LXC networking issues

[Subbeh]

Hi all,

I have an LXC running Ubuntu 22.04, which I'm trying to move to a new LXC running Debian 12.

Running the exact same LXC configuration somehow results in initial SSH connections to the container taking minutes or more to succeed:

$ ssh root@10.11.20.203 -vvv 2>&1 | ts -s
00:00:00 OpenSSH_9.4p1, OpenSSL 3.1.2 1 Aug 2023
00:00:00 debug1: Reading configuration data /home/myuser/.ssh/config
00:00:00 debug3: /home/myuser/.ssh/config line 1: Including file /home/myuser/.ssh/config.d/hosts depth 0
00:00:00 debug1: Reading configuration data /home/myuser/.ssh/config.d/hosts
00:00:00 debug1: /home/myuser/.ssh/config line 9: Applying options for *
00:00:00 debug1: Reading configuration data /etc/ssh/ssh_config
00:00:00 debug1: /etc/ssh/ssh_config line 2: include /etc/ssh/ssh_config.d/*.conf matched no files
00:00:00 debug2: resolve_canonicalize: hostname 10.11.20.203 is address
00:00:00 debug3: ssh_connect_direct: entering
00:00:00 debug1: Connecting to 10.11.20.203 [10.11.20.203] port 22.
00:00:00 debug3: set_sock_tos: set socket 3 IP_TOS 0x48
00:00:00 debug1: Connection established.
00:00:00 debug1: identity file /home/myuser/.ssh/keys/id_ed25519 type 3
00:00:00 debug1: identity file /home/myuser/.ssh/keys/id_ed25519-cert type -1
00:00:00 debug1: Local version string SSH-2.0-OpenSSH_9.4
[... STUCK for 1:34 minutes ...]
00:01:34 debug1: Remote protocol version 2.0, remote software version OpenSSH_9.2p1 Debian-2
[... CONTINUES SUCCESSFULLY...]

The LXC config files are identical (except for the vmid, mac address, and hostname):

arch: amd64
cores: 2
features: fuse=1,mount=nfs,nesting=1
hostname: debian
memory: 4096
nameserver: 10.11.20.1
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=82:1A:03:83:29:E7,ip=dhcp,ip6=dhcp,tag=20,type=veth
onboot: 0
ostype: debian
rootfs: local-lvm:vm-130-disk-0,size=10G
swap: 0

After some debugging, I noticed these differences in the ip config and routing table between the Ubuntu LXC and the Debian LXC:

[UBUNTU LXC]
root@ubuntu:~# ip a show eth0
2: eth0@if62: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 6a:e8:9f:55:d3:64 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.11.20.30/24 metric 1024 brd 10.11.20.255 scope global dynamic eth0
       valid_lft 4640sec preferred_lft 4640sec
    inet6 fe80::68e8:9fff:fe55:d364/64 scope link
       valid_lft forever preferred_lft forever

root@ubuntu:~# ip route
default via 10.11.20.1 dev eth0 proto dhcp src 10.11.20.30 metric 1024
10.11.20.0/24 dev eth0 proto kernel scope link src 10.11.20.30 metric 1024
10.11.20.1 dev eth0 proto dhcp scope link src 10.11.20.30 metric 1024

[DEBIAN LXC]
root@debian:/# ip a show eth0
2: eth0@if91: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 82:1a:03:83:29:e7 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.11.20.203/24 brd 10.11.20.255 scope global dynamic eth0
       valid_lft 5020sec preferred_lft 5020sec
    inet6 fe80::801a:3ff:fe83:29e7/64 scope link
       valid_lft forever preferred_lft forever

root@debian:/# ip route
default via 10.11.20.1 dev eth0
10.11.20.0/24 dev eth0 proto kernel scope link src 10.11.20.203

After applying the same routes to the Debian container, it all seems to work:

$ ip route del default via 10.11.20.1 dev eth0
$ ip route del 10.11.20.0/24 dev eth0 proto kernel scope link src 10.11.20.203

$ ip route add default via 10.11.20.1 dev eth0 proto dhcp src 10.11.20.203 metric 1024
$ ip route add 10.11.20.0/24 dev eth0 proto kernel scope link src 10.11.20.203 metric 1024
$ ip route add 10.11.20.1 dev eth0 proto dhcp scope link src 10.11.20.203 metric 1024

With my limited networking knowledge, could someone please explain what is going wrong?!

Are there any additional steps I should take for setting up my Debian container without having to manually hack the network config together?