> -----Original Message----- > From: Serge Hallyn [mailto:serge.hal...@ubuntu.com] > Sent: Monday, September 28, 2015 7:42 AM > To: Tom Denham > Cc: LXC development mailing-list > Subject: Re: [lxc-devel] Networking and LXD > > Quoting Tom Denham (tom.den...@metaswitch.com): > > I'm going to need to digest this a bit more but my initial concern is that > > lxd > relies on bridges for networking whereas Calico is more L3 focused. > > > > The way Calico works is similar to what you described below > > * Create a veth > > * Put one end in the netns and leave the other in the host netns > > * But don't connect the host end to a bridge > > * Instead, we program rules into the linux routing tables to forward > > the packets to the correct destination (and program IPTABLES rules to > > enforce policy) > > > > Make sense? > > That shouldn't be a problem. Lxd and lxd do not "rely on bridges", it's just > one > way to configure them. Well, it's kind of a standard way so it's nice in > that it > allows the bridge to be created and configured once, and then the containers > to > be hooked up in a standard way (reducing the special cases in the lxc code). > > The simplest way to try out calico, it sounds like, would be to use a > lxc.network.script.up script to do the routing table setup after the veths > have > been setup. I.e.: > > # Network configuration > lxc.network.type = veth > lxc.network.flags = up > lxc.network.script.up = /usr/local/bin/calicosetup lxc.network.hwaddr = > 00:16:3e:a6:74:7f > > (see lxc.container.conf(5) for details on how script.up works; in particular > the > nic name on the host will be the fourth arg) > > The only downside to this would be that unprivileged users wouldn't (without > changes) be able to do it, but for lxd that's not an issue. > > -serge
Thanks Serge, that sounds like what I was looking for. I'll have a go at a simple integration and let you know how I get on. Tom _______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel