Network namespaces without isolation
Andreas B Aaen
andreas.aaen at tietoenator.com
Wed Jul 2 00:18:50 PDT 2008
I am looking into the network namespace implementation because I need an IP
stack that is capable of talking with a number of separate IP nets with
possible overlapping IP adresses. My connection to each separate IP-net is
through a tunnel e.g. a VLAN interface.
A special application will then be able to listen to traffic on all the nets
through a socket option SO_NS that sets the namespace to talk/listen to for a
particular socket. For this to work network namespaces needs to be indexed.
It would also be very handy if the configuration can be made without a clone()
ip ns add ns 1
ip link set eth0.42 ns 1
ip addr add 192.168.50.4/24 dev eth0.42 ns 1
It would be fairly ok if this possibility to set up interfaces on other
namespaces only is possible from the default namespace.
It would also be nice to be able to see the network statistics from all the
namespaces through the proc filesystem at least in an uncloned (isolated)
So you would be able to see the network statistics in /proc/net/ns/<index>/
It should be said that we have an implementation of all this already, but NOT
based on network namespaces and for elder kernels. We don't want to forward
port this, put instead add a few features to the network namespace
implementation to be able to fullfill the requirement of our application:
talk to a number of IP networks with possible overlapping IP addresses.
Andreas Bach Aaen System Developer, M. Sc.
Tieto Enator A/S tel: +45 89 38 51 00
Skanderborgvej 232 fax: +45 89 38 51 01
8260 Viby J Denmark andreas.aaen at tietoenator.com
More information about the Containers