Ability to have a separated TCP/IP stack with "ip netns".
It allows using overlapping ip addresses/binding ports for different virtual networks, etc.
https://man7.org/linux/man-pages/man8/ip-netns.8.html
https://iximiuz.com/en/posts/container-networking-is-simple/
https://medium.com/@abhishek.amjeet/container-networking-using-namespaces-part1-859d317ca1b8
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| In progress | FEATURE REQUEST | None | T3829 Support separated TCP/IP stack via "ip netns" | ||
| Resolved | FEATURE REQUEST | Viacheslav | T4686 Provides support for veth | ||
| Resolved | FEATURE REQUEST | Viacheslav | T4825 interfaces veth/veth-pairs -standalone used | ||
| Resolved | Viacheslav | T5238 interface virtual-etherne - error when it doesn't use a peer | |||
| Resolved | FEATURE REQUEST | Viacheslav | T5241 Support veth interfaces to working with netns |
To start the proposed CLI:
Needs to be discussed.
set netns <name> set netns <name> protocols static route x.x.x.x/x nexthop x.x.x.x interface <vethX> set interfaces virtual-ethernet <vethX> netns <name> set interfaces virtual-ethernet <vethX> peer <vethY> set interfaces virtual-ethernet <vethX> peer <vethY> address set interfaces virtual-ethernet <vethX> address set interfaces bridge <brX> member interface <vethX>
ip:
sudo ip netns add nsvyos sudo ip link add veth-foo type veth peer name veth-bar sudo ip link set veth-foo netns nsvyos sudo ip -n nsvyos addr add 192.0.2.2 dev veth-foo sudo ip -n nsvyos link set veth-foo up sudo ip netns exec nsvyos ip route add default via 192.0.2.1 dev veth-foo
Veth is not ready to work together with netns
As Interface moves entirely to logical stack and with the next commit will be recreated and try to move to netns again. As it doesn't see veth interface which moved to another logical stack, it tryes to recreate this interface.
We should either fix it or revert the previous commit.
For example:
set interfaces virtual-ethernet veth10 peer-name 'veth100'
set interfaces virtual-ethernet veth100 netns 'ns01'
set interfaces virtual-ethernet veth100 peer-name 'veth10'
set netns name ns01
commit
vyos@r14# sudo ip netns exec ns01 ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
12: veth100@if13: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether ee:8f:0b:bd:a2:f8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
[edit]
vyos@r14#
set interfaces virtual-ethernet veth100 description MyNetns
commitcommit
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/interfaces-virtual-ethernet.py", line 111, in <module>
apply(c)
File "/usr/libexec/vyos/conf_mode/interfaces-virtual-ethernet.py", line 101, in apply
p.update(veth)
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1413, in update
self.set_netns(config.get('netns', ''))
File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 552, in set_netns
self.set_interface('netns', netns)
File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 183, in set_interface
return self._set_command(self.config, name, value)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 110, in _set_command
return self._command_set[name].get('format', lambda _: _)(self._cmd(cmd))
^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 52, in _cmd
return cmd(command, self.debug)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd
raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: ip link set dev veth100 netns ns01
returned:
exit code: 1
noteworthy:
cmd 'ip link set dev veth100 netns ns01'
returned (out):
returned (err):
Cannot find device "veth100"