Page MenuHomeVyOS Platform

Support separated TCP/IP stack via "ip netns"
In progress, NormalPublicFEATURE REQUEST

Description

Ability to have a separated TCP/IP stack with "ip netns".
It allows using overlapping ip addresses/binding ports for different virtual networks, etc.

https://man7.org/linux/man-pages/man8/ip-netns.8.html
https://iximiuz.com/en/posts/container-networking-is-simple/
https://medium.com/@abhishek.amjeet/container-networking-using-namespaces-part1-859d317ca1b8

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

To start the proposed CLI:
Needs to be discussed.

set netns <name>
set netns <name> protocols static route x.x.x.x/x nexthop x.x.x.x interface <vethX>
set interfaces virtual-ethernet <vethX> netns <name>
set interfaces virtual-ethernet <vethX> peer <vethY>
set interfaces virtual-ethernet <vethX> peer <vethY> address
set interfaces virtual-ethernet <vethX> address

set interfaces bridge <brX> member interface <vethX>

ip:

sudo ip netns add nsvyos
sudo ip link add veth-foo type veth peer name veth-bar
sudo ip link set veth-foo netns nsvyos
sudo ip -n nsvyos addr add 192.0.2.2 dev veth-foo
sudo ip -n nsvyos link set veth-foo up
sudo ip netns exec nsvyos ip route add default via 192.0.2.1 dev veth-foo

As the first step:

set netns name foo
set interfaces dummy dum55 netns 'foo'

PR https://github.com/vyos/vyos-1x/pull/1077

syncer changed the task status from Open to In progress.May 10 2023, 7:27 PM
syncer triaged this task as Normal priority.

Veth is not ready to work together with netns
As Interface moves entirely to logical stack and with the next commit will be recreated and try to move to netns again. As it doesn't see veth interface which moved to another logical stack, it tryes to recreate this interface.
We should either fix it or revert the previous commit.

For example:

set interfaces virtual-ethernet veth10 peer-name 'veth100'
set interfaces virtual-ethernet veth100 netns 'ns01'
set interfaces virtual-ethernet veth100 peer-name 'veth10'
set netns name ns01
commit

[email protected]# sudo ip netns exec ns01 ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
12: [email protected]: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether ee:8f:0b:bd:a2:f8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
[edit]
[email protected]# 


set interfaces virtual-ethernet veth100 description MyNetns
commit

commit

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/interfaces-virtual-ethernet.py", line 111, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/interfaces-virtual-ethernet.py", line 101, in apply
    p.update(veth)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 1413, in update
    self.set_netns(config.get('netns', ''))
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 552, in set_netns
    self.set_interface('netns', netns)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 183, in set_interface
    return self._set_command(self.config, name, value)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 110, in _set_command
    return self._command_set[name].get('format', lambda _: _)(self._cmd(cmd))
                                                              ^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 52, in _cmd
    return cmd(command, self.debug)
           ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/util.py", line 161, in cmd
    raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: ip link set dev veth100 netns ns01
returned: 
exit code: 1

noteworthy:
cmd 'ip link set dev veth100 netns ns01'
returned (out):

returned (err):
Cannot find device "veth100"