Static routes

[Cydox]

Is there currently a way to assign static routes (not default gateway) for containers?

Let's say I have ipv4 connectivity to the internet but am using a /48 ULA ipv6 prefix internally. I don't want containers to get a default ipv6 route, but only get a route for the /48 ULA prefix.

One way I found is to make the ipv6 network internal and change the accept_ra_rt_info_max_plen setting on the containers interface to at least 48 and have router advertisements do the trick, but I would prefer being able to statically assign routes with podman/netavark.

Does the internal setting do anything besides making sure you don't get a default gateway on macvlan networks?

[Luap99]

There is no way to to configures routes static routes at the moment. However I think it would be a valid feature request.

Does the internal setting do anything besides making sure you don't get a default gateway on macvlan networks?

No that is the only thing AFAIK.

[Cydox]

I kinda want this feature. I might work on this over the weekend.

Just to point me in the right direction am I understanding the architecture correctly:
On the netavark side: It has to understand some extra options in the json config for a network and set up the routes accordingly.
On the podman side: I would have to add appropriate command line options and have it generate the options inside the json config for the network.

[Luap99]

Yes exactly, let me know if you need any pointers in the code.

[Cydox]

WIP for the netavark side can be found at https://github.com/Cydox/netavark/tree/static-routes

It's my first time writing anything besides "hello, world!" in Rust.

Missing tests and a few unwraps to clean up.

Also not sure what the interaction with the internal flag should be. The name implies that no static routes should be added if that flag is set. However I'm not sure if I can get podman to not generate a default gateway without that flag. My specific usecase would be macvlan without default gateway but with static routes. I mean you could always edit the network config by hand, I guess.

[Cydox]

Basically finished the work on the netavark side now. Added integration tests and improved error logging.

Are tests run in CI somewhere? I had some trouble getting some of the tests to run (probably missing dependencies).

Last thing remaining on the netavark side is whether or not the internal flag should prevent static routes from being added. I think it would be best not to prevent static routes in internal networks. A user might have a specific use case and there is no harm in leaving the routes in. Plus: A user has to go out of their way to add static routes. They probably have a reason.

Gonna start on the podman side tonight.

[Luap99]

Yes if static routes are set we should use them. I think it is ok for --internal to mean no default route.