after the letters if. That’s why I wanted to see if this part could be custom… And it seems not.

Anyway, thanks again for your kind help !

tomp · August 21, 2023, 2:58pm

This sounds like an issue in check_mk as really it should exclude the parts after the @ as the part before the @ sign are still unique for that host.