Hi Hanlin, Inline.
> On Nov 29, 2019, at 7:12 AM, wanghanlin <wanghan...@corp.netease.com> wrote: > > Hi Florin, > Thanks for your reply. > I just consider a very simple use case. Some apps in different containers > communicate through VPP, just in a L2 bridge domain. > Without hoststack, we may add some host-interfaces in one bridge domain, and > assign IP address of veth interface in containers. In addition, a physical > nic also added in same bridge domain to communicate with other hosts. > But with hoststack, things seem complicated because we have to assign IP > address inside VPP. FC: Yes, with host stack transport protocols are terminated in vpp, therefore the interfaces must have IPs. Do you need network access to the container’s linux stack for other applications, i.e., do you need IPs in the container as well? Also, can’t you give the interfaces /32 IPs? > I hope apps can communicate with each other and with external hosts in the > same vrf and source ip is enforced and not changed during communication. If > not, can multiple vrfs achieve this? FC: If applications are attached to the same app namespace, then you could leverage cut-through connections if you enable local scope connections at attachment time (see slides 17 and 18 here [1]). Cut-through sessions are “connected” at session layer, so they don’t pass through the IP fib. Otherwise, connectivity between the apps is established via intra-vrf or inter-vrf routing. Intra-vrf you don’t need to configure anything more, inter-vrf you need to add additional routes. For external hosts, you need routes to them in the vrfs. What we call “local” IPs for a connection are assigned at connect/accept time and they do not change. When connecting, we use the first IP of an interface that has a route to the destination and on accept, we use the dst IP on the SYN packet. Regards, Florin [1] https://wiki.fd.io/images/9/9c/Vpp-hoststack-kc-eu19.pdf <https://wiki.fd.io/images/9/9c/Vpp-hoststack-kc-eu19.pdf> > > Thanks, > Hanlin > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > > View/Reply Online (#14737): https://lists.fd.io/g/vpp-dev/message/14737 > Mute This Topic: https://lists.fd.io/mt/64106592/675152 > Group Owner: vpp-dev+ow...@lists.fd.io > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [fcoras.li...@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#14738): https://lists.fd.io/g/vpp-dev/message/14738 Mute This Topic: https://lists.fd.io/mt/64106592/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-