I am trying to use namespaces to achieve VRF behavior (virtual routing and forwarding) to isolate the network. Essentially, I have a server application (C / C ++) running on a TCP port in the default namespace. I would like to use network namespaces to create an isolated VRF using VLAN, and then so that the application running in the default namespace can create a stream for each namespace to listen on the same port to the namespace.
I have a network side, I just donβt see how I can spawn a thread (prefer to use pthread instead of clone () if possible), call setns () on one of these namespaces, and then bind to the same port inside the space names. Here's what I do to create namespaces and bridges (limited to one namespace here for simplicity):
# ip netns add ns_vlan100
# ip link add link eno1 eno1.100 type vlan id 100
# ip link add veth0 type veth peer name veth_vlan100
# ip link set veth0 netns ns_vlan100
# ip netns exec ns_vlan100 ip link set dev veth0 up
# ip link set dev veth_vlan100 up
# brctl addbr bridge_vlan100
# brctl addif bridge_vlan100 eno1.100
# brctl addif bridge_vlan100 veth_vlan100
# ip link set dev bridge_vlan100 up
# ip link set dev eno1.100 up
# ip netns exec ns_vlan100 ifconfig veth0 10.10.10.1 netmask 255.255.255.0 up
# ip netns exec ns_vlan100 ip route add default via 10.10.10.1
In doing so, I can create a VLAN on a peer machine (without containers) and ping 10.10.10.1 without problems. So I know the links are good. I want my existing application to be able to create a thread in C or C ++ (pthreads are strongly preferred), and this thread calls setns () with something to put it in the ns_vlan100 namespace, so I can bind to the same port for my application, only inside this namespace.
, . .