[systemd-devel] Systems-nspawn host-only networking?

Mantas Mikulėnas grawity at gmail.com
Tue Jun 20 16:17:02 UTC 2017 

I haven't used nspawn much. But I think the terminology is the opposite –
veth *is* the most similar to other tools' "host-only network", as it
essentially creates a connection completely separate from the physical LAN,
unless the host itself decides to route between them. (Compare with
VirtualBox's vboxnet0.)

Meanwhile, the opposite option would be macvlan, which attaches to a
physical interface (like "bridged network" in VirtualBox) and separates
traffic by MAC.

In between, you have the option of first creating a "host-only" veth, and
*then* putting it in a Linux bridge interface (br0/virbr) together with
eth0.

(I don't remember if nspawn can do this automatically or whether you need
to 'ip link set veth0 master br0'...)

On Tue, Jun 20, 2017, 19:07 Samuel Taylor <sam at tailornetworks.com> wrote:

> Hello to all,
>
> I'm new to the scene here so forgive me if this is not the most
> appropriate place to post this. I have posed this question to Freenet IRC a
> couple of times but I've not had any takers.
>
> At the moment I am in the process of deploying a couple of nspawn
> containers, one utilizing a VirtualEthernet config and the other sharing
> the network adapter of the host, which I believe is typically, outside of
> the nspawn universe, referred to as host-only networking? (please correct
> me if I am wrong).
>
> At present I have omitted --network-veth from the default systemd-nspawn
> .service unit file for containers, to enable the use of host-only
> networking within one of my containers. For the second container which
> utilizes a VirtualEthernet I have configured this parameter using the
> .nspawn file. Is there a way of avoiding having to modify the default
> systemd-nspawn unit file and instead configuring host-only networking
> within the .nspawn file? I have noted from the documentation that a network
> interface can be specified i.e
>
> [Network]
> Interface=eth0
>
> However, from the documentation this would appear to remove the adapter
> from the calling namespace, and it would only be available within my
> container, which is not the case when removing --network-veth from the
> equation and not setting anything at all.
>
> If this is considered a bad practice I will instead use the
> VirtualEthernet and Port parameters on my container currently utilising
> host-only networking.
>
> I've been really enjoying getting my hands dirty with systemd the last few
> days, so if you could shed some light on where I'm going wrong here, that
> would be greatly appreciated!
>
> Many thanks,
>
> Sam
>
>
> Sent from my iPhone
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
-- 

Mantas Mikulėnas <grawity at gmail.com>
Sent from my phone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20170620/1cfdd06f/attachment.html>

More information about the systemd-devel mailing list