Hello,
I want to configure OVS to communicate between containers. I configure
OVS and see it creating some additional interfaces, like gre, or system.
But when I create a container with an isolated network namespace these
devices are still visible.
How do I make OVS devices invisible inside the container unless I
explicitly say so?
Here is what I have:
# sudo ovs-vsctl show
a3a830a0-0634-4ee3-9424-ad4efc709dc1
Bridge "ovsbr0"
Port "ovsbr0"
Interface "ovsbr0"
type: internal
Port "ovsgre0"
Interface "ovsgre0"
type: gre
options: {remote_ip="192.168.1.130"}
ovs_version: "2.11.2"
ip a outside the container (some devices are omitted for brevity):
...
3: docker_gwbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP group default
link/ether 02:42:50:d2:d7:25 brd ff:ff:ff:ff:ff:ff
inet 172.19.0.1/16 brd 172.19.255.255 scope global docker_gwbridge
valid_lft forever preferred_lft forever
inet6 fe80::42:50ff:fed2:d725/64 scope link
valid_lft forever preferred_lft forever
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP group default
link/ether 02:42:d7:49:21:2b brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:d7ff:fe49:212b/64 scope link
valid_lft forever preferred_lft forever
...
17: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen
1000
link/gre 0.0.0.0 brd 0.0.0.0
18: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN
group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
19: erspan0@NONE: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN
group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
...
30: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
group default qlen 1000
link/ether 0a:72:e7:17:43:71 brd ff:ff:ff:ff:ff:ff
31: ovsbr0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether 4e:94:c0:62:75:4e brd ff:ff:ff:ff:ff:ff
32: gre_sys@NONE: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65000 qdisc
pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
link/ether b2:8a:d6:e9:fa:67 brd ff:ff:ff:ff:ff:ff
inet6 fe80::6ca9:39ff:fecd:927a/64 scope link
valid_lft forever preferred_lft forever
And here is the some from inside:
sudo docker run --rm -it --name test alpine ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen
1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN qlen 1000
link/gre 0.0.0.0 brd 0.0.0.0
3: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN
qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
4: erspan0@NONE: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN
qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
41: eth0@if42: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc
noqueue state UP
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
I would not expect gre0, gretap0, and erspan0 to be present.
--
Regards,
Maksym Planeta
_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
