Bonding 2 interfaces inside a linux network namespace

Question

I'd like to be able to bond/aggregate 2 interfaces inside a Linux network namespace.

The configuration I'm working with is the following:

On the root linux net stack I have two physical ethernet interfaces:
- eth0
- eth1
And then I have a network namespace that has 2 interfaces:
- ethX0 that is bridged to physical eth0
- ethX1 that is bridged to physical eth1

I'd like to bond ethX0 and ethX1 inside the network namespace, either with 802.3ad or active-backup.

But bonding on Linux works at the physical interface level and I can't seem to make this work, although I don't see why (at the frame level) it couldn't be done ? I can create a net-ns over a bond, but not a bond over a net-ns.

I can't bond the eth0 and eth1 physical interfaces, because I want to be able to adress them separately for a myriad other applications, but I'd like only ethX0 and ethX1 to be bonded.

Any idea how to do this ?

Is this setup intended to experiment for example with failovers, or is there an other specific reason in mind? For an experiment, or maybe to have similar setups across different environments I can understand (and might have an answer), else I fail to see what's the goal of this. — A.B, Aug 31 '20 at 15:49
Hi, this is for an operational system. I'm overlaying lots of VLANs and network namespaces. I need for a tiny part of the system, to interconnect with a customer that asks that Ethernet links that go out of the PC be bonded. I can't bond the physical interfaces as, for other streams I have to control precisely on which Ethernet port data goes out. — Touisteur EmporteUneVache, Sep 01 '20 at 16:17

score 0 · Answer 1 · answered Jun 22 '21 at 18:41

0

The answer I found was to use teams. Great recent Linux api, works in network namespaces and behavior can be controlled from userland. Great stuff!

answered Jun 22 '21 at 18:41

Touisteur EmporteUneVache

23
3

Mikko Rantalainen · Answer 2 · 2021-06-25T10:50:20.193

Some people seem to use teams for this but that's not really required. For Ubuntu/Debian systems you can just edit /etc/network/interfaces and do something like this to use native kernel support instead:

# The loopback network interface
auto lo
iface lo inet loopback

# 2 x 10 Gbps LACP link:
auto bond0
iface bond0 inet manual
bond-mode 802.3ad
bond-miimon 100
bond-lacp-rate 1
bond-slaves enp1s0f0 enp1s0f1

# 10 Gbps port 1:
auto enp1s0f0
iface enp1s0f0 inet manual
bond-master bond0

# 10 Gbps port 2:
auto enp1s0f1
iface enp1s0f1 inet manual
bond-master bond0

# VLAN 395:
auto bond0.395
iface bond0.395 inet static
address 11.22.33.44
netmask 255.255.255.224
gateway 11.22.33.1
dns-nameservers 11.22.33.1 11.22.33.2
dns-search example.com
vlan-raw-device bond0

This allows tapping tcpdump to whatever part you need to debug. In this example bond0 is the raw traffic with VLAN tags over two connections, enp1s0f0 and enp1s0f1 are the raw ports transferring LACP/802.3ad traffic and bond0.395 is the logical network without VLAN tags. Obviously, the correct VLAN number depends on your upstream configuration, the 395 is just an example.

See https://wiki.debian.org/Bonding for details.

Thanks for this. I can tcpdump on the enp1s0f0 and enp1s0f1 interfaces but can I send/receive packets and bind sockets on them? — Touisteur EmporteUneVache, Jun 24 '21 at 17:04
Haven't ever tried to send anything using those, just via the bond0.395. I would assume that if you define `address` for those devices it should be fine. — Mikko Rantalainen, Jun 24 '21 at 17:37

Bonding 2 interfaces inside a linux network namespace

2 Answers2