Examples
koko runs at container hosts (not inside container), create interface (vxlan or veth) and put it in container namespace.
koko supports following scenarios.
# Config veth for Docker containers
./koko -d <container>,<linkname>[,<ipaddr>/<prefixlen>] \
-d <container>,<linkname>[,<ipaddr>/<prefixlen>]
<container>: Docker's container identifier (CONTAINER ID or name)
<linkname>: veth link name
(optional) <ipaddr>/<prefixlen>: IPv4/v6 address with netmask,
separated with comma
(e.g. `192.0.0.1/24`, `2001:DB8::1/64`
or `192.0.0.1/24,2001:DB8::1/64`)
# Config veth for netns
./koko -n <netns name>,<linkname>[,<ipaddr>/<prefixlen>] \
-n <netns name>,<linkname>[,<ipaddr>/<prefixlen>]
<netns name>: netns name that is given by 'ip netns' command
<linkname>: veth link name
(optional) <ipaddr>/<prefixlen>: IPv4/v6 address with netmask,
separated with comma
(e.g. `192.0.0.1/24`, `2001:DB8::1/64`
or `192.0.0.1/24,2001:DB8::1/64`)
# Config veth for Docker containers
./koko -d <container>,<linkname>[,<ipaddr>/<prefixlen>] \
-n <netns name>,<linkname>[,<ipaddr>/<prefixlen>]
<container>: Docker's container identifier (CONTAINER ID or name)
<linkname>: veth link name
<netns name>: netns name that is given by 'ip netns' command
(optional) <ipaddr>/<prefixlen>: IPv4/v6 address with netmask,
separated with comma
(e.g. `192.0.0.1/24`, `2001:DB8::1/64`
or `192.0.0.1/24,2001:DB8::1/64`)
Following commands must be executed both container hosts to connect between two containers.
# Config vxlan for Docker container
./koko -d <container>,<linkname>[,<ipaddr>/<prefixlen>] \
-x <parent IF>,<remote IP>,<vxlan id>
<container>: Docker's container identifier (CONTAINER ID or name)
<linkname>: veth link name
(optional) <ipaddr>/<prefixlen>: IPv4/v6 address with netmask,
separated with comma
(e.g. `192.0.0.1/24`, `2001:DB8::1/64`
or `192.0.0.1/24,2001:DB8::1/64`)
<parent IF>: Egress IF name for vxlan (e.g. eth0)
<remote IP>: Unicast destination IP address for endpoint
<vxlan id>: vxlan id
Following commands must be executed both container hosts to connect between two containers.
# Config vxlan with IPv4 addr for netns
./koko -n <netns name>,<linkname>[,<ipaddr>/<prefixlen>] \
-x <parent IF>,<remote IP>,<vxlan id>
<netns name>: netns name that is given by 'ip netns' command
<linkname>: veth link name
(optional) <ipaddr>/<prefixlen>: IPv4/v6 address with netmask,
separated with comma
(e.g. `192.0.0.1/24`, `2001:DB8::1/64`
or `192.0.0.1/24,2001:DB8::1/64`)
<parent IF>: Egress IF name for vxlan (e.g. eth0)
<remote IP>: Unicast destination IP address for endpoint
<vxlan id>: vxlan id
For each container hosts, execute koko with above (Docker<->vxlan and netns<->vxlan)
This command creates VLAN interface of physical interface then connect to given container.
# Config vxlan for Docker container
./koko -d <container>,<linkname>[,<ipaddr>/<prefixlen>] \
-V <parent IF>,<vlan id>
<container>: Docker's container identifier (CONTAINER ID or name)
<linkname>: veth link name
(optional) <ipaddr>/<prefixlen>: IPv4/v6 address with netmask,
separated with comma
(e.g. `192.0.0.1/24`, `2001:DB8::1/64`
or `192.0.0.1/24,2001:DB8::1/64`)
<parent IF>: Egress IF name for vxlan (e.g. eth0)
<vxlan id>: vlan id
This command creates VLAN interface of physical interface then connect to given container.
# Config vxlan with IPv4 addr for netns
./koko -n <netns name>,<linkname>[,<ipaddr>/<prefixlen>] \
-V <parent IF>,<vlan id>
<netns name>: netns name that is given by 'ip netns' command
<linkname>: veth link name
(optional) <ipaddr>/<prefixlen>: IPv4/v6 address with netmask,
separated with comma
(e.g. `192.0.0.1/24`, `2001:DB8::1/64`
or `192.0.0.1/24,2001:DB8::1/64`)
<parent IF>: Egress IF name for vxlan (e.g. eth0)
<vlan id>: vxlan id
This command creates macvlan interface of physical interface then connect to given container.
# Config vxlan for Docker container
./koko -d <container>,<linkname>[,<ipaddr>/<prefixlen>] \
-M <parent IF>,<macvlan mode>
<container>: Docker's container identifier (CONTAINER ID or name)
<linkname>: veth link name
(optional) <ipaddr>/<prefixlen>: IPv4/v6 address with netmask,
separated with comma
(e.g. `192.0.0.1/24`, `2001:DB8::1/64`
or `192.0.0.1/24,2001:DB8::1/64`)
<parent IF>: Egress IF name for vxlan (e.g. eth0)
<macvlan mode>: {default|private|vepa|bridge|passthru}
This command creates veth3 and veth4 in each container and veth3 monitors veth2's traffic and send it to veth4.
# Config vxlan for Docker container
./koko -d <container>,<linkname>,mirror:<mirror mode>:<mirror src>[,<ipaddr>/<prefixlen>] \
-d <container>,<linkname>[,<ipaddr>/<prefixlen>]
<container>: Docker's container identifier (CONTAINER ID or name)
<linkname>: veth link name
<mirror mode>: `ingress`: mirror ingress packets of interface <mirror src>
`egress`: mirror egress packets of interface <mirror src>
`both`: mirror ingress and egress packets of interface <mirror src>
<mirror src>: Interface to be monitored (e.g. `veth2` for the above image)
(optional) <ipaddr>/<prefixlen>: IPv4/v6 address with netmask,
separated with comma
(e.g. `192.0.0.1/24`, `2001:DB8::1/64`
or `192.0.0.1/24,2001:DB8::1/64`)
This command creates veth3 in each container and veth3 monitors veth2's traffic and send it as vxlan frame to target destination.
# Config vxlan for Docker container
./koko -d <container>,<linkname>,mirror:<mirror mode>:<mirror src>[,<ipaddr>/<prefixlen>] \
-x <parent IF>,<remote IP>,<vxlan id>
<container>: Docker's container identifier (CONTAINER ID or name)
<linkname>: veth link name
<mirror mode>: `ingress`: mirror ingress packets of interface <mirror src>
`egress`: mirror egress packets of interface <mirror src>
`both`: mirror ingress and egress packets of interface <mirror src>
<mirror src>: Interface to be monitored
(optional) <ipaddr>/<prefixlen>: IPv4/v6 address with netmask,
separated with comma
(e.g. `192.0.0.1/24`, `2001:DB8::1/64`
or `192.0.0.1/24,2001:DB8::1/64`)
<parent IF>: Egress IF name for vxlan (e.g. eth0)
<remote IP>: Unicast destination IP address for endpoint
<vxlan id>: vxlan id