Proposal to automatically manage container networking for IPIP in docker-link

[BrianAdams]

In order to use IPIP it appears necessary to make some tweaks to the networking of the container that is receiving the traffic.

The docker-link project can be updated to execute the necessary commands when a container comes on-line.

These commands are something like:

ip link set tunl0 up
ip addr add <VIP>/32 dev tunl0 brd <VIP>
sysctl -w net.ipv4.conf.tunl0.rp_filter=2

I could imagine having docker-link look for labels in the container that indicate the desire for IPIP routing. A tag such as GORB-IPIP. The system will also need to verify that the container was started with --cap-add=NET_ADMIN.

This appears to work just fine, even on minimal docker containers.

Is this a direction that docker-link should go?

[kobolog]

Hi Brian,

Yeah I like the idea of label-based configuration for containers. I think it can be expanded to support DR too, as well as some more granular options like «forward only this port» or «enable persistent connections for this service» or «bundle all ports for services of this kind with FWMARK», etc. That's definitely the direction for docker-link, in my opinion, as there's no other way to expose any per-container configuration directly with Docker tools.