Multiple LXD containers on single macvlan interface

0
votes

I'm a little confused as to how the following scenario works. It's a very simple setup, so I hope the explanation is simple.

I have a host with a single physical NIC. I create a single macvlan sub-interface in bridge mode off this physical NIC. Then I start up two LXD/LXC containers. Each with their own unique MAC and IP, but in the profile, I specify the same single macvlan sub-interface as each container's parent interface.

Both containers have access to the network without issue. I'm also able to SSH into each container using each container's unique IP address. This is the bit that confuses me:

How is all of this working underneath the hood? Both containers are using the single macvlan MAC/IP when accessing the external world. Isn't there going to be some sort of collision? Shouldn't this not work? Shouldn't I need one macvlan subinterface per container? Is there some sort of NAT going on here?

macvlan isn't documented much, hoping someone out there can help out.

1
networkingiptableslxcnetfilterlxd
You should head over to discuss.linuxcontainers.org to ask, the LXD/LXC community is a little sparse on stackoverflow, also stackoverflow is for programming related questions. - Lawrence Cherone

1 Answers

1
votes

There isn't NATing per say as that is at the IP layer -- MACs are the link layer -- but it is a similar result.

All of the MACs (the NIC's and the macvlan's) will get routed through the same link that goes to the NIC. The NIC device driver will then route the traffic to the correct interface (virtual or not) which puts it to one of the guests or to the host. You can think of macvlan's as virtual switches.