Docker Community Forums

Share and learn in the Docker community.

Relationship between interface "vethxxxxx" and container?


(Assupport) #3

Yes you are right.
When a container is launched it creates a peer interfaces, one inside the container named “eth0” and other on the host machine named vethxxxxxxx where “xxxxxxx” is a unique string.
For instance, I created one container on my machine whose id is “739628d1b56e4a3fe61f911b1417dd27825a625d2db33a5ccfdd17a1fd27106d” and its corresponding interace on host machine is “veth541f42b” .
Now if I create multiple containers on my machine, I am not able to track which interface belong to which container.
Is there a way to track it?

Thanks.


(Dvohra) #4

Multiple interfaces may not be getting created. What does the following command list?
ip addr show


(Assupport) #5

Single container creates single interface on host machine, 2 containers create two interface on hosts and so on…
For example:
I have two containers running on my machine.
root@singh:~# docker ps --no-trunc
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
653b4af8e364051584c6d24b96ce073e1f02381583a86452ee0a637c44891961 ubuntu:14.04 “tailf /dev/null” About a minute ago Up About a minute elegant_hypatia
582f443367ece24eac6fe18cf71cc77e31bdd25cce81ab2da035096687e5cb0c ubuntu:14.04 “tailf /dev/null” About a minute ago Up About a minute prickly_joliot

And I have two interfaces on my machine which belong to these containers.
root@singh:~# ifconfig | grep -A7 veth
veth2e2059d Link encap:Ethernet HWaddr ce:88:4b:e3:28:d2 _
_ inet6 addr: fe80::cc88:4bff:fee3:28d2/64 Scope:Link

_ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1_
_ RX packets:8 errors:0 dropped:0 overruns:0 frame:0_
_ TX packets:62 errors:0 dropped:0 overruns:0 carrier:0_
_ collisions:0 txqueuelen:0 _
_ RX bytes:648 (648.0 B) TX bytes:7724 (7.7 KB)_

veth30a5e73 Link encap:Ethernet HWaddr 6e:25:29:2d:38:85 _
_ inet6 addr: fe80::6c25:29ff:fe2d:3885/64 Scope:Link

_ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1_
_ RX packets:8 errors:0 dropped:0 overruns:0 frame:0_
_ TX packets:35 errors:0 dropped:0 overruns:0 carrier:0_
_ collisions:0 txqueuelen:0 _
_ RX bytes:648 (648.0 B) TX bytes:4366 (4.3 KB)_

My question is which interface belongs to which container.


(Dvohra) #6

Compare the IP Address to find.


(Assupport) #7

I already did that but no luck, checked with HWaddr also and tried to figured out anything I can find using docker inspect command but did not help.


(Dvohra) #8

Why is the veth* interfaces required? The veth* could be listed with the following command:
sudo brctl show

The brctl command has to be installed with:
sudo apt-get install bridge-utils


(Assupport) #9

veth* interfaces are the interfaces which got created on host machine when we run container.

brctl show command does not give any extra information.


(Dvohra) #10

Refer section "Customizing docker0"
The sudo brctl show command lists an “interfaces” column.
https://docs.docker.com/v1.7/articles/networking/


(Assupport) #11

It only shows the interfaces but does not provide any information to identify which interface belong to which container.


(Dvohra) #12

Would guess that the substring after “veth” is from container id or some other feature of a container.

veth65f9
vethdda6


(Assupport) #13

Finding interfaces was never an issue.

Have already matched the substrings, no luck.


(Dvohra) #14

Did notice the same, container ids and veths have no correlation.

Container IDs

653b4af8e364051584c6d24b96ce073e1f02381583a86452ee0a637c44891961

582f443367ece24eac6fe18cf71cc77e31bdd25cce81ab2da035096687e5cb0c

Veths

veth2e2059d

veth30a5e73


(Dvohra) #15

Find the inet address for each container with docker inspect and compare with the inet address of the veth.


(Dvohra) #16

The order in which the containers and the veths are listed could be the same.


(Assupport) #17

checked this also but no relationship found.


(Assupport) #18

could be but can’t bet on it.


(Dvohra) #19

Should be verifiable. Stop one container. With one container running the single veth listed is for the container.


(Khatribharat) #20

This can be found out by matching a container interface’s iflink value with a host veth interface’s ifindex value.

On the container, run :
cat /sys/class/net/eth0/iflink

And on the host, find a veth with an ifindex value matching the iflink value of your container’s interface :
cat /sys/class/net/vethXXXXXXX/ifindex


(Snayak12) #22

From host:

cat /sys/class/net/veth45562ed/iflink

768

ethtool -S veth45562ed

NIC statistics:
peer_ifindex: 767

From Container

6b63d46e1ac7# ethtool -S eth0
NIC statistics:
peer_ifindex: 768
6b63d46e1ac7:/# cat /sys/class/net/eth0/iflink
767
6b63d46e1ac7:/#


(Micahculpepper) #23

@khatribharat is correct; however, to be able to cat the files in question, you need cat available inside your container. I’m often working with containers that are simple compiled binaries and don’t have access to normal utilities. In that case, you can still get at the needed information, but it requires a little more work. So I made a script to correlate containers with their veth interfaces: https://github.com/micahculpepper/dockerveth

Example output:

[root@dockervisor-1 ~]# dockerveth
CONTAINER ID	VETH       	NAMES
60d27ce962ff	vethe353e93	hopeful_bhaskara
d07a2979e69a	vethe4c3cee	silly_meitner
1e8656e195ba	veth1ce04be	thirsty_meitner