Allow NetworkLinks to the container loopback address to be forwarded specifically to the loopback address of the host

[wallrj]

It can be confusing that when you configure NetworkLinks with a target of 127.0.0.1, the traffic is actually routed to one of the non-loopback addresses of the host machine.

To be fair, the log entries do make this clear, but it would be better if it actually sent the traffic to the intended destination.

$ curl -v -X PUT "http://127.0.0.1:43273/container/my-sample-service";
-H "Content-Type: application/json" -d '{"Started": true,
"NetworkLinks": [{"ToPort": 44831, "FromPort": 31337, "FromHost":
"127.0.0.1", "ToHost": "127.0.0.1"}], "Image":
"openshift/busybox-http-app", "Ports": []}'

$ sudo gear status my-sample-service ctr-my-sample-service.service - Container my-sample-service   Loaded: loaded
...
Jun 30 18:04:14 localhost.localdomain gear[13338]: Using 10.0.2.15/24
for 127.0.0.1
Jun 30 18:04:14 localhost.localdomain gear[13338]: Mapping
172.17.0.87(127.0.0.1):31337 -> 10.0.2.15:44831
...

See http://lists.openshift.redhat.com/openshift-archives/users/2014-June/msg00065.html for discussion of this feature and a possible solution:

On 30 June 2014 23:21, Mrunal Patel <...> wrote:

Would it be possible to route the connection to the host's loopback
address? I guess it would involve tunnels or something.

It would probably be a new type of link - host loopback as the ToHost vs.
host public. We'd have to change the iptables rules, and I actually don't
know for sure whether you can route to 127.0.0.1 from inside the namespace.
cc'ing Mrunal.

IP tables forwarding could be used on the host to forward traffic from a particular external port to the 127.0.0.1:<app_port>
and then gear link to access the external port from within a container.

[smarterclayton]

@mrunalp we should spec out what we want to implement here