Hi Eric, Are the current semantics of tunnel devices (ipip, ip_gre etc.) with respect to changing the current netns correct? These devices have an ip_tunnel structure associated with each net_device, which is currently a global (not per_net). The result is that you can set up in container X a tunnel with endpoints associated with a device in container Y in a different network namespace. This feature seems useful, because you can hook up containers on 2 machines with one of these tunnels, without using etun (or like) devices, but intuitively, it seems that the tunnel module should be listening for a DEV_UNREGISTER and reset it when the device is migrated Sapan _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers