doc: Documents the lxc.net.[i].veth.mode option

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

doc: Documents the lxc.net.[i].veth.mode option
3e5c2e69 · tomponline · Thomas Parrott · 6dfa9581 · 3e5c2e69 · 3e5c2e69
Commit 3e5c2e69 authored Apr 03, 2019 by tomponline Committed by Thomas Parrott Jul 11, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 2 deletions

api-extensions.md doc/api-extensions.md +9 -0

lxc.container.conf.sgml.in doc/lxc.container.conf.sgml.in +11 -2

api_extensions.h src/lxc/api_extensions.h +1 -0

No files found.
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -96,3 +96,12 @@ This is primarily intended for use with layer 3 networking devices, such as IPVL

 This introduces the ability to specify a custom MTU for `phys` and `macvlan` devices using the
 `lxc.net.[i].mtu` property.
+
+# network\_veth\_router
+
+This introduces the ability to specify a `lxc.net.[i].veth.mode` setting, which takes a value of
+"bridge" or "router". This defaults to "bridge".
+
+In "router" mode static routes are created on the host for the container's IP addresses pointing to
+the host side veth interface. In addition to the routes, a static IP neighbour proxy is added to
+the host side veth interface for the IPv4 and IPv6 gateway IPs.
--- a/doc/lxc.container.conf.sgml.in
+++ b/doc/lxc.container.conf.sgml.in
@@ -443,14 +443,23 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
            <para>
              <option>veth:</option> a virtual ethernet pair
              device is created with one side assigned to the container
-              and the other side attached to a bridge specified by
+              and the other side on the host.
+              <option>lxc.net.[i].veth.mode</option> specifies the
+              mode the veth parent will use on the host.
+              The accepted  modes are <option>bridge</option> and <option>router</option>.
+              The mode defaults to bridge if not specified.
+              In <option>bridge</option> mode the host side is attached to a bridge specified by
              the <option>lxc.net.[i].link</option> option.
-              If the bridge is not specified, then the veth pair device
+              If the bridge link is not specified, then the veth pair device
              will be created but not attached to any bridge.
              Otherwise, the bridge has to be created on the system
              before starting the container.
              <command>lxc</command> won't handle any
              configuration outside of the container.
+              In <option>router</option> mode static routes are created on the host for the
+              container's IP addresses pointing to the host side veth interface.
+              Additionally Proxy ARP and Proxy NDP entries are added on the host side veth interface
+              for the gateway IPs defined in the container to allow the container to reach the host.
              By default, <command>lxc</command> chooses a name for the
              network device belonging to the outside of the
              container, but if you wish to handle

--- a/src/lxc/api_extensions.h
+++ b/src/lxc/api_extensions.h
@@ -49,6 +49,7 @@ static char *api_extensions[] = {
 	"network_l2proxy",
 	"network_gateway_device_route",
 	"network_phys_macvlan_mtu",
+	"network_veth_router",
 };

 static size_t nr_api_extensions = sizeof(api_extensions) / sizeof(*api_extensions);