1. how would this look like in a RB450GX4 setup where in my limited understanding it is not recommended to work with /interface/bridge/vlan section or the bridge vlan filtering checkbox on the bridge (and instead to use switch chip section /interface/ethernet/switch instead where you cannot control VETH ports that are added)You can treat VETH the same as a ether1 etc ports. So it can use in your "main" (or only) bridge, and using vlan-filtering=yes. Possible to make a trunk (e.g. /interface/bridge/vlans as a tagged=), or, an access or hybrid port by setting a PVID etc. The same as any other ethernet port living in /interface/bridge/port.
True, there is only network interface allowed to each /container. But you can, largely, achieve the same by providing a VLAN trunk, theoretically. And, there are a couple mDNS containers floating around on the forum that take use a "trunk". But since this is not how "normal docker" works... a VLAN trunk might not work for "pre-built" containers like homekitbridge etc.
But you can use your "normal LAN" (or likely some VLAN), with a VETH if it's a bridge port in "main" bridge. There is no need for the seperate "docker" bridge shown in some /container examples, like Pi-Hole – there it just need to receive routed IP traffic for DNS, so it being isolated is a good thing. By homekitbridge etc DO need broadcast/multicast access to entire LAN with devices – so the separate bridge approach is just wrong.
The only exception here... is that you need to statically configuration the IP address for a VETH based on subnet/gateway of the untagged network. DHCP may work too, but you're likely better off configuring a static IP in VETH – since that IP get's "injected" into the /etc/host... files inside the container before it boots. This might mean you'd want to create a DHCP reservation if VETH is bridged to VLAN with DHCP.
2. have already tried adding veth to main bridge with ip set on veth as one of unused IoT vlan scope address. that did not work from connectivity standpoint (not accessible via url )(Eventhough container starts fine and seen as listening on its port with the veth ip set)
3. so, your suggestion is to have IoT devices be issued DHCP address served off Main bridge interface (untagged by extension- as opposed to a Vlan interface hanging off the main bridge interface) with the VETH also now being in same subnet/address space?.
my problem with this is that am forced to get streaming/IoT all into one subnet and now have to find an mDNS to reflect this into my phone device VLAN.(my current mDNS container nicely reflects printer from Iot VLAN into home/office/guest VLAN and streaming ones to home/guest VLAN .so , have to find a new one now)
Statistics: Posted by teleport — Thu Mar 21, 2024 4:39 pm