[Devel] Re: VRF-like use of Network Namespaces
Mathieu Peresse
mathieu.peresse at gmail.com
Sun Jun 13 06:35:16 PDT 2010
Hi,
On Sun, Jun 13, 2010 at 11:59 AM, Eric W. Biederman
<ebiederm at xmission.com>wrote:
> Daniel Lezcano <daniel.lezcano at free.fr> writes:
>
> > On 06/11/2010 04:47 PM, Mathieu Peresse wrote:
> >> Hi,
> >>
> >> [this is related to the use of Eric Biederman's new set of patches for
> named
> >> netns / netns switching]
> >>
> >> ok so I successfully modified /sbin/ip. I can now:
> >> - add/del a new netns by name: "ip netns {addns,delns} ns_name"
> >> -> The namespace files are mounted on /var/run/netns/ns_name (so you
> have to
> >> mkdir /var/run/netns/ for this to work).
> >>
> >
> > IMHO, the ip command is not suitable for this, it does not write
> > anything to the fs.
>
> It does configuration by all kinds of means. As far as it goes I
> think the ip command is perfectly suitable in this particular
> situation. Having a vrf functionality in linux is very desirable.
>
I agree. And ip is just a cool tool :)
> Getting this into ip has the major advantage that we will have a defacto
> standard, and using IFLA_NET_NS_FD makes a lot more sense if everything
> is in ip.
>
> > You should write you own command, which can be a perl script using the
> > 'unshare' command (util-linux package on my distro).
> >
> > vrf create <name>
> > vrf delete <name>
> > vrf attach <name>
> > vrf list
> >
> > vrf create will bind mount the ns at the place you decided in the script
> > (eg. a tmpfs in order to keep the directory consistent across (unclean)
> > reboots).
> >
> >> - list netns: "ip netns show"
> >> - use /sbin/ip in any named netns: "ip -netns ns_name link show"
> >>
> >> (rough patch against current git tree attached)
> >>
> >> I want now to move devices across namespaces using their filesystem
> names
> >> (instead of using PIDs...). I'm not sure I can do it in userspace with
> the
> >> current code yet, can I ?
> >>
> > No, you can do that only with pids, but why don't you move the devices
> > at the create time ?
> > You have all the latitude to do that, no ?
>
> Does my published tree not have IFLA_NET_NS_FD in it?
>
No I don't think so... I'll have to check tomorrow at work though.
>
> >> I saw there was a rtnetlink attribute to set the netns of a device but
> it
> >> uses the PID of a namespace owner to do so... within 'ip' i can refer to
> >> only one namespace (i.e. the one that 'ip' task_struct->ns_proxy
> currently
> >> points to), so I won't be able to move an interface from outside my
> >> namespace to my namespace...
> >> I hope my explanation is clear and that this will get some interest...
> :)
> >>
> >
> > Your 'create' command can open a fd to its current netns, unshare a new
> > namespace, bind mount it, and then return to the previously saved netns.
> >
> >> BTW is this the right ML to post this on ?
> >>
> >
> > Well, this is something related to a subsystem of the containers, so it
> > has some interest but I would suggest to send to the netdev@ mailing
> > list (netdev at vger.kernel.org), maybe cc'ing this mailing list.
>
> Anyway it looks like time to post the core of my patchset for review,
> and get things moving on this.
>
Definitely :) Thanks.
> Eric
>
--
a+
mathieu
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list