Relationship between interface "vethxxxxx" and container?

assupport · May 20, 2016, 7:53am

Hi All,

I have multiple containers running on my machine.
How do I figure out if which “vethxxxxx” interface(present on host) belongs to which container?

Is there any relation ship between the container id and its interface id?

Thanks.

dvohra · May 21, 2016, 3:29am

Which interface is referred to? A container has its own file system and networking, distinct from the host and the other containers.

assupport · May 21, 2016, 4:27am

Yes you are right.
When a container is launched it creates a peer interfaces, one inside the container named “eth0” and other on the host machine named vethxxxxxxx where “xxxxxxx” is a unique string.
For instance, I created one container on my machine whose id is “739628d1b56e4a3fe61f911b1417dd27825a625d2db33a5ccfdd17a1fd27106d” and its corresponding interace on host machine is “veth541f42b” .
Now if I create multiple containers on my machine, I am not able to track which interface belong to which container.
Is there a way to track it?

Thanks.

dvohra · May 21, 2016, 9:42pm

Multiple interfaces may not be getting created. What does the following command list?
ip addr show

assupport · May 22, 2016, 10:03am

Single container creates single interface on host machine, 2 containers create two interface on hosts and so on…
For example:
I have two containers running on my machine.
root@singh:~# docker ps --no-trunc
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
653b4af8e364051584c6d24b96ce073e1f02381583a86452ee0a637c44891961 ubuntu:14.04 “tailf /dev/null” About a minute ago Up About a minute elegant_hypatia
582f443367ece24eac6fe18cf71cc77e31bdd25cce81ab2da035096687e5cb0c ubuntu:14.04 “tailf /dev/null” About a minute ago Up About a minute prickly_joliot

And I have two interfaces on my machine which belong to these containers.
root@singh:~# ifconfig | grep -A7 veth
veth2e2059d Link encap:Ethernet HWaddr ce:88:4b:e3:28:d2 _
_ inet6 addr: fe80::cc88:4bff:fee3:28d2/64 Scope:Link
_ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1_
_ RX packets:8 errors:0 dropped:0 overruns:0 frame:0_
_ TX packets:62 errors:0 dropped:0 overruns:0 carrier:0_
_ collisions:0 txqueuelen:0 _
_ RX bytes:648 (648.0 B) TX bytes:7724 (7.7 KB)_

veth30a5e73 Link encap:Ethernet HWaddr 6e:25:29:2d:38:85 _
_ inet6 addr: fe80::6c25:29ff:fe2d:3885/64 Scope:Link
_ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1_
_ RX packets:8 errors:0 dropped:0 overruns:0 frame:0_
_ TX packets:35 errors:0 dropped:0 overruns:0 carrier:0_
_ collisions:0 txqueuelen:0 _
_ RX bytes:648 (648.0 B) TX bytes:4366 (4.3 KB)_

My question is which interface belongs to which container.

dvohra · May 22, 2016, 11:30am

Compare the IP Address to find.

assupport · May 22, 2016, 1:50pm

I already did that but no luck, checked with HWaddr also and tried to figured out anything I can find using docker inspect command but did not help.

dvohra · May 22, 2016, 4:30pm

Why is the veth* interfaces required? The veth* could be listed with the following command:
sudo brctl show

The brctl command has to be installed with:
sudo apt-get install bridge-utils

assupport · May 23, 2016, 4:32am

veth* interfaces are the interfaces which got created on host machine when we run container.

brctl show command does not give any extra information.

dvohra · May 23, 2016, 5:25pm

Refer section "Customizing docker0"
The sudo brctl show command lists an “interfaces” column.
https://docs.docker.com/v1.7/articles/networking/

assupport · May 26, 2016, 6:25am

It only shows the interfaces but does not provide any information to identify which interface belong to which container.

dvohra · May 26, 2016, 11:03am

Would guess that the substring after “veth” is from container id or some other feature of a container.

veth65f9
vethdda6

assupport · May 26, 2016, 12:06pm

Finding interfaces was never an issue.

Have already matched the substrings, no luck.

dvohra · May 26, 2016, 3:55pm

Did notice the same, container ids and veths have no correlation.

Container IDs

653b4af8e364051584c6d24b96ce073e1f02381583a86452ee0a637c44891961

582f443367ece24eac6fe18cf71cc77e31bdd25cce81ab2da035096687e5cb0c

Veths

veth2e2059d

veth30a5e73

dvohra · May 26, 2016, 4:03pm

Find the inet address for each container with docker inspect and compare with the inet address of the veth.

dvohra · May 26, 2016, 4:12pm

The order in which the containers and the veths are listed could be the same.

assupport · May 26, 2016, 4:50pm

checked this also but no relationship found.

assupport · May 26, 2016, 4:51pm

could be but can’t bet on it.

dvohra · May 26, 2016, 4:59pm

Should be verifiable. Stop one container. With one container running the single veth listed is for the container.

khatribharat · February 6, 2017, 3:17pm

This can be found out by matching a container interface’s iflink value with a host veth interface’s ifindex value.

On the container, run :
cat /sys/class/net/eth0/iflink

And on the host, find a veth with an ifindex value matching the iflink value of your container’s interface :
cat /sys/class/net/vethXXXXXXX/ifindex