OVN NIC goes down after changing a device setting

[simondeziel]

Required information

• Distribution: Ubuntu
• Distribution version: Ubuntu 22.04.1 amd64
• The output of "lxc info" or if that fails:

  $ lxc info hdc:
  config: {}
  api_extensions:
  - storage_zfs_remove_snapshots
  - container_host_shutdown_timeout
  - container_stop_priority
  - container_syscall_filtering
  - auth_pki
  - container_last_used_at
  - etag
  - patch
  - usb_devices
  - https_allowed_credentials
  - image_compression_algorithm
  - directory_manipulation
  - container_cpu_time
  - storage_zfs_use_refquota
  - storage_lvm_mount_options
  - network
  - profile_usedby
  - container_push
  - container_exec_recording
  - certificate_update
  - container_exec_signal_handling
  - gpu_devices
  - container_image_properties
  - migration_progress
  - id_map
  - network_firewall_filtering
  - network_routes
  - storage
  - file_delete
  - file_append
  - network_dhcp_expiry
  - storage_lvm_vg_rename
  - storage_lvm_thinpool_rename
  - network_vlan
  - image_create_aliases
  - container_stateless_copy
  - container_only_migration
  - storage_zfs_clone_copy
  - unix_device_rename
  - storage_lvm_use_thinpool
  - storage_rsync_bwlimit
  - network_vxlan_interface
  - storage_btrfs_mount_options
  - entity_description
  - image_force_refresh
  - storage_lvm_lv_resizing
  - id_map_base
  - file_symlinks
  - container_push_target
  - network_vlan_physical
  - storage_images_delete
  - container_edit_metadata
  - container_snapshot_stateful_migration
  - storage_driver_ceph
  - storage_ceph_user_name
  - resource_limits
  - storage_volatile_initial_source
  - storage_ceph_force_osd_reuse
  - storage_block_filesystem_btrfs
  - resources
  - kernel_limits
  - storage_api_volume_rename
  - macaroon_authentication
  - network_sriov
  - console
  - restrict_devlxd
  - migration_pre_copy
  - infiniband
  - maas_network
  - devlxd_events
  - proxy
  - network_dhcp_gateway
  - file_get_symlink
  - network_leases
  - unix_device_hotplug
  - storage_api_local_volume_handling
  - operation_description
  - clustering
  - event_lifecycle
  - storage_api_remote_volume_handling
  - nvidia_runtime
  - container_mount_propagation
  - container_backup
  - devlxd_images
  - container_local_cross_pool_handling
  - proxy_unix
  - proxy_udp
  - clustering_join
  - proxy_tcp_udp_multi_port_handling
  - network_state
  - proxy_unix_dac_properties
  - container_protection_delete
  - unix_priv_drop
  - pprof_http
  - proxy_haproxy_protocol
  - network_hwaddr
  - proxy_nat
  - network_nat_order
  - container_full
  - candid_authentication
  - backup_compression
  - candid_config
  - nvidia_runtime_config
  - storage_api_volume_snapshots
  - storage_unmapped
  - projects
  - candid_config_key
  - network_vxlan_ttl
  - container_incremental_copy
  - usb_optional_vendorid
  - snapshot_scheduling
  - snapshot_schedule_aliases
  - container_copy_project
  - clustering_server_address
  - clustering_image_replication
  - container_protection_shift
  - snapshot_expiry
  - container_backup_override_pool
  - snapshot_expiry_creation
  - network_leases_location
  - resources_cpu_socket
  - resources_gpu
  - resources_numa
  - kernel_features
  - id_map_current
  - event_location
  - storage_api_remote_volume_snapshots
  - network_nat_address
  - container_nic_routes
  - rbac
  - cluster_internal_copy
  - seccomp_notify
  - lxc_features
  - container_nic_ipvlan
  - network_vlan_sriov
  - storage_cephfs
  - container_nic_ipfilter
  - resources_v2
  - container_exec_user_group_cwd
  - container_syscall_intercept
  - container_disk_shift
  - storage_shifted
  - resources_infiniband
  - daemon_storage
  - instances
  - image_types
  - resources_disk_sata
  - clustering_roles
  - images_expiry
  - resources_network_firmware
  - backup_compression_algorithm
  - ceph_data_pool_name
  - container_syscall_intercept_mount
  - compression_squashfs
  - container_raw_mount
  - container_nic_routed
  - container_syscall_intercept_mount_fuse
  - container_disk_ceph
  - virtual-machines
  - image_profiles
  - clustering_architecture
  - resources_disk_id
  - storage_lvm_stripes
  - vm_boot_priority
  - unix_hotplug_devices
  - api_filtering
  - instance_nic_network
  - clustering_sizing
  - firewall_driver
  - projects_limits
  - container_syscall_intercept_hugetlbfs
  - limits_hugepages
  - container_nic_routed_gateway
  - projects_restrictions
  - custom_volume_snapshot_expiry
  - volume_snapshot_scheduling
  - trust_ca_certificates
  - snapshot_disk_usage
  - clustering_edit_roles
  - container_nic_routed_host_address
  - container_nic_ipvlan_gateway
  - resources_usb_pci
  - resources_cpu_threads_numa
  - resources_cpu_core_die
  - api_os
  - container_nic_routed_host_table
  - container_nic_ipvlan_host_table
  - container_nic_ipvlan_mode
  - resources_system
  - images_push_relay
  - network_dns_search
  - container_nic_routed_limits
  - instance_nic_bridged_vlan
  - network_state_bond_bridge
  - usedby_consistency
  - custom_block_volumes
  - clustering_failure_domains
  - resources_gpu_mdev
  - console_vga_type
  - projects_limits_disk
  - network_type_macvlan
  - network_type_sriov
  - container_syscall_intercept_bpf_devices
  - network_type_ovn
  - projects_networks
  - projects_networks_restricted_uplinks
  - custom_volume_backup
  - backup_override_name
  - storage_rsync_compression
  - network_type_physical
  - network_ovn_external_subnets
  - network_ovn_nat
  - network_ovn_external_routes_remove
  - tpm_device_type
  - storage_zfs_clone_copy_rebase
  - gpu_mdev
  - resources_pci_iommu
  - resources_network_usb
  - resources_disk_address
  - network_physical_ovn_ingress_mode
  - network_ovn_dhcp
  - network_physical_routes_anycast
  - projects_limits_instances
  - network_state_vlan
  - instance_nic_bridged_port_isolation
  - instance_bulk_state_change
  - network_gvrp
  - instance_pool_move
  - gpu_sriov
  - pci_device_type
  - storage_volume_state
  - network_acl
  - migration_stateful
  - disk_state_quota
  - storage_ceph_features
  - projects_compression
  - projects_images_remote_cache_expiry
  - certificate_project
  - network_ovn_acl
  - projects_images_auto_update
  - projects_restricted_cluster_target
  - images_default_architecture
  - network_ovn_acl_defaults
  - gpu_mig
  - project_usage
  - network_bridge_acl
  - warnings
  - projects_restricted_backups_and_snapshots
  - clustering_join_token
  - clustering_description
  - server_trusted_proxy
  - clustering_update_cert
  - storage_api_project
  - server_instance_driver_operational
  - server_supported_storage_drivers
  - event_lifecycle_requestor_address
  - resources_gpu_usb
  - clustering_evacuation
  - network_ovn_nat_address
  - network_bgp
  - network_forward
  - custom_volume_refresh
  - network_counters_errors_dropped
  - metrics
  - image_source_project
  - clustering_config
  - network_peer
  - linux_sysctl
  - network_dns
  - ovn_nic_acceleration
  - certificate_self_renewal
  - instance_project_move
  - storage_volume_project_move
  - cloud_init
  - network_dns_nat
  - database_leader
  - instance_all_projects
  - clustering_groups
  - ceph_rbd_du
  - instance_get_full
  - qemu_metrics
  - gpu_mig_uuid
  - event_project
  - clustering_evacuation_live
  - instance_allow_inconsistent_copy
  - network_state_ovn
  - storage_volume_api_filtering
  - image_restrictions
  - storage_zfs_export
  - network_dns_records
  - storage_zfs_reserve_space
  - network_acl_log
  - storage_zfs_blocksize
  - metrics_cpu_seconds
  - instance_snapshot_never
  - certificate_token
  - instance_nic_routed_neighbor_probe
  - event_hub
  - agent_nic_config
  - projects_restricted_intercept
  - metrics_authentication
  - images_target_project
  - cluster_migration_inconsistent_copy
  - cluster_ovn_chassis
  - container_syscall_intercept_sched_setscheduler
  - storage_lvm_thinpool_metadata_size
  - storage_volume_state_total
  - instance_file_head
  - instances_nic_host_name
  - image_copy_profile
  - container_syscall_intercept_sysinfo
  - clustering_evacuation_mode
  - resources_pci_vpd
  - qemu_raw_conf
  - storage_cephfs_fscache
  - network_load_balancer
  - vsock_api
  - instance_ready_state
  - network_bgp_holdtime
  - storage_volumes_all_projects
  - metrics_memory_oom_total
  - storage_buckets
  - storage_buckets_create_credentials
  - metrics_cpu_effective_total
  - projects_networks_restricted_access
  - storage_buckets_local
  - loki
  - acme
  - internal_metrics
  - cluster_join_token_expiry
  - remote_token_expiry
  - init_preseed
  - storage_volumes_created_at
  - cpu_hotplug
  - projects_networks_zones
  - network_txqueuelen
  api_status: stable
  api_version: "1.0"
  auth: trusted
  public: false
  auth_methods:
  - tls
  - candid
  environment:
  addresses:
  - '[2602:fc62:a:101::100]:8443'
  architectures:
  - x86_64
  - i686
  certificate: |
  -----BEGIN CERTIFICATE-----
  MIICBDCCAYqgAwIBAgIRAOupYfGg6AWCcQPfDIFPx1UwCgYIKoZIzj0EAwMwNDEc
  MBoGA1UEChMTbGludXhjb250YWluZXJzLm9yZzEUMBIGA1UEAwwLcm9vdEBhYnlk
  b3MwHhcNMjAxMjE0MTc1ODI0WhcNMzAxMjEyMTc1ODI0WjA0MRwwGgYDVQQKExNs
  aW51eGNvbnRhaW5lcnMub3JnMRQwEgYDVQQDDAtyb290QGFieWRvczB2MBAGByqG
  SM49AgEGBSuBBAAiA2IABBDMFYXKY2tQ+KM4vWfJNv88TLrDfvPpU3oiLPlXSY7y
  BtXd+Z+2yqHTOtvycru6JP8oOfktVCWAFRfCM2dzNFPk4Kg/PwVbTKxJtEV6DKhI
  Vp+WtSSL18GHvqbF3oPOKqNgMF4wDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoG
  CCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwKQYDVR0RBCIwIIIGYWJ5ZG9zhwR/AAAB
  hxAAAAAAAAAAAAAAAAAAAAABMAoGCCqGSM49BAMDA2gAMGUCMGDBmbiq79jfCkDD
  lCUgPjJ0yU8Lruidin/cRhhO7Tv6Mg/0JNmfOjFqDYw9r+3AygIxAPzUHdyGpY6N
  WwR99YQ7bokhzChvCC8SokBvfay9H/h4hGcHql2VSyjpEhbnWgy1kQ==
  -----END CERTIFICATE-----
  certificate_fingerprint: 1a9ab6d52b7647cb7585e2ab7ecbd5e440596dca1f00e875e65915167209ac06
  driver: lxc | qemu
  driver_version: 5.0.2 | 7.1.0
  firewall: xtables
  kernel: Linux
  kernel_architecture: x86_64
  kernel_features:
  idmapped_mounts: "true"
  netnsid_getifaddrs: "true"
  seccomp_listener: "true"
  seccomp_listener_continue: "true"
  shiftfs: "false"
  uevent_injection: "true"
  unpriv_fscaps: "true"
  kernel_version: 6.1.7+
  lxc_features:
  cgroup2: "true"
  core_scheduling: "true"
  devpts_fd: "true"
  idmapped_mounts_v2: "true"
  mount_injection_file: "true"
  network_gateway_device_route: "true"
  network_ipvlan: "true"
  network_l2proxy: "true"
  network_phys_macvlan_mtu: "true"
  network_veth_router: "true"
  pidfd: "true"
  seccomp_allow_deny_syntax: "true"
  seccomp_notify: "true"
  seccomp_proxy_send_notify_fd: "true"
  os_name: Ubuntu
  os_version: "20.04"
  project: sdeziel
  server: lxd
  server_clustered: true
  server_event_mode: full-mesh
  server_name: abydos
  server_pid: 5836
  server_version: "5.10"
  storage: ceph | cephfs
  storage_version: 17.2.5 | 17.2.5
  storage_supported_drivers:
  - name: btrfs
  version: 5.4.1
  remote: false
  - name: ceph
  version: 17.2.5
  remote: true
  - name: cephfs
  version: 17.2.5
  remote: true
  - name: cephobject
  version: 17.2.5
  remote: true
  - name: dir
  version: "1"
  remote: false
  - name: lvm
  version: 2.03.07(2) (2019-11-30) / 1.02.167 (2019-11-30) / 4.47.0
  remote: false

Issue description

On an instance hooked to an OVN network, changing a config key on the NIC causes the NIC to fall 'DOWN':

Steps to reproduce

1. Check the state of eth0:

   $ lxc info hdc:mx2 | grep -A 2 'eth0:$'
   eth0:
     Type: broadcast
     State: UP

2. Change a NIC config:

   lxc config device set hdc:mx2 eth0 ipv4.routes 172.24.0.0/16

3. Check the state of eth0:

   $ lxc info hdc:mx2 | grep -A 2 'eth0:$'
   eth0:
     Type: broadcast
     State: DOWN

Note: unset'ing the config key doesn't bring the NIC back 'UP'.

Additional information:

Instance config:

$ lxc config show hdc:mx2
architecture: x86_64
config:
  image.architecture: amd64
  image.description: Ubuntu jammy amd64 (20230112_07:42)
  image.os: Ubuntu
  image.release: jammy
  image.serial: "20230112_07:42"
  image.type: squashfs
  image.variant: default
  limits.memory: 1GiB
  volatile.base_image: e6d116cfb7844ffcf68dc48049e94f70c96f55cf08bd0b7901184b4481395d4b
  volatile.cloud-init.instance-id: b0e4d78a-5859-40b1-b93f-71c858b37f46
  volatile.eth0.host_name: vethb412afdc
  volatile.eth0.hwaddr: 00:16:3e:17:18:07
  volatile.idmap.base: "589824"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":589824,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":589824,"Nsid":0,"Maprange":65536}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":589824,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":589824,"Nsid":0,"Maprange":65536}]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
  volatile.last_state.ready: "false"
  volatile.uuid: 0cdd45c4-2271-4273-a62e-92fdeb6f712d
devices:
  eth0:
    ipv4.routes: 172.24.0.0/16
    ipv4.routes.external: 192.0.2.1/32
    name: eth0
    network: default
    security.acls: gw-hdc
    type: nic
ephemeral: false
profiles:
- default
stateful: false
description: ""

Network definition:

$ lxc network show hdc:default
config: {}
description: Default network (no DHCP because only the /32 is statically assigned)
name: default
type: ovn
used_by:
- /1.0/instances/mx2?project=sdeziel
- /1.0/profiles/default?project=sdeziel
managed: true
status: Created
locations:
- abydos
- langara
- orilla

Profile:

$ lxc profile show hdc:default
config:
  limits.cpu: "1"
  limits.memory: 320MiB
  limits.processes: "500"
  security.devlxd: "false"
  security.idmap.isolated: "true"
  security.nesting: "true"
  security.privileged: "false"
  security.protection.delete: "true"
  security.syscalls.deny_compat: "true"
  snapshots.expiry: 3d
  snapshots.schedule: '@daily, @startup'
description: Hardening
devices:
  eth0:
    name: eth0
    network: default
    type: nic
  root:
    path: /
    pool: ssd
    size: 4GiB
    type: disk
name: default
used_by:
- /1.0/instances/mx2?project=sdeziel

[tomponline]

Is this for a container or a VM?

I just tried a similar thing here and couldn't reproduce it. You're correct that modifying ipv4.routes.* will a cause the NIC to be removed and then re-added, as these particular settings (currently) are not considered "live updatable" (this is because the logic is all encapsulated inside the OVN port setup function).

But on re-adding the guest should detect the new eth0 interface and bring it up, at least it does on my test.

lxc network show ovn1
config:
  bridge.mtu: "1500"
  ipv4.address: 10.29.208.1/24
  ipv4.nat: "true"
  ipv6.address: fd42:5747:891:c3b9::1/64
  ipv6.nat: "true"
  network: lxdbr0
  volatile.network.ipv4.address: 10.21.203.11
  volatile.network.ipv6.address: fd42:ffdb:caff:baf7:216:3eff:febe:538c
description: ""
name: ovn1
type: ovn
used_by: []
managed: true
status: Created

lxc launch images-us:ubuntu/jammy c1 -n ovn1
lxc ls c1
+------+---------+--------------------+----------------------------------------------+-----------+-----------+
| NAME |  STATE  |        IPV4        |                     IPV6                     |   TYPE    | SNAPSHOTS |
+------+---------+--------------------+----------------------------------------------+-----------+-----------+
| c1   | RUNNING | 10.29.208.2 (eth0) | fd42:5747:891:c3b9:216:3eff:fe27:7aaa (eth0) | CONTAINER | 0         |
+------+---------+--------------------+----------------------------------------------+-----------+-----------+

lxc config device set c1 eth0 ipv4.routes=10.0.0.1/32
lxc ls c1
+------+---------+--------------------+----------------------------------------------+-----------+-----------+
| NAME |  STATE  |        IPV4        |                     IPV6                     |   TYPE    | SNAPSHOTS |
+------+---------+--------------------+----------------------------------------------+-----------+-----------+
| c1   | RUNNING | 10.29.208.2 (eth0) | fd42:5747:891:c3b9:216:3eff:fe27:7aaa (eth0) | CONTAINER | 0         |
+------+---------+--------------------+----------------------------------------------+-----------+-----------+

[simondeziel]

Is this for a container or a VM?

hdc:mx2 is a Ubuntu container running off of Stéphane's cluster (the one at Hive DC).

[tomponline]

If there is no DHCP, how is the network interface configured inside the instance?

[simondeziel]

Static IPv4 and SLAAC for IPv6:

$ lxc exec hdc:mx2 -- grep -v '#' /etc/netplan/10-lxc.yaml
network:
  version: 2
  ethernets:
    eth0:
      addresses:
        - 45.45.148.177/32
      routes:
        - to: 0.0.0.0/0
          via: 10.121.160.1
          on-link: true

[tomponline]

And if you bring the interface up manually inside the guest does it work again? And is it up on the host side?

[simondeziel]

When I do: lxc config device set hdc:mx2 eth0 ipv4.routes 172.24.0.0/16, I do see eth0 vanishing from the container and popping back but in DOWN state. Then running lxc exec hdc:mx2 -- ip link set eth0 up only restores the IPv6 thanks to SLAAC.

I have no visibility on the host side of things but Stéphane does.

[tomponline]

OK I tried this with Alpine connected to a bridge network and changed queue.tx.length, which would similar cause the device to be removed and re-added, and it exhibited the same behaviour. I think this is probably to do more with the network managed of the device inside the instance. Apparently when using DHCP it will reactivate the interface when it has been re-added and bring it back up.

[tomponline]

If bringing the device up manually works for SLAAC, that means the actual network connection is running, but the network config isn't being reapplied by the instance's operating system.

[tomponline]

I just tried images:ubuntu/jammy connected to an OVN network with this netplan config:

network:
  version: 2
  ethernets:
    eth0:
      addresses:
        - 10.29.208.2/32
      routes:
        - to: 0.0.0.0/0
          via: 10.29.208.1
          on-link: true

And changing the ipv4.routes setting still gets the IP re-applied.

After fresh boot:

networkctl status
●        State: routable                                     
  Online state: online                                       
       Address: 10.29.208.2 on eth0
                fd42:5747:891:c3b9:216:3eff:fe4f:71b8 on eth0
                fe80::216:3eff:fe4f:71b8 on eth0
       Gateway: 10.29.208.1 on eth0
                fe80::216:3eff:febe:538c on eth0

Jan 30 15:18:30 c1 systemd[1]: Starting Network Configuration...
Jan 30 15:18:30 c1 systemd-networkd[84]: Failed to increase receive buffer size for general netlink sock>
Jan 30 15:18:30 c1 systemd-networkd[84]: Failed to increase buffer size for device monitor, ignoring: Op>
Jan 30 15:18:30 c1 systemd-networkd[84]: eth0: Link UP
Jan 30 15:18:30 c1 systemd-networkd[84]: eth0: Gained carrier
Jan 30 15:18:30 c1 systemd-networkd[84]: lo: Link UP
Jan 30 15:18:30 c1 systemd-networkd[84]: lo: Gained carrier
Jan 30 15:18:30 c1 systemd-networkd[84]: Enumeration completed
Jan 30 15:18:30 c1 systemd[1]: Started Network Configuration.
Jan 30 15:18:32 c1 systemd-networkd[84]: eth0: Gained IPv6LL

Then:

lxc config device set c1 eth0 ipv4.routes=10.0.0.1/32

After

lxc shell c1
root@c1:~# networkctl status
●        State: routable                                     
  Online state: online                                       
       Address: 10.29.208.2 on eth0
                fd42:5747:891:c3b9:216:3eff:fe4f:71b8 on eth0
                fe80::216:3eff:fe4f:71b8 on eth0
       Gateway: 10.29.208.1 on eth0
                fe80::216:3eff:febe:538c on eth0

Jan 30 15:18:30 c1 systemd-networkd[84]: Enumeration completed
Jan 30 15:18:30 c1 systemd[1]: Started Network Configuration.
Jan 30 15:18:32 c1 systemd-networkd[84]: eth0: Gained IPv6LL
Jan 30 15:19:05 c1 systemd-networkd[84]: eth0: Link DOWN
Jan 30 15:19:05 c1 systemd-networkd[84]: eth0: Lost carrier
Jan 30 15:19:05 c1 systemd-networkd[84]: eth0: DHCPv6 lease lost
Jan 30 15:19:05 c1 systemd-networkd[84]: veth6ba4063e: Interface name change detected, renamed to eth0.
Jan 30 15:19:05 c1 systemd-networkd[84]: eth0: Link UP
Jan 30 15:19:05 c1 systemd-networkd[84]: eth0: Gained carrier
Jan 30 15:19:07 c1 systemd-networkd[84]: eth0: Gained IPv6LL

So I cannot reproduce the issue with netplan.

[simondeziel]

I always remove the networkd-dispatcher package, maybe it does something?

Here is the journalctl output I got after a fresh reboot:

root@mx2:~# journalctl -fu systemd-networkd
Jan 30 15:24:46 mx2 systemd-networkd[67]: lo: Gained carrier
Jan 30 15:24:46 mx2 systemd-networkd[67]: Enumeration completed
Jan 30 15:24:46 mx2 systemd[1]: Started Network Configuration.
Jan 30 15:24:46 mx2 systemd-networkd[67]: eth0: Gained IPv6LL
Jan 30 15:24:48 mx2 systemd-networkd[67]: wg-home: Link UP
Jan 30 15:24:48 mx2 systemd-networkd[67]: wg-home: Gained carrier

# $ lxc config device unset hdc:mx2 eth0 ipv4.routes

Jan 30 15:26:22 mx2 systemd-networkd[67]: eth0: Link DOWN
Jan 30 15:26:22 mx2 systemd-networkd[67]: eth0: Lost carrier
Jan 30 15:26:22 mx2 systemd-networkd[67]: eth0: DHCPv6 lease lost
Jan 30 15:26:24 mx2 systemd-networkd[67]: veth87dd6c1c: Interface name change detected, renamed to eth0.

# $ lxc exec hdc:mx2 -- ip link set eth0 up

Jan 30 15:27:41 mx2 systemd-networkd[67]: eth0: Link UP
Jan 30 15:27:41 mx2 systemd-networkd[67]: eth0: Gained carrier
Jan 30 15:27:42 mx2 systemd-networkd[67]: eth0: Gained IPv6LL

Then I only have the IPv6:

root@mx2:~# ip a show dev eth0
80: eth0@if81: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:17:18:07 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 2602:fc62:ff:1000:5e08:c4c:6809:30a/64 scope global temporary dynamic 
       valid_lft 604628sec preferred_lft 85978sec
    inet6 2602:fc62:ff:1000:216:3eff:fe17:1807/64 scope global dynamic mngtmpaddr 
       valid_lft forever preferred_lft forever
    inet6 fe80::216:3eff:fe17:1807/64 scope link 
       valid_lft forever preferred_lft forever

[simondeziel]

Also, running netplan apply fixes it for me, of course.

[tomponline]

Can you test it with a vanilla container without modification, to check if its something that has been added/removed/changed in your case?

[simondeziel]

Just created c1 (fresh images:ubuntu/jammy container) and isolated the problem to be disabling systemd-udevd in the container:

root@c1:~# systemctl mask --now systemd-udevd.service
Created symlink /etc/systemd/system/systemd-udevd.service → /dev/null.

Since the NIC is yanked out and plugged back in, it sounds legitimate to need udevd to react to the change. I don't understand why the NIC shows as DOWN once plugged back in though. Probably not LXD's fault but my own so closing.

Thanks Tom and sorry for the noise.

[tomponline]

Ah glad u found the issue.