Relationship between interface "vethxxxxx" and container?

I already did that but no luck, checked with HWaddr also and tried to figured out anything I can find using docker inspect command but did not help.

Why is the veth* interfaces required? The veth* could be listed with the following command:
sudo brctl show

The brctl command has to be installed with:
sudo apt-get install bridge-utils

veth* interfaces are the interfaces which got created on host machine when we run container.

brctl show command does not give any extra information.

Refer section "Customizing docker0"
The sudo brctl show command lists an “interfaces” column.
https://docs.docker.com/v1.7/articles/networking/

It only shows the interfaces but does not provide any information to identify which interface belong to which container.

Would guess that the substring after “veth” is from container id or some other feature of a container.

veth65f9
vethdda6

Finding interfaces was never an issue.

Have already matched the substrings, no luck.

Did notice the same, container ids and veths have no correlation.

Container IDs

653b4af8e364051584c6d24b96ce073e1f02381583a86452ee0a637c44891961

582f443367ece24eac6fe18cf71cc77e31bdd25cce81ab2da035096687e5cb0c

Veths

veth2e2059d

veth30a5e73

Find the inet address for each container with docker inspect and compare with the inet address of the veth.

The order in which the containers and the veths are listed could be the same.

checked this also but no relationship found.

could be but can’t bet on it.

Should be verifiable. Stop one container. With one container running the single veth listed is for the container.

This can be found out by matching a container interface’s iflink value with a host veth interface’s ifindex value.

On the container, run :
cat /sys/class/net/eth0/iflink

And on the host, find a veth with an ifindex value matching the iflink value of your container’s interface :
cat /sys/class/net/vethXXXXXXX/ifindex

2 Likes

From host:

cat /sys/class/net/veth45562ed/iflink

768

ethtool -S veth45562ed

NIC statistics:
peer_ifindex: 767

From Container

6b63d46e1ac7# ethtool -S eth0
NIC statistics:
peer_ifindex: 768
6b63d46e1ac7:/# cat /sys/class/net/eth0/iflink
767
6b63d46e1ac7:/#

@khatribharat is correct; however, to be able to cat the files in question, you need cat available inside your container. I’m often working with containers that are simple compiled binaries and don’t have access to normal utilities. In that case, you can still get at the needed information, but it requires a little more work. So I made a script to correlate containers with their veth interfaces: https://github.com/micahculpepper/dockerveth

Example output:

[root@dockervisor-1 ~]# dockerveth
CONTAINER ID	VETH       	NAMES
60d27ce962ff	vethe353e93	hopeful_bhaskara
d07a2979e69a	vethe4c3cee	silly_meitner
1e8656e195ba	veth1ce04be	thirsty_meitner
1 Like

Another way, albeit not perfectly simple, is to first do a “docker ps” and see what ports a container is using.
Then do a “iptables -S -t nat” to see which bridge that port is DNAT:et to.

In order to identify the relation between the veth on the host and eth0 interface on the container, we can check the interfaces on the container using the following command:

[root@docker js]# docker exec -it dc ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
94: eth0@if95: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever

We can see that the eth0 is suffixed by if[number]. This number also prefixed to corresponding the host virtual interface (veth). To validate this, check the network interfaces on the host:

[root@docker js]# ip a | egrep veth
93: veth5e8ceb7@if92: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
95: veth3de0e04@if94: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default

great work! but output looks a bit distorted on Linux but it due to the fact that the scrip was created on Windows what required translation into the Linux world anyway, otherwise you get /bin/bash^M: bad interpreter as well descripbed in command line - Not able to execute a .sh file: /bin/bash^M: bad interpreter - Ask Ubuntu and Bash script and /bin/bash^M: bad interpreter: No such file or directory - Stack Overflow

If you find the previous script not convenient enough, I wrote another simple script to do this which I use in many cases.

https://github.com/cslev/find_veth_docker

It is as simple as it can be :wink:

1 Like