I'm in similar situation. Trying to run Bird on hardware that runs on top of kernel that doesn't support vrf. Not sure if I understand correctly. Not sure how using Linux sockets would allow you to achieve separation between different namespaces? You would still need at least different Bird process, right? On Fri, Jun 7, 2019 at 11:08 PM Alexander Zubkov <green@qrator.net> wrote:
Yes. Looks like they are accounted in their own network namespace, it is quite reasonable. But they are still can be accessed via the file system from another namespaces. I can confirm that it works too. An example with the bird control socket:
localhost:~/run# birdc -s retn/bird.ctl show status BIRD 2.0.4 ready. BIRD 2.0.4 Router ID is 87.245.192.0 Current server time is 2019-06-07 20:47:32.479 Last reboot on 2019-06-07 20:45:17.425 Last reconfiguration on 2019-06-07 20:45:17.425 Daemon is up and running localhost:~/run# ip netns exec retn birdc -s retn/bird.ctl show status BIRD 2.0.4 ready. BIRD 2.0.4 Router ID is 87.245.192.0 Current server time is 2019-06-07 20:47:49.452 Last reboot on 2019-06-07 20:45:17.425 Last reconfiguration on 2019-06-07 20:45:17.425 Daemon is up and running
On Fri, Jun 7, 2019 at 10:41 PM Maria Matejka <jan.matejka@nic.cz> wrote:
On 6/7/19 12:14 PM, Maria Jan Matějka wrote:
Thinking once more about it, with respect to the interfaces and so, the BGP transported over Unix socket seems to be quite simple feature to do.
I thought, and my initial tests support, that Unix sockets are network namespace specific.
# netstat -aFunix Kernel Interface table Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eno1 1500 77564888 0 614 0 66111123 0 0 0
BMRU
lo 65536 68143909 0 0 0 68143909 0 0 0 LRU # ip netns add test # ip netns exec test /bin/netstat -aFunix Kernel Interface table Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg lo 65536 0 0 0 0 0 0 0 0 L # ip netns del test
So, I'm not sure if that's going to work the way that you want.
It will work the same way as the BIRD control socket works. You can try it by the attached script (run by root) which uses socat for demonstration.
Maria
-- Kuba Nowacki Senior NetOps M: +(48) 605 508 118 E: jnowacki@greywizard.com GreyWizard Sp. z o.o. ul. Palacza 113 60-273 Poznań, Poland NIP: 779-24-22-423 Regon: 302744400 KRS: 0000512326 greywizard.com support@greywizard.com +48 22 201 33 13 Sąd Rejonowy w Poznaniu, VIII Wydział Gospodarczy Krajowego Rejestru Sądowego. Kapitał zakładowy 10000 PLN.