Adding routes from container host interfaces broken #366

troglobit · 2024-03-27T10:00:59Z

Both container host and bridge interfaces support setting routes inside the container. For bridge it seems to work fine, but for host interfaces (like VETH pairs) it is broken.

Example:

admin@infix-00-00-00:/> configure 
admin@infix-00-00-00:/config/> edit interface veth1a
admin@infix-00-00-00:/config/interface/veth1a/> set veth peer veth1b
admin@infix-00-00-00:/config/interface/veth1a/> set container-network route 0.0.0.0/0 gateway 192.168.1.1
admin@infix-00-00-00:/config/interface/veth1a/> show
type veth;
container-network {
  type host;
  route 0.0.0.0/0 {
    gateway 192.168.1.1;
  }
}
veth {
  peer veth1b;
}
admin@infix-00-00-00:/config/interface/veth1a/> end
admin@infix-00-00-00:/config/> set container system network interface veth1a
admin@infix-00-00-00:/config/> leave

Excerpt from show container log:

Mar 27 09:46:43 infix-00-00-00 container[4664]: Got networks: veth1a
Mar 27 09:46:43 infix-00-00-00 container[2555]: ^[[33mWARN^[[0m[0000] Error loading CNI config file /etc/cni/net.d/veth1a.conflist: error parsing configuration list: invalid character '{' looking for beginning of object key string 
Mar 27 09:46:43 infix-00-00-00 container[2555]: Error: unable to find network with name or ID veth1a: network not found

The generated CNI profile for veth1a looks like this:

root@infix-00-00-00:/etc/cni/net.d$ cat veth1a.conflist 
{
  "cniVersion": "1.0.0",
  "name": "veth1a",
  "plugins": [
    {
      "type": "host-device",
      "device": "veth1a",
          {
            "dst": "0.0.0.0/0",
            "gw": "192.168.1.1"
          }    }
  ]
}

Which gives us that both the IP address and "routes:" objects are missing/broken.

There is also no documentation/example for how to set routes for a container host interfaces.

The text was updated successfully, but these errors were encountered:

In a host interface setup, i.e., moving an interface from the host to a container, often using VETH pairs, any route should only be set when an IP address has been set. This because the CNI ipam plugin, which we use, require routes be part of ipam, which in turn requires an address. For details, see <https://www.cni.dev/plugins/current/ipam/static/> Fixes #366 Signed-off-by: Joachim Wiberg <troglobit@gmail.com>

troglobit self-assigned this Mar 27, 2024

troglobit added the bug Something isn't working label Mar 27, 2024

troglobit added this to the Infix v24.03 milestone Mar 27, 2024

troglobit linked a pull request Mar 27, 2024 that will close this issue

Misc container fixes and doc updates #371

Merged

13 tasks

troglobit mentioned this issue Apr 2, 2024

Adding ip/route to a container network does not take effect until after reboot #375

Closed

troglobit closed this as completed in 662719a Apr 3, 2024

troglobit closed this as completed in #371 Apr 3, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Adding routes from container host interfaces broken #366

Adding routes from container host interfaces broken #366

troglobit commented Mar 27, 2024 •

edited

Loading

Adding routes from container host interfaces broken #366

Adding routes from container host interfaces broken #366

Comments

troglobit commented Mar 27, 2024 • edited Loading

troglobit commented Mar 27, 2024 •

edited

Loading