Skip to content

Per-child network namespace + macvtap setup #8

Closed
Closed
Per-child network namespace + macvtap setup#8
Labels
enhancementNew feature or requesthelp wantedExtra attention is needed
@WaylandYang

Description

@WaylandYang
WaylandYang
opened on May 11, 2026

Problem

Restored children currently share the host network namespace (effectively no isolation). Need per-child netns + tap + IP.

Day 4 work from WEEK1.md.

Approach

  • For each child: ip netns add child-N.
  • macvtap inside the netns, attached to host iface.
  • Configure firecracker /network-interfaces/eth0 to use it.
  • Combines with MAC / IP hot-patch for restored children #1 (MAC patch) for full per-child identity.

Acceptance

  • forkd fork --tag demo --n 10 --network produces 10 children with 10 distinct IPs
  • Each child can reach the internet through host NAT

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requesthelp wantedExtra attention is needed

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions