How can multiple GUE tunnels be created in the same (default) network namespace with the same remote IP address, but different ports?
So far, I've been successfully able to create exactly one GUE tunnel in each namespace. As a workaround to the 1 tunnel / namespace impasse, I've set up one netns for each tunnel and forwarded packets based on their port number.
However, I'd like to not be forced to maintain forward packets between network namespaces only to have them come back to the default one simply because there can be at most 1 GUE interface with the same remote and local IPs. In a single namespace, the default one, FOU can be set up to listen to different ports without errors:
sudo ip fou show
port 1037 gue local 10.0.0.252 peer REMOTE_IP peer_port 1037 dev eth0
port 1036 gue local 10.0.0.252 peer REMOTE_IP peer_port 1036 dev eth0
However, when the first port 1036 is already configured in the same (default) netns, adding a second GUE device returns an error:
sudo ip link add name guetun1 type ipip remote REMOTE_IP local 10.0.0.252 encap fou encap-sport 1037 encap-dport 1037 mode ipip dev eth0
RTNETLINK answers: File exists
This only fails when the previous GUE tunnel is already set up, otherwise it works. This also works when set up in a different netns. Simply deleting the existing gue link makes the command quoted above work: sudo ip link del guetun0.
Renaming links (gue0 to guetun0, tunl0 to tunnel0) doesn't get rid of the error.
So far, I suspect there is a bug in the linux kernel which somehow identifies the GUE and FOU interfaces based on the local and remote IP addresses while ignoring port numbers, but perhaps there is a way to get around this?
