infix icon indicating copy to clipboard operation
infix copied to clipboard
verified publisher icon kernelkit

Both sides of a VETH pair can not be assigned to containers

Open wkz opened this issue 10 months ago • 1 comments

Current Behavior

Today's implementation assumes that at least one side of every VETH pair remains assigned to the host namespace. I.e., it is not possible to create setups like the following, where the db<--->client VETH pair between the web and postgres containers:

    .-----------. .----------.
    |    web    | | postgres |
web '--wan--db--' '--client--'
 '------'    '---------'

Expected Behavior

Internal VETH pairs between containers should be allowed.

Steps To Reproduce

No response

Additional information

This limitation exists because of how confd skips the setup for container interfaces in netdag_gen_iface():

https://github.com/kernelkit/infix/blob/d3bfbb57b6d57cc96ccd25586a5d29deb3813521/src/confd/src/ietf-interfaces.c#L529-L534

If this branch is taken for both sides, then no one will actually create the pair.

wkz avatar Feb 11 '25 21:02 wkz

CCB: Short-term, document limitation.

jovatn avatar Feb 17 '25 09:02 jovatn