[ovs-discuss] OVS virtual devices and network namespaces

Maksym Planeta mplaneta at os.inf.tu-dresden.de
Tue Nov 26 08:23:58 UTC 2019


Hello,

I want to configure OVS to communicate between containers. I configure 
OVS and see it creating some additional interfaces, like gre, or system. 
But when I create a container with an isolated network namespace these 
devices are still visible.

How do I make OVS devices invisible inside the container unless I 
explicitly say so?

Here is what I have:

# sudo ovs-vsctl show
a3a830a0-0634-4ee3-9424-ad4efc709dc1
     Bridge "ovsbr0"
         Port "ovsbr0"
             Interface "ovsbr0"
                 type: internal
         Port "ovsgre0"
             Interface "ovsgre0"
                 type: gre
                 options: {remote_ip="192.168.1.130"}
     ovs_version: "2.11.2"

ip a outside the container (some devices are omitted for brevity):

...
3: docker_gwbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc 
noqueue state UP group default
     link/ether 02:42:50:d2:d7:25 brd ff:ff:ff:ff:ff:ff
     inet 172.19.0.1/16 brd 172.19.255.255 scope global docker_gwbridge
        valid_lft forever preferred_lft forever
     inet6 fe80::42:50ff:fed2:d725/64 scope link
        valid_lft forever preferred_lft forever
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
state UP group default
     link/ether 02:42:d7:49:21:2b brd ff:ff:ff:ff:ff:ff
     inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
        valid_lft forever preferred_lft forever
     inet6 fe80::42:d7ff:fe49:212b/64 scope link
        valid_lft forever preferred_lft forever
...
17: gre0 at NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 
1000
     link/gre 0.0.0.0 brd 0.0.0.0
18: gretap0 at NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN 
group default qlen 1000
     link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
19: erspan0 at NONE: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN 
group default qlen 1000
     link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
...
30: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN 
group default qlen 1000
     link/ether 0a:72:e7:17:43:71 brd ff:ff:ff:ff:ff:ff
31: ovsbr0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group 
default qlen 1000
     link/ether 4e:94:c0:62:75:4e brd ff:ff:ff:ff:ff:ff
32: gre_sys at NONE: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65000 qdisc 
pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
     link/ether b2:8a:d6:e9:fa:67 brd ff:ff:ff:ff:ff:ff
     inet6 fe80::6ca9:39ff:fecd:927a/64 scope link
        valid_lft forever preferred_lft forever

And here is the some from inside:
sudo docker run --rm -it --name test alpine ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 
1000
     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
     inet 127.0.0.1/8 scope host lo
        valid_lft forever preferred_lft forever
2: gre0 at NONE: <NOARP> mtu 1476 qdisc noop state DOWN qlen 1000
     link/gre 0.0.0.0 brd 0.0.0.0
3: gretap0 at NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN 
qlen 1000
     link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
4: erspan0 at NONE: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN 
qlen 1000
     link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
41: eth0 at if42: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc 
noqueue state UP
     link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
     inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
        valid_lft forever preferred_lft forever

I would not expect gre0, gretap0, and erspan0 to be present.


-- 
Regards,
Maksym Planeta


More information about the discuss mailing list