29.04.2015 11:15, Jörg Thalheim wrote:
Well, would that enable automatic, correcting routing between the
container and the host's external network? That's kinda what this all
is about...
Lennart
In case we know, which interface provides the external network, it is also
possible to use proxy ndp
to give containers routeable ips:
sysctl -w net.ipv6.conf.<if>.proxy_ndp=0
ip -6 neigh add proxy <ip> dev <if>
where <if> is the external interface and <ip> is the container ip.
Proxy NDP will reply with Neighbor Advertisement on the interface in
question if somebody has sended a Neighbor Solicitation messages for an added
ip (similar to ARP Requests/Response).
To give a container an ip from the subnet advertised on the external interface,
it would be required to proxy router advertisements between external interface
and bridge (or veth pair).
Afaik their is no such proxy for router advertisements, so it would required to
bridge the external interface with the bridge (or the host side of the veth
pair),
which would break the isolation between external and internal network. (Maybe
somebody has a better solution on how to get an ip via router advertisement)
Such proxy exists, it is a part of odhcpd, which is used in OpenWRT.
https://github.com/sbyx/odhcpd
--
Alexander E. Patrakov
_______________________________________________
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
