Kernel protocol and different namespaces

Grant Taylor gtaylor at tnetconsulting.net
Fri Jun 7 21:49:06 CEST 2019 

On 6/7/19 1:19 AM, Jakub Nowacki wrote:
> I'm trying to figure out if it's possible to use protocol kernel to 
> export routes to OS routing table that are in different Linux 
> namespaces. Is this possible at all?

Maybe indirectly.

Do you need bidirectional synchronization of routes / routing tables?

How often will the routes / routing tables change?

> I've found previous post 
> https://bird.network.cz/pipermail/bird-users/2014-October/009393.html suggesting 
> that only option is to use multiple instances of Bird, each running in 
> different namespace. I was hoping I could just stick to one instance and 
> export routes to different namespaces.

I'm not aware of a way that BIRD itself can do this across network 
namespaces.  But there may still be a way to do it.

What would happen if you told BIRD about additional routing tables in 
the main (default / unnamed) namespace and then used something outside 
of BIRD to replicate that routing table into a routing table in a 
different network namespace?

Let BIRD do it's thing between main (254) and netns1 (101) / netns2 
(102) / netns3 (103).  Then you have something scrape the netnsX (10X) 
routing table in the main (…) namespace and put the routes into the 
desired routing table, likely main (254), inside the various network 
namespaces.

It may be crude, but I think you could do something as simple as 1) 
flush the routing table in the network namespace, and then set up a 
while loop to read lines from the output of "ip route show table netns1" 
and mung them into an "ip route add …" command inside the network 
namespace.  (Possibly via "ip netns exec netns1 ip route add …".)

There's probably room for optimization.  Possibly with NetLink or the 
likes to receive notifications of updates from the kernel and be smarter 
about adding / removing routes in the (remote) network namespace.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20190607/18aa729c/attachment.p7s>

More information about the Bird-users mailing list