From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=none dis=none) header.from=ben.woods.am
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; unprotected) header.d=woods.am header.i=@woods.am header.a=rsa-sha256 header.s=fm2 header.b=hEG61E6o;
	dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.a=rsa-sha256 header.s=fm3 header.b=U3/sNDUZ;
	dkim-atps=neutral
Received: from fout-a6-smtp.messagingengine.com (fout-a6-smtp.messagingengine.com [103.168.172.149])
	by passt.top (Postfix) with ESMTPS id 6AD825A026F
	for <passt-user@passt.top>; Fri, 25 Apr 2025 11:03:22 +0200 (CEST)
Received: from phl-compute-04.internal (phl-compute-04.phl.internal [10.202.2.44])
	by mailfout.phl.internal (Postfix) with ESMTP id 91F22138019A;
	Fri, 25 Apr 2025 05:03:21 -0400 (EDT)
Received: from phl-imap-06 ([10.202.2.83])
  by phl-compute-04.internal (MEProxy); Fri, 25 Apr 2025 05:03:21 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=woods.am; h=cc
	:cc:content-transfer-encoding:content-type:content-type:date
	:date:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to; s=fm2; t=1745571801;
	 x=1745658201; bh=gO6g7vAV9rW2HH1JfiTvA9aIW7YwgMjjz48siqr8+p0=; b=
	hEG61E6ob6BVbxUY1jsuPF107iUq3AwRD0We20Q/724yRCu1hrKdiPsZXAUmG+fB
	0GvAKhK/sdJydtaR9sMHzNVOgtlYeJwGykNg30trgteLaHallnkSvos4cbZHPjy7
	uuqQbN/LROAuLCkTYXsSSk6JgwjTZJPTNtAGJx5kRuThXGKOonVYyliLc2O9xohn
	s5NVLBnLN/1jSDdtNl2Y0XutZ9IdTDfvOw9sDiXQuten9ct8pnnCNYwlfnBSiSGi
	QnRY53g/9FlEqUOK27j65hrTDpMjlUeH/2KfR2lxTKoTgfGA6dchJuAhigeWyowb
	K5lK+5WJfzwOu+8FxvUFzg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-transfer-encoding
	:content-type:content-type:date:date:feedback-id:feedback-id
	:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1745571801; x=
	1745658201; bh=gO6g7vAV9rW2HH1JfiTvA9aIW7YwgMjjz48siqr8+p0=; b=U
	3/sNDUZe7CE/5/DbEJJpLrSZdd5dzfUDlNzeRSVCJ5WA8Mf2eU8VvsVV29YJc8RZ
	q+P/4z/7NC4L21hNDjqsqZFJtUuiLYnUlKRL9PoE1vC+xiSGM7cFqaGSo/hJHd7H
	1rmsCgW4Z7vJp9uIgS5hS3g7rJnqroYhAtEap9ITtPJPxV4QEOPE9B/aMDKl8/Kc
	TOlp/s3SZ2o4BzOACvT0efuRSlHicLFIURU/oq+IdXl0Cj0OVs59rarXR1gprQ3Q
	YkCX6SLTHkEja4ySYqW+qjslE8ynpR8cK/1A14JcErPTWdFGknRItrErTrm9mAQh
	PUeD5P8FeWXz73HdLAmAA==
X-ME-Sender: <xms:2U8LaJHyRVBJcOmQg4H1IzJymbBuvoZOIP-R79K8kNkxgJhc1kqxJA>
    <xme:2U8LaOWpWKlD8Uf3bIkM3g05OFf2c8yd6lxBKZtsPtdCK-ZOAuEoNEMJZzYTTPBap
    06eV9jmmPAiP1IqvWc>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgddvheduleefucetufdoteggodetrf
    dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv
    pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpih
    gvnhhtshculddquddttddmnecujfgurhepofggfffhvfevkfgjfhfutgfgsehtqhertder
    tdejnecuhfhrohhmpedfuegvnhcuhghoohgushdfuceophgrshhtrgessggvnhdrfihooh
    gushdrrghmqeenucggtffrrghtthgvrhhnpedthffgkeehheffkefgfeevkefftdeilefg
    geefieeutefhffelfefgjeeiueffgeenucffohhmrghinhepphgrshhsthdrthhophenuc
    evlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehprghsthgr
    segsvghnrdifohhoughsrdgrmhdpnhgspghrtghpthhtohepvddpmhhouggvpehsmhhtph
    houhhtpdhrtghpthhtohepphgrshhsthdquhhsvghrsehprghsshhtrdhtohhppdhrtghp
    thhtohepshgsrhhivhhiohesrhgvughhrghtrdgtohhm
X-ME-Proxy: <xmx:2U8LaLJs4O_WL4mZp090sW5nXNrv_rLQ671u1hp63L09zPEflkKlug>
    <xmx:2U8LaPGfMZm-_rjHNa29T-au60__e7vev0kmft-OXFn6l3J_kAXRlg>
    <xmx:2U8LaPVjQ3znHrvS446gOEzg5RTMbATTQw5uoBOo9RfBRoLzUs9rrA>
    <xmx:2U8LaKNJQpGkHeLmiL_9NeKukU2PJ6hs5X0gQA17wekRZx5JzRS2iw>
    <xmx:2U8LaDmN32U9GlL2gVdwCjfAcgJjVNuosHhgQB34bTOmTTChxYqku7y7>
Feedback-ID: i10d149a1:Fastmail
Received: by mailuser.phl.internal (Postfix, from userid 501)
	id 5F83629C0088; Fri, 25 Apr 2025 05:03:21 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
MIME-Version: 1.0
X-ThreadId: T59c900e4f3d14be0
From: "Ben Woods" <pasta@ben.woods.am>
To: "Stefano Brivio" <sbrivio@redhat.com>
Message-Id: <524ab7d6-65ce-4843-886e-6b23eaa002ff@app.fastmail.com>
In-Reply-To: <20250425104956.75d740c8@elisabeth>
References: <38893f85-ca3d-4e1e-929d-236df89ab9f6@app.fastmail.com>
 <20250425092620.074e2cce@elisabeth>
 <d271eabe-8f54-4391-ba9b-23ac1e0cca24@app.fastmail.com>
 <20250425104956.75d740c8@elisabeth>
Subject: Re: pasta behaviour with multiple NICs
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-MailFrom: pasta@ben.woods.am
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation
Message-ID-Hash: KQWATF4SW6DSWL5EYRXQE4ZCWJCNDJNF
X-Message-ID-Hash: KQWATF4SW6DSWL5EYRXQE4ZCWJCNDJNF
X-Mailman-Approved-At: Mon, 28 Apr 2025 11:01:29 +0200
CC: passt-user@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: "For passt users: support, questions and answers" <passt-user.passt.top>
Archived-At: <https://archives.passt.top/passt-user/524ab7d6-65ce-4843-886e-6b23eaa002ff@app.fastmail.com/>
Archived-At: <https://passt.top/hyperkitty/list/passt-user@passt.top/message/KQWATF4SW6DSWL5EYRXQE4ZCWJCNDJNF/>
List-Archive: <https://archives.passt.top/passt-user/>
List-Archive: <https://passt.top/hyperkitty/list/passt-user@passt.top/>
List-Help: <mailto:passt-user-request@passt.top?subject=help>
List-Owner: <mailto:passt-user-owner@passt.top>
List-Post: <mailto:passt-user@passt.top>
List-Subscribe: <mailto:passt-user-join@passt.top>
List-Unsubscribe: <mailto:passt-user-leave@passt.top>
Date: Fri, 25 Apr 2025 09:03:22 
X-Original-Date: Fri, 25 Apr 2025 17:02:50 +0800

Ok - I understand now. Thanks for tolerating my newbie questions - I rea=
lly appreciate your replies.

On Fri, 25 Apr 2025, at 4:49 PM, Stefano Brivio wrote:
> On Fri, 25 Apr 2025 15:49:16 +0800
> "Ben Woods" <pasta@ben.woods.am> wrote:
>
>> Hi Stefano,
>>=20
>> Thanks for the quick response.
>>=20
>> I think my questions came from a misunderstanding of how pasta works.
>> I was thinking about the container network namespace directly sending
>> the traffic out the host physical interface based on the IP/gateway
>> inside the netns.
>>=20
>> Reading your answer, I think I understand now that in fact the
>> network connection from inside the container netns is connected via a
>> socket to pasta running on the host=E2=80=A6
>
> Not even via a socket, it's a tap (tuntap) file descriptor:
>
>   https://passt.top/#pasta-pack-a-subtle-tap-abstraction
>
> with all the traffic encapsulated in Ethernet-like frames (Layer-2).
>
> We also have a "tap bypass" path but that's for loopback traffic only.
>
>> and then pasta simply creates
>> the TCP or UDP socket connection out the host physical interface
>> using the host network stack. Is that correct?
>
> This part is correct, yes.
>
>> That then explains why you=E2=80=99re saying that pasta itself is not
>> choosing the egress interface, route or source IP=E2=80=A6 it=E2=80=99=
s the kernel
>> that does that when pasta creates the TCP/UDP connection. Hence the
>> traffic egress interface, source IP and next-hop should be the same
>> as if it originated from a process on the host.
>
> Right.
>
>> It does make we wonder what=E2=80=99s the purpose of assigning an
>> IP/subnet/gateway inside the container netns at all - if all
>> connections are sent via the socket and host pasta process then
>> creates the actual connection?
>
> Because it makes things transparent (again, by default) which is an
> advantage for many applications, for example service meshes, or
> any transport / application protocol that might embed IP addresses in
> the protocol itself (think of SIP for example).
>
> And, albeit with some drawbacks, in general it might also be more
> intuitive for users.
>
> --=20
> Stefano

--=20
From: Ben Woods
ben@woods.am