I've played around a little with veth interfaces and iptables. From what I can tell, the best way to think of a veth pair is as if you had two extra NICs installed on your computer connected together with a crossover cable. I was having some trouble until I realized this.
The firewall rules apply once for traffic leaving one end, and once for traffic entering the other end, as if the veth driver simply takes any frames sent to one of its interfaces and sends then to the other interface for the kernel to process again. Brian Allen Vanderburg II On 02/01/2015 10:36 PM, Anjali Kulkarni wrote: > Thanks Serge! > What I was wondering is how this veth (tunnel or endpoints) is implemented > in code? Is it like a TCP/IP socket connection over which packets are sent > from one endpoint to other? Can you point me to this code? > > On 1/31/15, 11:26 PM, "Serge Hallyn" <[email protected]> wrote: > >> Quoting Anjali Kulkarni ([email protected]): >>> Since there is no real device emulation, I am wondering how network >> You can pass in real or fake nics, including eth0, macvlan, or veth >> devices. veth devices are a tunnel device exactly for this use case. >> When you create a veth you get two endpoints. One goes into the >> container, the other goes onto the bridge in another namespace. Packets >> go in one end and out the other. >> >> veths can be attached to an ovs bridge. >> _______________________________________________ >> lxc-users mailing list >> [email protected] >> http://lists.linuxcontainers.org/listinfo/lxc-users > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users
signature.asc
Description: OpenPGP digital signature
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
