OpenVZ Forum


Home » General » Support » How to pair veth devices between containers, not between container/host (Sharing network directly between containers)
How to pair veth devices between containers, not between container/host [message #53276] Mon, 06 August 2018 03:07 Go to next message
qcxibgavhpkntvec
Messages: 2
Registered: February 2014
Junior Member
From: 128.12.246*
I'm using OpenVZ 7 (with the 3.10 patched kernel and criu) - although my question also applies to OpenVZ 6 legacy (2.6.32 based kernel).

Reading over the documentation (and some support articles) on using veth, I mostly see the result of pairing a veth device between an individual container and the host. That is, the process creates a veth in the container, and another veth on the host. Other scenarios, like bridging, also involve a network interface on the host.

However, what I'd like to do is to share a veth (or venet, perhaps) device between two individual containers in such a way that the host is not ultimately involved or part of the picture. My goal can be stated figuratively as running a cable directly between two (or more) containers. In VMware, I can create a virtual network and assign various guests to use this network. In Qubes OS, one can use an existing VM to provide networking for derivative VMs.

When I attempt to do this using the information I've come across as a guideline, the process seems to involve creation of a veth device on the host. I don't mind this happening as a byproduct. But, I'd like to share veth devices between two separate containers. When I attempt to reference the same veth from two containers, then upon starting the second container, the first veth device "disappears" from the first container.

My use case includes the case where a container provides internet access by connecting to an external VPN server, and I want to let other containers "use" the connection provided by the VPN container. If I have a raw veth device, I can use local Linux networking to route traffic. But without a veth device paired between containers, I don't have a clear solution here. A small and desired extension to this would be to have more than one container share a veth (or venet) with a container - more than two in the pairing, that is.
Re: How to pair veth devices between containers, not between container/host [message #53277 is a reply to message #53276] Mon, 06 August 2018 08:01 Go to previous message
khorenko is currently offline  khorenko
Messages: 492
Registered: January 2006
Location: Moscow, Russia
Senior Member
From: *qwerty.ru
There is no functionality in vzctl/prlctl to interronnect Containers directly, but you can do this on a lower level - just create a veth pair, put each end in corresponding net namespaces (which belong to your Containers) and configure interfaces. Examples:
https://unix.stackexchange.com/questions/405805/connecting-t wo-network-namespaces-via-a-veth-interface-pair-where-each-e ndpoint

But may be the following configuration will fit your needs?
veth1 in Container1 -> veth1.x on the host -> bridge on the host -> veth2.x on the host -> veth2 on Container 2
It can be easily done using vzctl/prlctl.


If you problem is solved - please, report it!
It's even more important than reporting the problem itself...
Previous Topic: OpenVZ Container(centos7) cannot access internet
Next Topic: OpenVZ7 and HP smart array p400
Goto Forum:
  


Current Time: Thu Aug 16 14:31:49 GMT 2018