Article ID: 118952, created on Dec 1, 2013, last review on May 8, 2014

  • Applies to:
  • Virtuozzo
  • Virtuozzo containers for Linux
  • Virtuozzo hypervisor


Container is not reachable after migration and becomes available only after some time, when the ARP cache expires on the routers.

The container IPs belong to a VLAN, configured in the network and on both source and destination hardware nodes.

The destination server has Intel i350 network card.


Intel i350 network card comes with a feature the blocks potentially malicious traffic. This feature is enabled by default and the NIC silently drops packets, generated by Virtuozzo to make ARP announcement about the arrived container IPs. Specifically packets, generated by arpsend utility are blocked.

This is recognized as a Red Hat mainstream bug (access for RH subscribers only).


Until the issue is completely fixed in the mainstream kernel, the following workaround can be suggested:

# echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
# arping -c 2 -s <container_ip> -U -I <interface> <destination>
# echo 0 > /proc/sys/net/ipv4/ip_nonlocal_bind

These commands should be run on the destination server right after the migration.

a26b38f94253cdfbf1028d72cf3a498b 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb 0dd5b9380c7d4884d77587f3eb0fa8ef

Email subscription for changes to this article
Save as PDF