Thanks David! Indeed I use a namespace to isolate the management interface of a centos system from the data namespace which needs to run bgpd and ospfd You said there is no provided way to run frr services in a non default namespace and one needs to wire that themselves. But since this seems like a very common approach to follow (separating management domain from others), how does the community deal with it? Any examples maybe? Thanks for you help вс, 28 окт. 2018 г., 0:06 David Lamparter <equinox@diac24.net>:
Hi Roman,
depending on what you want to do, there are 2 different approaches to network namespaces with FRR:
(a) using them to implement VRFs and have FRR be aware of them (b) using them to implement virtual routers and run FRR inside of them
For a management interface separation -- where you don't need any interaction between the management and routing netns -- I would suggest you do (b).
Now, unfortunately the standard init scripts won't start FRR in a network namespace for you. You'll have to wire that up for yourself. But on the other hand, after that's done you just have a "normal" FRR installation and don't need to deal with VRFs. If you want to run more than one FRR "virtual router", you can use the `-N` option. In that case each netns runs the full set of all daemons.
If you want to do (a), there is the `--vrfwnetns` option to pass to zebra at startup, but I don't actually know the details on this since I haven't run such a setup. [https://frrouting.readthedocs.io/en/latest/zebra.html#cmdoption-zebra-n]
Lastly, if you want to use Linux kernel VRF support, that works by creating "vrf" type devices inside the 1 network namespace.
Cheers,
-David