When a container is stopped, there are still ARP and routing entries that remain on the hardware node.
[root@pcs ~]# vzlist 101 CTID NPROC STATUS IP_ADDR HOSTNAME 101 - stopped 10.39.81.29 test [root@pcs ~]# arp -anv | grep 10.39.81.29 ? (10.39.81.29) at * PERM PUP on eth1 ? (10.39.81.29) at * PERM PUP on eth0 [root@pcs ~]# ip route list | grep 10.39.81.29 10.39.81.29 dev venet0 scope link metric 1000
Why does this happen and how to prevent it?
Such behavior is explained by enabled offline management option for the container.
With offline management turned on, network requests on container's IP address(es) and port 4643 are still accepted by the hardware node and redirected to CT#1 and Power Panel service. Therefore, the routing entries and ARP cache should exist to allow managing the container in offline mode through Power Panel.
If offline management is not required, it can be switched off for a specific container:
# vzctl set 101 --offline_management off --save