we’re using LXC containers to host multiple workloads on the same physical servers. e.g. few instances of database servers running side-by-side.<\/p>\n
once in a while we end up with strange situation where tcp connections between containers running on the same physical server get torn down abruptly. in our case – this manifested e.g. by those errors: Caused by: java.net.SocketException: Connection reset<\/i> or The last packet successfully received from the server was 415 milliseconds ago. The last packet sent successfully to the server was 0 milliseconds ago.com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure<\/i>.<\/p>\n
it seems there’s a random issue where container’s network stack is not properly cleaned after container reboot or shutdown. mentions of similar cases: 1<\/a>, 2<\/a>.<\/p>\n in result we have multiple IP stacks having the same IP and the same MAC address. this manifests in 2 ARP responses sent to a single ARP who-has reply:<\/p>\n once diagnosed remediation is simple: either reboot the whole lxc server or identify and delete no-longer-needed vethXXXXX interfaces.<\/p>\n how to find out which interface is orphaned?<\/p>\n how to avoid it? hopefully by explicitly naming network interfaces for guests created on the host – in \/var\/lib\/lxc\/guest\/config:<\/p>\n resources that were helpful:<\/p>\n we’re using LXC containers to host multiple workloads on the same physical servers. e.g. few instances of database servers running side-by-side. once in a while we end up with strange situation where tcp connections between containers running on the same physical server get torn down abruptly. in our case – this manifested e.g. by those […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17,51],"tags":[47,85],"class_list":["post-3231","post","type-post","status-publish","format-standard","hentry","category-tech","category-unimportant","tag-linux-networking","tag-lxc"],"_links":{"self":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/3231","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/comments?post=3231"}],"version-history":[{"count":7,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/3231\/revisions"}],"predecessor-version":[{"id":3240,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/3231\/revisions\/3240"}],"wp:attachment":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/media?parent=3231"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/categories?post=3231"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/tags?post=3231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\r\nroot@someserver:~# arping -c 1 somelxccontainer\r\nARPING 172.16.1.21\r\n42 bytes from 00:ff:1a:1e:ba:21 (172.16.1.21): index=0 time=7.881 usec\r\n42 bytes from 00:ff:1a:1e:ba:21 (172.16.1.21): index=1 time=22.879 usec\r\n\r\n--- 172.16.17.21 statistics ---\r\n1 packets transmitted, 2 packets received, 0% unanswered (1 extra)\r\nrtt min\/avg\/max\/std-dev = 0.008\/0.015\/0.023\/0.007 ms\r\n<\/pre>\n
\r\nbrctl show\r\nbridge name bridge id STP enabled interfaces\r\nbr0 8000.fe0023c26675 no veth1KCRWX\r\n veth7G72IS\r\n vethBH3Q2G\r\n vethBMW0L7\r\n vethEUGFKO\r\n vethGRH1MH\r\n vethJ7RPXB\r\n vethJGTBAH\r\n vethPE6HWW\r\n vethPUKEU5\r\n vethTCVY3G\r\n vethVH9TQH\r\n<\/pre>\n
\n
\r\nlxc.net.1.veth.pair = veth0-nameOfOurGuest\r\n<\/pre>\n
\n