Skip to main content

How to map Docker container's eth0 interface to its host VethXXX interface

In order to troubleshoot a network issue, we will need to figure out the veth end points connecting a container to its host. There are multiple ways of going about this problem, I will show 2 simple ways and point out to a third.

# Technique-1: Quick & Simple

Get the interface details inside the container:

/ # ip addr show eth0
9: eth0@if10: mtu 1500 qdisc noqueue
    link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever


The output is telling us that, the veth has two end points. One end point is called eth0@if10 which is assigned to the container and on the host the other end point will be named as vethxxx@if9.

Lets check the host to confirm this.

root@botserver1:~# ip a | grep  veth
10: vetha708f89@if9: mtu 1500 qdisc noqueue master docker0 state UP group default

Cool. The host has a vetha708f89@if9 which is saying its mapped to if10 interface on the container.

# Technique-2:
This technique explores the under-hood mechanism followed by Technique-1. When we go into details, the iflink of the container is the same as the ifindex of the vethxxx. So by extracting these values we can establish the link between the container and host's interfaces.

On the container, get the iflink value by executing:
/ # cat /sys/class/net/eth0/iflink (Note: eth0 is the interface we are interested in)
10

On the host, get the ifindex of the vethxxx by executing:
root@botserver1:~# grep -l 10 /sys/class/net/veth*/ifindex
/sys/class/net/vetha708f89/ifindex

Great. We have identified the veth interface that is connected to the container.

The same in script form:

#!/bin/bash
for container in $(docker ps -q); do
    iflink=`docker exec -it $container bash -c 'cat /sys/class/net/eth0/iflink'`
    iflink=`echo $iflink|tr -d '\r'`
    veth=`grep -l $iflink /sys/class/net/veth*/ifindex`
    veth=`echo $veth|sed -e 's;^.*net/\(.*\)/ifindex$;\1;'`
    echo $container:$veth
done


# Technique-3
In case, the container does not have cat or any necessary utilities you can try out this script @ https://github.com/micahculpepper/dockerveth/blob/master/dockerveth.sh

References:
* https://superuser.com/questions/1183454/finding-out-the-veth-interface-of-a-docker-container

Comments

Popular posts from this blog

Solved: Fix for Git clone failure due to GnuTLS recv error (-9)

My devstack installation was failing with an error reported by the GnuTLS module as shown below: $ git clone https://github.com/openstack/horizon.git /opt/stack/horizon --branch master Cloning into '/opt/stack/horizon'... remote: Counting objects: 154213, done. remote: Compressing objects: 100% (11/11), done. error: RPC failed; curl 56 GnuTLS recv error (-9): A TLS packet with unexpected length was received. fatal: The remote end hung up unexpectedly fatal: early EOF fatal: index-pack failed The following Git config changes fixed the issue for me. Am hoping it will be useful for someone out there: $ git config http.sslVerify false $ git config --global http.postBuffer 1048576000

QuickBite: Tap Vs Veth

Linux supports virtual networking via various artifacts such as: Soft Switches (Linux Bridge, OpenVSwitch) Virtual Network Adapters (tun, tap, veth and a few more) In this blog, we will look at the virtual network adapters tap and veth. From a practical view point, both seem to be having the same functionality and its a bit confusing as to where to use what. A quick definition of tap/veth is as follows: TAP A TAP is a simulated interface which exists only in the kernel and has no physical component associated with it. It can be viewed as a simple Point-to-Point or Ethernet device, which instead of receiving packets from a physical media, receives them from user space program and instead of sending packets via physical media writes them to the user space program. When a user space program (in our case the VM) gets attached to the tap interface it gets hold of a file descriptor, reading from which gives it the data being sent on the tap interface. Writing to the file descri...

[Solved] Fixing ping: ***** : Name or service not known issue

I have a Virtualbox VM running Ubuntu 19.05 Desktop version and the network is managed by NetworkManager. It has two interfaces attached to NAT and HostOnly networks. Due to some reason, I was not able to ping my office site and when I looked up in resolv.conf I see that its a symbolic link auto generated by systemd-resolve. One thing that caught my attention was that the name server was set as below: nameserver 127.0.0.53 The following sequence of steps helped me in resolving this issue: UI NetworkManager --> IPV4 --> Set DNS to Manual and add 1.1.1.1, 8.8.8.8 for dns. Then run the below command sudo dhclient Hope this helps someone out there.