diff --git a/pkg/ip/link.go b/pkg/ip/link.go
index e97dcd28..3936ed9d 100644
--- a/pkg/ip/link.go
+++ b/pkg/ip/link.go
@@ -77,9 +77,8 @@ func RandomVethName() (string, error) {
 	return fmt.Sprintf("veth%x", entropy), nil
 }
 
-// SetupVeth creates the virtual ethernet pair and sets up the container's end in the container netns.
-// Setting up the host end up has to be done in the host netns outside of this function.
-// This is because moving the host veth end will cause it to be brought down automatically when it is moved to the host netns.
+// SetupVeth sets up a virtual ethernet link.
+// Should be in container netns.
 func SetupVeth(contVethName string, mtu int, hostNS *os.File) (hostVeth, contVeth netlink.Link, err error) {
 	var hostVethName string
 	hostVethName, contVeth, err = makeVeth(contVethName, mtu)
@@ -98,6 +97,11 @@ func SetupVeth(contVethName string, mtu int, hostNS *os.File) (hostVeth, contVet
 		return
 	}
 
+	if err = netlink.LinkSetUp(hostVeth); err != nil {
+		err = fmt.Errorf("failed to set %q up: %v", contVethName, err)
+		return
+	}
+
 	if err = netlink.LinkSetNsFd(hostVeth, int(hostNS.Fd())); err != nil {
 		err = fmt.Errorf("failed to move veth to host netns: %v", err)
 		return
diff --git a/plugins/main/ptp/ptp.go b/plugins/main/ptp/ptp.go
index c91418aa..58d52ef9 100644
--- a/plugins/main/ptp/ptp.go
+++ b/plugins/main/ptp/ptp.go
@@ -128,10 +128,6 @@ func setupHostVeth(vethName string, ipConf *types.IPConfig) error {
 		return fmt.Errorf("failed to lookup %q: %v", vethName, err)
 	}
 
-	if err = netlink.LinkSetUp(veth); err != nil {
-		return fmt.Errorf("failed to set %q up: %v", vethName, err)
-	}
-
 	// TODO(eyakubovich): IPv6
 	ipn := &net.IPNet{
 		IP:   ipConf.Gateway,