Kernel protocol and different namespaces

Maria Matejka jan.matejka at nic.cz
Thu Jun 13 13:19:39 CEST 2019


Yes, BIRD processes in distinct netns's are separated (in context of 
network) and the suggested change is just to allow BGP session over Unix
socket instead of TCP (to allow for route exchange without configuring a 
link between netns's).

Maria

On 6/13/19 8:52 AM, Jakub Nowacki wrote:
> Ok, now I have the whole picture. Having option to exchange routes 
> between multiple BIRD processes on same box (but in different 
> namespaces) would allow to simplify management of configuration. Hoping 
> this could get implemented. For now I believe only viable option is to 
> have completely separated Bird processes with separated configuration 
> files :/
> 
> On Wed, Jun 12, 2019 at 3:35 PM Alexander Zubkov <green at qrator.net 
> <mailto:green at qrator.net>> wrote:
> 
>     Yes, different bird processes in each namespace. And if you need to
>     "leak" routes between them for some reason, then you need to connect
>     them somehow to pass routes between processes. There are concerns of
>     course if you want to export those routes into routing table,
>     because of separated interfaces, but at that point you should
>     already know pretty well what dirty things you are trying to do. :)
> 
>     On Wed, Jun 12, 2019 at 3:15 PM Jakub Nowacki
>     <jnowacki at greywizard.com <mailto:jnowacki at greywizard.com>> wrote:
> 
>         I'm in similar situation. Trying to run Bird on hardware that
>         runs on top of kernel that doesn't support vrf.
>         Not sure if I understand correctly. Not sure how using Linux
>         sockets would allow you to achieve separation between different
>         namespaces? You would still need at least different Bird
>         process, right?
> 
>         On Fri, Jun 7, 2019 at 11:08 PM Alexander Zubkov
>         <green at qrator.net <mailto:green at qrator.net>> wrote:
> 
>             Yes. Looks like they are accounted in their own network
>             namespace, it
>             is quite reasonable. But they are still can be accessed via
>             the file
>             system from another namespaces. I can confirm that it works
>             too. An
>             example with the bird control socket:
> 
>             localhost:~/run# birdc -s retn/bird.ctl show status
>             BIRD 2.0.4 ready.
>             BIRD 2.0.4
>             Router ID is 87.245.192.0
>             Current server time is 2019-06-07 20:47:32.479
>             Last reboot on 2019-06-07 20:45:17.425
>             Last reconfiguration on 2019-06-07 20:45:17.425
>             Daemon is up and running
>             localhost:~/run# ip netns exec retn birdc -s retn/bird.ctl
>             show status
>             BIRD 2.0.4 ready.
>             BIRD 2.0.4
>             Router ID is 87.245.192.0
>             Current server time is 2019-06-07 20:47:49.452
>             Last reboot on 2019-06-07 20:45:17.425
>             Last reconfiguration on 2019-06-07 20:45:17.425
>             Daemon is up and running
> 
> 
>             On Fri, Jun 7, 2019 at 10:41 PM Maria Matejka
>             <jan.matejka at nic.cz <mailto:jan.matejka at nic.cz>> wrote:
>              >
>              > > On 6/7/19 12:14 PM, Maria Jan Matějka wrote:
>              > >> Thinking once more about it, with respect to the
>             interfaces and so,
>              > >> the BGP transported over Unix socket seems to be quite
>             simple feature
>              > >> to do.
>              > >
>              > > I thought, and my initial tests support, that Unix
>             sockets are network
>              > > namespace specific.
>              > >
>              > > # netstat -aFunix
>              > > Kernel Interface table
>              > > Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK
>             TX-ERR TX-DRP
>              > > TX-OVR Flg
>              > > eno1      1500 77564888      0    614 0      66111123 
>                  0      0 0 BMRU
>              > > lo       65536 68143909      0      0 0      68143909 
>                  0      0 0 LRU
>              > > # ip netns add test
>              > > # ip netns exec test /bin/netstat -aFunix
>              > > Kernel Interface table
>              > > Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK
>             TX-ERR TX-DRP
>              > > TX-OVR Flg
>              > > lo       65536        0      0      0 0             0 
>                  0      0
>              > > 0 L
>              > > # ip netns del test
>              > >
>              > > So, I'm not sure if that's going to work the way that
>             you want.
>              >
>              > It will work the same way as the BIRD control socket works.
>              > You can try it by the attached script (run by root) which
>             uses socat for
>              > demonstration.
>              >
>              > Maria
> 
> 
> 
>         -- 
> 
>         Kuba Nowacki
> 
>         Senior NetOps
> 
> 
>         M: +(48) 605 508 118
> 
>         E: jnowacki at greywizard.com <mailto:jnowacki at greywizard.com>
> 
> 
>         	
> 
>         	
> 
>         GreyWizard Sp. z o.o.
> 
>         ul. Palacza 113
> 
>         60-273 Poznań, Poland
> 
>         	
> 
>         NIP: 779-24-22-423
> 
>         Regon: 302744400
> 
>         KRS: 0000512326
> 
> 
>         	
> 
>         greywizard.com <http://greywizard.com>
> 
>         support at greywizard.com <mailto:support at greywizard.com>
> 
>         +48 22 201 33 13
> 
> 
>         Sąd Rejonowy w Poznaniu, VIII Wydział Gospodarczy Krajowego
>         Rejestru Sądowego. Kapitał zakładowy 10000 PLN.
> 
> 
> 
> 
> -- 
> 
> Kuba Nowacki
> 
> Senior NetOps
> 
> 
> M: +(48) 605 508 118
> 
> E: jnowacki at greywizard.com <mailto:jnowacki at greywizard.com>
> 
> 
> 	
> 
> 	
> 
> GreyWizard Sp. z o.o.
> 
> ul. Palacza 113
> 
> 60-273 Poznań, Poland
> 
> 	
> 
> NIP: 779-24-22-423
> 
> Regon: 302744400
> 
> KRS: 0000512326
> 
> 
> 	
> 
> greywizard.com <http://greywizard.com>
> 
> support at greywizard.com <mailto:support at greywizard.com>
> 
> +48 22 201 33 13
> 
> 
> Sąd Rejonowy w Poznaniu, VIII Wydział Gospodarczy Krajowego Rejestru 
> Sądowego. Kapitał zakładowy 10000 PLN.
> 
> 


More information about the Bird-users mailing list