Relationship between interface "vethxxxxx" and container?

snayak12 · September 1, 2017, 9:00am

From host:

cat /sys/class/net/veth45562ed/iflink

768

ethtool -S veth45562ed

NIC statistics:
peer_ifindex: 767

From Container

6b63d46e1ac7# ethtool -S eth0
NIC statistics:
peer_ifindex: 768
6b63d46e1ac7:/# cat /sys/class/net/eth0/iflink
767
6b63d46e1ac7:/#

micahculpepper · November 4, 2017, 1:47am

@khatribharat is correct; however, to be able to cat the files in question, you need cat available inside your container. I’m often working with containers that are simple compiled binaries and don’t have access to normal utilities. In that case, you can still get at the needed information, but it requires a little more work. So I made a script to correlate containers with their veth interfaces: https://github.com/micahculpepper/dockerveth

Example output:

[root@dockervisor-1 ~]# dockerveth
CONTAINER ID	VETH       	NAMES
60d27ce962ff	vethe353e93	hopeful_bhaskara
d07a2979e69a	vethe4c3cee	silly_meitner
1e8656e195ba	veth1ce04be	thirsty_meitner

lboc · January 16, 2019, 12:54pm

Another way, albeit not perfectly simple, is to first do a “docker ps” and see what ports a container is using.
Then do a “iptables -S -t nat” to see which bridge that port is DNAT:et to.

greenchillies88 · June 13, 2019, 5:44am

In order to identify the relation between the veth on the host and eth0 interface on the container, we can check the interfaces on the container using the following command:

[root@docker js]# docker exec -it dc ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 94: eth0@if95: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever
We can see that the eth0 is suffixed by if[number]. This number also prefixed to corresponding the host virtual interface (veth). To validate this, check the network interfaces on the host:
[root@docker js]# ip a | egrep veth 93: veth5e8ceb7@if92: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 95: veth3de0e04@if94: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default

packelend · December 30, 2019, 3:34pm

great work! but output looks a bit distorted on Linux but it due to the fact that the scrip was created on Windows what required translation into the Linux world anyway, otherwise you get /bin/bash^M: bad interpreter as well descripbed in command line - Not able to execute a .sh file: /bin/bash^M: bad interpreter - Ask Ubuntu and Bash script and /bin/bash^M: bad interpreter: No such file or directory - Stack Overflow

cslev · May 20, 2020, 1:40am

If you find the previous script not convenient enough, I wrote another simple script to do this which I use in many cases.

https://github.com/cslev/find_veth_docker

It is as simple as it can be