vxlan is safe in CT as:
1) Udp multicast socket to connect to outer word sits in creation net-
namespace, and these socket can get packets only forwarded/routed
in creation ns.
2) Vxlan device is owned by second netns(could be same as first) as
any other network device, so same all packets come t
reviewer?
--
Best regards,
Konstantin Khorenko,
Virtuozzo Linux Kernel Team
On 10/26/2016 06:14 PM, Pavel Tikhomirov wrote:
vxlan is safe in CT as:
1) Udp multicast socket to connect to outer word sits in creation net-
namespace, and these socket can get packets only forwarded/routed
in creat
Andrey, please review.
On 10/26/2016 06:14 PM, Pavel Tikhomirov wrote:
vxlan is safe in CT as:
1) Udp multicast socket to connect to outer word sits in creation net-
namespace, and these socket can get packets only forwarded/routed
in creation ns.
2) Vxlan device is owned by second netns(could
I managed to create reproducer for the mentioned problem, it fails as
expected on 4.7.7-200.fc24.x86_64, so ifindex problem is indeed
mainstream one.
bridge_gatway_cidr='10.0.0.1/24'
container1_ip_cidr='10.0.0.3/24'
container1_mac_addr='02:42:0a:00:00:03'
container2_ip='10.0.0.2'
container2_mac
ping
On 10/26/2016 06:31 PM, Pavel Tikhomirov wrote:
Andrey, please review.
On 10/26/2016 06:14 PM, Pavel Tikhomirov wrote:
vxlan is safe in CT as:
1) Udp multicast socket to connect to outer word sits in creation net-
namespace, and these socket can get packets only forwarded/routed
in creat
On Wed, Oct 26, 2016 at 06:14:36PM +0300, Pavel Tikhomirov wrote:
> vxlan is safe in CT as:
>
> 1) Udp multicast socket to connect to outer word sits in creation net-
> namespace, and these socket can get packets only forwarded/routed
> in creation ns.
>
> 2) Vxlan device is owned by second netns
