search

containers / netavark

Container network stack
Apache License 2.0
512 stars 81 forks source link

macvlan network option metric doesn't change the metric with dhcp #1073

Open literatesnow opened 1 week ago

literatesnow commented 1 week ago

Hello

OS: Linux pi5 6.6.47-3-rpi containers/common#1 SMP PREEMPT Sat Aug 31 07:27:25 MDT 2024 aarch64 GNU/Linux Podman version: 5.2.2-1 Netavark version: 1.12.2-1

Preamble from related issue containers/common#2051 is identical:

I have a container attached to multiple macvlan networks. As some of the networks block access to the internet, my container sometimes can't access the internet as all routes have a default metric of 100.

I can now create a network with the metric option, which is great! However, it doesn't seem to take effect inside the container.

Background: There's 3 network interfaces on the host, one physical end0 and two vlan end0.100, end0.200. The vlan interfaces have metrics and end0.200 doesn't have a default gateway. All interfaces use DHCP.

$ id
uid=0(root) gid=0(root) groups=0(root)
$ ip route
default via 192.168.1.1 dev end0 proto dhcp src 192.168.1.101
default via 172.21.100.1 dev end0.100 proto dhcp src 172.21.100.101 metric 768
192.168.1.0/24 dev end0 proto kernel scope link src 192.168.1.101
172.21.100.0/24 dev end0.100 proto kernel scope link src 172.21.100.101 metric 768
172.31.200.0/24 dev end0.200 proto kernel scope link src 172.31.200.101 metric 1024
[...]

Creating the network with 3 different metric options (podman network inspect shows metric under options):

$ podman network create --driver macvlan --interface-name=end0 --ipam-driver=dhcp \
  --opt=metric=50 foo1
foo1
$ podman network create --driver macvlan --interface-name=end0.100 --ipam-driver=dhcp \
  --opt=metric=150 foo2
foo2
$ podman network create --driver macvlan --interface-name=end0.200 --ipam-driver=dhcp \
  --opt=metric=250 foo3
foo3

Running a container attached to all 3 networks:

$ podman run -ti --rm \
  "--network=foo3:mac=ba:d6:d5:c7:e6:7b" \
  "--network=foo2:mac=a6:87:e2:04:61:97" \
  "--network=foo1:mac=42:d3:60:fd:a8:92" \
  --entrypoint /bin/sh \
  docker.io/busybox:latest

Inside the container the metric is still 100:

/ # ip route
default via 192.168.1.1 dev eth2  metric 100
default via 172.21.100.1 dev eth1  metric 100
192.168.1.0/24 dev eth2 scope link  src 192.168.1.209
172.21.100.0/24 dev eth1 scope link  src 172.21.100.201
172.31.200.0/24 dev eth0 scope link  src 172.31.200.203
/ #

I'm expecting 192.168.1.1's metric to be 50 (end0) and 172.21.100.1's metric to be 150 (end0.100).

For more information on package versions and podman info please see attached.

Thanks!

Luap99 commented 1 week ago

Yeah this seems to be causes by the dhcp server not getting the mtu, if you use the host-local ipam driver it should work so this seems to be netavark bug then. Sorry it seems I didn't test with the dhcp driver last time around.