Namespaces

The namespaces setting allows to configure network namespaces (netns). IfState can only be run from the root netns. IfState will ignore any netns if the namespaces setting is missing in the configuration.

Schema description

# interfaces in the root netns
interfaces:
  enp5s0:
    link:
      state: up
      kind: physical
    identify:
      permaddr: '54:b2:03:16:94:09'

namespaces:
  tenant1:
    # interfaces in the tenant1 netns
    interfaces:
      # subinterface in vlan 48
      enp5s0.48:
        addresses:
          - 192.0.2.1/24
        link:
          kind: vlan
          state: up
          vlan_id: 48
          # link to interface in root netns
          link: enp5s0
          link_netns: null
  tenant2:
    # interfaces in the tenant2 netns
    interfaces:
      # subinterface in vlan 42
      enp5s0.42:
        addresses:
          - 192.0.2.1/24
        sysctl:
          mpls:
            input: 0
        link:
          kind: vlan
          state: up
          vlan_id: 42
          # link to interface in root netns
          link: enp5s0
          link_netns: null

Inside a netns the following settings are possible:

If namespaces are used it is possible to bind, link or use a master from another netns (null refers to the root netns):

bind_netns - bind the outside of a virtual tunnel (wireguard, xfrm, gre, …) in another namespace
link_netns - link the subinterface to an interface in another namespace

All features of IfState are netns aware and the identify setting to lookup physical interfaces works across namespaces.

Exampels:

WireGuard tunnel with netns namespace