Damien/arista-evpn-vxlan-clab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Host bond interfaces: slaves not attaching to bond #10

New Issue
Closed
opened 2025-11-28 14:24:06 +00:00 by Damien · 0 comments
Damien commented 2025-11-28 14:24:06 +00:00
Owner
Copy Link

Problem

Even after fixing the topology, host bond interfaces still show DOWN due to Docker capability limitations preventing interface enslaving.

Root Cause

ContainerLab's Linux containers don't have NET_ADMIN capability by default, causing Operation not permitted errors when trying to enslave interfaces to a bond.

Solution Applied

Simplified the design - removed bonding entirely and made hosts single-homed:

  • Hosts now use simple VLAN interfaces directly on eth1 (e.g., eth1.40, eth1.34)
  • Hosts connect to only one leaf switch (no dual-homing)
  • MLAG is still configured on leafs but hosts don't use it

New Host Configuration

  • host1: Connected to leaf1 only, uses eth1.40 for VLAN 40
  • host2: Connected to leaf3 only, uses eth1.34 for VLAN 34 (VRF gold)
  • host3: Connected to leaf5 only, uses eth1.40 for VLAN 40
  • host4: Connected to leaf7 only, uses eth1.78 for VLAN 78 (VRF gold)

This simpler design avoids Docker capability issues while still testing L2 and L3 VXLAN functionality over the EVPN fabric.

Alternative (if dual-homing needed)

To use MLAG with dual-homed hosts, would need to run ContainerLab with privileged containers or add specific capabilities.

## Problem Even after fixing the topology, host bond interfaces still show DOWN due to Docker capability limitations preventing interface enslaving. ## Root Cause ContainerLab's Linux containers don't have NET_ADMIN capability by default, causing `Operation not permitted` errors when trying to enslave interfaces to a bond. ## Solution Applied ✅ **Simplified the design** - removed bonding entirely and made hosts single-homed: - Hosts now use simple VLAN interfaces directly on eth1 (e.g., eth1.40, eth1.34) - Hosts connect to only one leaf switch (no dual-homing) - MLAG is still configured on leafs but hosts don't use it ### New Host Configuration - **host1**: Connected to leaf1 only, uses eth1.40 for VLAN 40 - **host2**: Connected to leaf3 only, uses eth1.34 for VLAN 34 (VRF gold) - **host3**: Connected to leaf5 only, uses eth1.40 for VLAN 40 - **host4**: Connected to leaf7 only, uses eth1.78 for VLAN 78 (VRF gold) This simpler design avoids Docker capability issues while still testing L2 and L3 VXLAN functionality over the EVPN fabric. ## Alternative (if dual-homing needed) To use MLAG with dual-homed hosts, would need to run ContainerLab with privileged containers or add specific capabilities.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Damien
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Damien/arista-evpn-vxlan-clab#10
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?