[Bloat] speedtest-cli on multihomed gateway

Paul Tagliamonte paultag at gmail.com
Thu Feb 2 10:15:23 EST 2023 

I wasn't going to reply, since I figured others would get here first
with more constructive notes; but since I don't see any, here's some
pointers, but alas, not anything concrete; a lot is still left as an
exercise to the reader. Sorry about that.

Sorry this is a bit long, i'm going to try to make this as helpful as I
can.

On Wed, Feb 01, 2023 at 12:20:56PM -0800, Kenneth Porter via Bloat wrote:
> # ip netns add comcast-1
> # ip link set eno4 netns comcast-1
> # ip netns exec comcast-1 speedtest-cli

Network Namespaces work like the other Linux namespaces (ok fine, not
*all* of them, but most of them) -- when you create a new one, you're in
an entirely different universe that is not connected to your existing
world. This world doesn't talk to other namespaces, unless you use
something like a `ip link add link-name0 type veth peer link-name1`, and
move one end of the veth "wormhole" into the network namespace, leave
the other out of it, and use it to bridge. This is fundementally how
things like Docker work.

All this to say, by moving eno4 to netns comcast-1, the host won't be
able to meaningfully use it anymore. This is likely not what you want
(an outage during the speedtest), so my guess is you'd want a network
namespace, veth pair with one end on the host, one end in the network
namespace, and a bridge to join the veth0 to comcast-1.

Let's create two network veth interfaces (it's like a pipe if you've
never used one directly before), on-host0 which will live on my host's
network namespace, and `in-ns0` which will be moved into the network
namespace once we set it up. These are bad names I'm picking to make
this super explicit.

prompts like `host$` are done via bash on my host, perhaps with sudo.
Prompts like `ns$` are done via bash inside a network namespace. Also,
perhaps with sudo.

```
host$ ip link add on-host0 type veth peer in-ns0
```

Note `ip link`. It'll show `on-host0` and `in-ns0` in the host
namespace, and also down.

Let's add a network namespace.

```
host$ sudo ip netns add bloat
host$ sudo ip netns exec bloat $(which bash)
ns$ ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
ns$
```

```
host$ ip link set in-ns0 netns bloat
host$ 
```

```
ns$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
17: in-ns0 at if18: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether fe:a8:45:16:c5:5a brd ff:ff:ff:ff:ff:ff link-netnsid 0
```

You'll note that I currently have no interfaces, *none* of the host
interfaces show -- and even `lo` is down. Let's fix that.

```
ns$ ip link set lo up
ns$ ip link set in-ns0 up
ns$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
17: in-ns0 at if18: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
    link/ether fe:a8:45:16:c5:5a brd ff:ff:ff:ff:ff:ff link-netnsid 0
```

You'll note `in-ns0` is still LAYERDOWN, this is because the host veth
end is still down.

The last big thing is because this is its own network namespace, you'll
need to add an IP address to the veth device depending on configuration
(e.g., you could NAT from the veth on-host0 -> comcast-1, bridge it, or
whatever your setup and upstream will allow), and then you can set up
your routes as required.

```
ns$ ip route
ns$ 
```

>From here on out, I suspect you've got it, given you're juggling 4 WAN
ports, I guess you can fill in the rest of the blanks here, it's just a
few routes/interface configurations on the host and inside your netns.

FWIW, at some point this becomes almost exactly like a Docker container
(or podman or what have you) without the nicities -- Docker and other
container daemons/launchers are usually capable of automating this
bridge+veth+netns dance for you. If that's not an option due to the
platform, doing it by hand is doable, but requires a bit of work to
debug.

> At this point I'm not sure what I need to do to make the network
> namespace usable.

Best of luck,
   paultag

-- 
:wq

More information about the Bloat mailing list