Page MenuHomeVyOS Platform
Create Task
Maniphest T3968

Add network type ptp (veth) for containers
Open, WishlistPublicFEATURE REQUEST
Actions

Description

By default network type is a bridge.
Allow ptp plugin to work with network namespaces
https://www.cni.dev/plugins/current/main/ptp/

Proposed syntax:

set container network xxx type bridge(default)|ptp

There is an example for CNI ptp:

{
  "cniVersion": "0.4.0",
  "name": "ptp",
  "plugins": [
    {
      "type": "ptp",
      "isGateway": false,
      "ipMasq": false,
      "hairpinMode": false,
      "ipam": {
        "type": "host-local",
        "routes": [
          {
            "dst": "0.0.0.0/0"
          }
        ],
        "ranges": [
          [
            {
              "gateway": "172.16.24.1",
              "subnet": "172.16.24.0/24"
            }
          ]
        ]
      }
    }
  ]
}

New containers will be in the native network namespace via veth pair:

On host system:

podman run -dit --net ptp fedora
podman run -dit --net ptp fedora
podman run -dit --net ptp fedora
podman run -dit --net ptp fedora

root@r11-roll:/home/vyos# sudo ip link show | grep veth -A 2
7: veth89baf54d@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 16:f9:4e:a2:f3:14 brd ff:ff:ff:ff:ff:ff link-netns cni-d59f5927-0ada-5e7e-043b-ce53a16aaae6
8: vethc1763497@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether d2:c8:76:cf:50:ea brd ff:ff:ff:ff:ff:ff link-netns cni-c7ab2335-a569-4707-597f-6d9ab1f2130c
10: vetha181bf8f@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 1a:16:c7:82:af:6f brd ff:ff:ff:ff:ff:ff link-netns cni-f09e6b7d-9f25-7775-24a6-298e28b94609
11: veth68646c06@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether e2:de:e9:3e:ab:ba brd ff:ff:ff:ff:ff:ff link-netns cni-896855e0-3919-66b2-662a-ed9d0c875e0c
root@r11-roll:/home/vyos#

Check autogenerated namespaces:

root@r11-roll:/home/vyos# sudo podman ps
CONTAINER ID  IMAGE                                     COMMAND    CREATED            STATUS                PORTS   NAMES
7b6b848547d9  registry.fedoraproject.org/fedora:latest  /bin/bash  About an hour ago  Up About an hour ago          epic_agnesi
d2c3dae2c313  registry.fedoraproject.org/fedora:latest  /bin/bash  About an hour ago  Up About an hour ago          crazy_lichterman
8c1827652dfb  registry.fedoraproject.org/fedora:latest  /bin/bash  18 minutes ago     Up 18 minutes ago             naughty_keldysh
c3e65aabaa10  registry.fedoraproject.org/fedora:latest  /bin/bash  10 minutes ago     Up 10 minutes ago             naughty_euclid
root@r11-roll:/home/vyos# 
root@r11-roll:/home/vyos# sudo ip netns ls
cni-896855e0-3919-66b2-662a-ed9d0c875e0c (id: 3)
cni-f09e6b7d-9f25-7775-24a6-298e28b94609 (id: 2)
cni-c7ab2335-a569-4707-597f-6d9ab1f2130c (id: 1)
cni-d59f5927-0ada-5e7e-043b-ce53a16aaae6 (id: 0)
root@r11-roll:/home/vyos#

Check container namespace commands from host system:

root@r11-roll:/home/vyos# ip netns exec cni-896855e0-3919-66b2-662a-ed9d0c875e0c ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether c2:50:0b:15:0f:7d brd ff:ff:ff:ff:ff:ff link-netnsid 0
root@r11-roll:/home/vyos# 
root@r11-roll:/home/vyos# ip netns exec cni-896855e0-3919-66b2-662a-ed9d0c875e0c ip route
default via 172.16.24.1 dev eth0 
172.16.24.0/24 via 172.16.24.1 dev eth0 src 172.16.24.8 
172.16.24.1 dev eth0 scope link src 172.16.24.8 
root@r11-roll:/home/vyos#

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)