[Q] How does the creation of a veth pair for docker work

[tlindener]

Hi,

thank your very much for this great script. I'm working on something quite similar but only focused on docker and openvswitch. For this scenario I need to create a variable number of veth pairs for a container. Would you be so kind to explain how the script gathers the relevant data from a docker container to create the veth pair. From what I understand it's basically these 3 lines that create the pair: LOCAL_IFNAME=pl$NSPID$CONTAINER_IFNAME GUEST_IFNAME=pg$NSPID$CONTAINER_IFNAME ip link add name $LOCAL_IFNAME type veth peer name $GUEST_IFNAME

I would be really thankful!

[edit]: On a related matter: do you know whether it is possible to add a veth link directly between two container?

[jpetazzo]

Sure!

$NSPID is the PID of a process in the container (we use the init process of the container because it's the best option).

Then $CONTAINER_IFNAME is just the name of the interface inside of the container. It's used here to allow you to have multiple pipework-enabled interface inside a single container.

Does that help?

And yes, it's possible to have a direct veth link between two containers. The steps are:

1. Create pair of veth interfaces
2. Move first interface into first container
3. Move second interface into second container :-)

Don't hesitate to ask more specific questions and pinpoint specific places in the code if you need more explanations!

[tlindener]

Thank you very much for these explanations! It was exactly what I needed :-)

[OwenChang]

I have a question, what is the symbolic link effect in creating the veth pair？

ln -s /proc/$NSPID/ns/net /var/run/netns/$NSPID

[jpetazzo]

The symlink is there, because when you use ip with the netns options, when you refer to a network namespace named foo, it will look for a file in /var/run/netns/foo which should point to the net pseudo-file in the namespace directory.