cgonyeo
commented
6 years ago Would running the arptables binary in a docker container with --net=host not be sufficient?
Open dlamotte opened 6 years ago
cgonyeo
commented
6 years ago Would running the arptables binary in a docker container with --net=host not be sufficient?
dlamotte
commented
6 years ago For sure. That's what I'm doing right now. Just thought it'd be nice to actually just have it as part of the image and wanted to ask.
euank
commented
6 years ago We do generally add common/small networking tools since networking problems may make it difficult to run a container at all. Adding this seems reasonable to me.
Issue Report
Feature Request
Please add
arptablesbinary to Container Linux. (the correspondingarp_tableskernel module is already available)Environment
What hardware/cloud provider/hypervisor is being used to run Container Linux?
Bare metal.
NAME="Container Linux by CoreOS" ID=coreos VERSION=1632.3.0 VERSION_ID=1632.3.0 BUILD_ID=2018-02-14-0338 PRETTY_NAME="Container Linux by CoreOS 1632.3.0 (Ladybug)" ANSI_COLOR="38;5;75" HOME_URL="https://coreos.com/" BUG_REPORT_URL="https://issues.coreos.com" COREOS_BOARD="amd64-usr"
Desired Feature
Other Information
Trying to use a VIP across multiple hosts in the same L2 and noticing that no matter what interface I put the VIP on, it is arp'd out. (tried
loand adummy0interface;NOARPondummy0appears to be ignored unless I'm mis-understanding the feature) Some digging led me to some LVS articles where folks were griping about this. At this point, I "fixed" the behavior by simply runningarptablesin a privileged container and adding a rule to drop all arp output for the VIP.