Open dlamotte opened 6 years ago
Would running the arptables
binary in a docker container with --net=host
not be sufficient?
For sure. That's what I'm doing right now. Just thought it'd be nice to actually just have it as part of the image and wanted to ask.
We do generally add common/small networking tools since networking problems may make it difficult to run a container at all. Adding this seems reasonable to me.
Issue Report
Feature Request
Please add
arptables
binary to Container Linux. (the correspondingarp_tables
kernel module is already available)Environment
What hardware/cloud provider/hypervisor is being used to run Container Linux?
Bare metal.
NAME="Container Linux by CoreOS" ID=coreos VERSION=1632.3.0 VERSION_ID=1632.3.0 BUILD_ID=2018-02-14-0338 PRETTY_NAME="Container Linux by CoreOS 1632.3.0 (Ladybug)" ANSI_COLOR="38;5;75" HOME_URL="https://coreos.com/" BUG_REPORT_URL="https://issues.coreos.com" COREOS_BOARD="amd64-usr"
Desired Feature
Other Information
Trying to use a VIP across multiple hosts in the same L2 and noticing that no matter what interface I put the VIP on, it is arp'd out. (tried
lo
and adummy0
interface;NOARP
ondummy0
appears to be ignored unless I'm mis-understanding the feature) Some digging led me to some LVS articles where folks were griping about this. At this point, I "fixed" the behavior by simply runningarptables
in a privileged container and adding a rule to drop all arp output for the VIP.