Skip to content

Experimental setup for peer-to-peer network for algorithm containers with port forwarding

License

Notifications You must be signed in to change notification settings

CARRIER-project/v6-n2n-prototype

Folders and files

NameName
Last commit message
Last commit date

Latest commit

f446d7a · Aug 30, 2021

History

34 Commits
Aug 9, 2021
Aug 9, 2021
Jul 22, 2021
Jul 27, 2021
Jul 19, 2021
Jul 7, 2021
Aug 9, 2021
Jun 10, 2021
Aug 30, 2021
Aug 11, 2021
Jul 22, 2021
Jun 10, 2021
Aug 9, 2021

Repository files navigation

algorithm-container-network

Experimental setup for peer-to-peer network for algorithm containers with port forwarding

port forwarding diagram

The mechanisms described below are partly automated in the script configure_network.py.

How to run

docker-compose up -d

Notes

Additional configuration

Blocking internet on vpn client container

Blocking internet for vpn clients (this will run automatically on vpn client):

iptables -F FORWARD
iptables -P FORWARD DROP
iptables -A FORWARD -i tun+ -o eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o tun+ -j ACCEPT

Default namespace configuration

The bridge networks of the docker containers are linked to network interfaces in the default network namespace of the host (but by a different name).

On docker host, configure exception to docker bridge network isolation:

iptables -I DOCKER-USER 1 -d $vpn_subnet -i $isolated_bridge -j ACCEPT
iptables -I DOCKER-USER 1 -s $vpn_subnet -o $isolated_bridge -j ACCEPT
docker run --network container:$ISOLATED_CONTAINER --cap-add=NET_ADMIN alpine ip route replace default via 172.16.238.2

Forward traffic from vpn client to algorithm container. Configure on vpn client per algorithm: TODO: make rule as specific as possible

iptables -t nat -A PREROUTING -i tun0 -p tcp \
  --dport $vpn_client_port -j DNAT --to $isolated_algorithm_ip:$algorithm_port

Openvpn server requirements

  • blockLan = false
  • clientToClient = true

References

About

Experimental setup for peer-to-peer network for algorithm containers with port forwarding

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published