4:04 p.m.
"lejeczek via Podman" <podman(a)lists.podman.io> writes:
You can see 'eth0@if5' came from cni network but what that
'tun0' is doing there?
Every rootless container on my box gets it.
many thanks, L.
I don't have a whole lot of [container] networking experience but this
piqued my curiosity so I went digging.
I run a couple rootless containers with no CNI networks and all of them
also have this tap0 device set as the default route.
# ip route
default via 10.0.2.2 dev tap0
10.0.2.0/24 dev tap0 scope link src 10.0.2.100
My guess is that this is the slirp-managed (in rootless) device that you
can control with the "--network slirp4netns:..." flag in your podman run.
The IP seems(?) to be the same in every rootless container I run: 10.0.2.100
I think CNI solely manages inter-container networking while slirp4netns
handles everything else (outbound to LAN, internet, etc.).
Lucas