I want to be able to access services running on a TAP interface within a namespace from outside the machine where it is running. I have setup that looks like this -
VM1/Machine1
+eth0 : Public Network
+eth1 : Private Network (IP: 192.168.2.5/24)
VM2/Machine2
+========================================+
| |
| eth0: Public Network 10.1.1.20/24 UP |
| eth1: Private Network UP |
|----------------------------------------+
| Network Namespace : test |
| TAP0: 192.168.2.10/24, UP |
|----------------------------------------|
| |
+========================================+
I want to be able to ping / access services running on TAP0 under namespace test from VM1/Machine1. I used the information on post 'OpenVSwitch between namespaces' and a few other articles online to create a bridge, put the 'eth1' and 'TAP0' on the same bridge. But I still cannot access it. Not sure what else am missing ? Here are the commands I tried on VM2/Machine2 -
ip netns add test
ovs-vsctl add-br br0
ovs-vsctl add-port br0 tap0 -- set interface tap0 type=internal
ip link set tap0 netns test
ip netns exec test ip addr add 192.168.2.10/24 dev tap0
ip netns exec test ip link set tap0 up
ovs-vsctl add-port br0 eth1 -- set interface eth1 type=internal
After this the bridge 'br0' has 'eth1' and 'tap0'. So when I ping the IP of the tap interface from VM1, I thought I should be able to reach tap0. This works properly without namespaces but with namespace it does not work.
In another attempt, I also tried
- creating 2 bridges
- one OVS bridge outside
- one linux bridge inside namespace
- created a veth pair
- ovs bridge has eth1 and one end of veth pair
- linux bridge in the namespace has 'tap' interface and other end of veth pair
But this didn't work either :(
I thought the whole point of bridging is if I add interface/port into it I must be able to access the services on the port, just like a switch. Am not sure what I am missing.
