multiple networks for containers cross VM

[tsjsdbd]

This can be setup by manal (I have proved use GRE). And this is not just for Garden, but also can for Docker (modify this script [1], change it to ovs-bridge)

So, can we add some new feature to CF? like share network for all Org, and private network for some Org. (something like domain feature)

I know this will have some constraint (like VLAN range 0-4096, so all network number for CF is little than 4096) but we can discuss it, right?

all the command you may use list below:

1. add bridge

# brctl addbr cbr0

2. add ovs

# ovs-vsctl add-br obr0

3. create veth-pair

# ip link add name cbr1-eth type veth peer name obr1-eth

# ifconfig cbr1-eth up

# ifconfig obr1-eth up

4. add port to bridge

# brctl addif cbr1 cbr1-eth

5. add port to ovs

# ovs-vsctl add-port obr0 obr1-eth tag=10

6. connect two ovs

# ovs-vsctl add-port br-tun patch-int -- set interface patch-int type=patch options:peer=patch-tun

# ovs-vsctl add-port br-int patch-tun -- set interface patch-tun type=patch options:peer=patch-int

7. add GRE tunnel to ovs (I think Vxlan is the same, which I'm not use yet)

# ovs-vsctl add-port obr0 gre0 -- set Interface gre0 type=gre options:remote_ip=8.8.8.31

[1] https://github.com/openvswitch/ovs/blob/master/utilities/ovs-docker

[James Bayer]

let me talk this over with a few people. i feel like we're not quite ready to introduce more complex networking in code currently given diego is still going through a beta and production phases. we can certainly prepare for the future in the meantime.

--
You received this message because you are subscribed to the Google Groups "Cloud Foundry Developers" group.
To view this discussion on the web visit https://groups.google.com/a/cloudfoundry.org/d/msgid/vcap-dev/2154d72d-98b5-455e-94c3-8b6ddffa63fa%40cloudfoundry.org.

To unsubscribe from this group and stop receiving emails from it, send an email to vcap-dev+u...@cloudfoundry.org.

--

Thank you,

James Bayer

[tsjsdbd]

thanks for your reply.

so if we want this featur currently, we need develope it ourself. 

But can we discuss this with someone? maybe in the future, the community interest in this, and we can contribute the code to community.(we want the code change be more compatable)

First step, we add some API to Diego, list below:

1. Create a network

2. Update rules of the network

3. Get rules of the network

4. Delete a network

5. List all networks

6. Retrieve a network

when create a new container, should specify which network it want to attach with.

any suggestion? thanks very much :-)

[James Bayer]

what i meant to convey is that we're not ready to do anything in the short-term with code until diego is in production. we are going to keep the existing simple networking story.

in order to frame future possibilities, instead of talking about technical implementation details, we should start at the problems we want to solve. eg.:

* tenant A should be able to have many different apps/containers be able to talk to each other directly without going through a reverse proxy like gorouter because INSERT REASON YOU WANT THIS 

* tenant B should not be able to reach tenant A's application/container ports because INSERT REASON YOU WANT THIS

* tenant A app/containers should be able to configure dynamic networking because INSERT REASON YOU WANT THIS

there are many ways to solve problems. overlay networks are one solution, but not the only one. we should start with clearly articulating the problems.

--
You received this message because you are subscribed to the Google Groups "Cloud Foundry Developers" group.

To view this discussion on the web visit https://groups.google.com/a/cloudfoundry.org/d/msgid/vcap-dev/fb8b9100-4a1d-4ff9-901b-1aa741f54783%40cloudfoundry.org.

To unsubscribe from this group and stop receiving emails from it, send an email to vcap-dev+u...@cloudfoundry.org.