Containers: Network Bridging
Closed, ResolvedPublicFEATURE REQUEST
Actions

Assigned To

Authored By

	kroy
	Aug 22 2021, 11:44 PM

Description

This is breaking apart the network bridging and Containerfile building aspects from T3766 for better tracking

containers 
network service01 {
     enable-bridging
     prefix 10.72.1.0/24
 }

This change is the enable-bridging in the network. This disables the masquerading functionality of the network and exposes the network directly.

So a traceroute through my desktop. Hop #2 is the VyOS install running the container.

❯ traceroute 10.72.1.202
traceroute to 10.72.1.202 (10.72.1.202), 30 hops max, 60 byte packets
 1  route01.lan.kroy.io (10.9.1.3)  0.662 ms  0.618 ms  0.606 ms
 2  10.245.245.9 (10.245.245.9)  0.860 ms  0.699 ms  0.838 ms
 3  10.72.1.202 (10.72.1.202)  0.881 ms  0.870 ms  0.860 ms

There are two outstanding things from this that I'm not fully sure how to resolve.

Right now this works flawlessly with zone based firewalls. But I'm not sure what to do to allow this interface to use traditional firewalling. Does it just need to include a template?

set zone-policy zone LAN interface cni-podman0

cnd-podman0 is now available for use in NAT/firewalling/etc. But it's ugly and not very VyOS-y. This can be changed, but I'm not sure to what. container0, container1 etc? Whatever this ends up being would also have to be added to the list-interfaces.py script.

Details

Difficulty level: Unknown (require assessment)
Version: 1.4-rollin
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Unspecified (possibly destroys the router)

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Resolved	FEATURE REQUEST	kroy	T3766 containers: Expanding options for networking and building containers
		Resolved	FEATURE REQUEST	kroy	T3769 Containers: Network Bridging