Re: [vpp-dev] linux-cp does not work in different namespaces

Thu, 29 Jan 2026 00:48:55 -0800 

Hoi Moritz,
You are correct that linux_nl (the netlink plugin) does not work in different namespaces. When VPP starts, linux_nl plugin starts a netlink listener in the namespace defined in startup.conf using the linux-cp { default netns FOO } configuration snippet. Linux NL plugin will start a listener in the the 'default' namespace if none is given. It does not start multiple listeners. 


I'll further clarify, as people have asked from time to time, the CLI 
command 'lcp set default netns BAR' (and API companion 
lcp_default_ns_set()) do not change or move the listener. It is 
hardcoded to be created upon VPP startup:

- see function lcp_nl_init() in src/plugins/linux-cp/lcp_nl.c:1011
- which calls lcp_nl_open_socket() defined at lcp_nl.c:870

- which uses lcp_default_ns_get() to start the single netlink listener 
in the 'default netns' that was set upon startup.



However, linux_cp (the interface plugin) works with interfaces in 
multiple network namespaces. The purpose of this linux_cp plugin is to 
punt traffic to/from the TAP companion interfaces in Linux.



For those who want to have VRFs, the advice is to use (obviously) one 
network namespace, create VRFs within that namespace, and associate the 
linux interfaces with those VRFs. In the VPP dataplane, move the 
interfaces to separate tables as you've done below. You can search the 
archives of vpp-dev@ for several other conversations about Linux CP and 
VRFs.



You might even find a gerrit or two from folks who actively use VRFs 
with VPP and Linux CP!


groet,
Pim

On 29.01.2026 01:46, Moritz Beck via lists.fd.io wrote:



I have two interfaces that are bound to two different tables in VPP. I 
want to create two kernel interfaces that run in different namespaces 
and relay the netlink messages from there accordingly.
VPP itself is running in the default namespace. linux-cp does not have 
a default namespace set.




# Relevant startup.conf:
dpdk {
        dev 0000:3b:10.1
        dev 0000:3b:10.3
}

plugins {
        plugin default { disable }
        plugin dpdk_plugin.so { enable }
        plugin linux_cp_plugin.so { enable }
        plugin linux_nl_plugin.so { enable }
}

linux-cp {
        lcp-auto-subint
        lcp-sync
}



# Linux config:
ip netns add ns1
ip netns add ns2

# VPP config:
ip table add 1
ip table add 2

ip6 table add 1
ip6 table add 2

set interface ip table VirtualFunctionEthernet3b/10/1 1
set interface ip table VirtualFunctionEthernet3b/10/3 2

set interface ip6 table VirtualFunctionEthernet3b/10/1 1
set interface ip6 table VirtualFunctionEthernet3b/10/3 2

# working:
vpp# show interface

              Name               Idx    State  MTU 
(L3/IP4/IP6/MPLS)     Counter          Count

VirtualFunctionEthernet3b/10/1    1     down 9000/0/0/0
VirtualFunctionEthernet3b/10/3    2     down 9000/0/0/0

vpp# lcp create VirtualFunctionEthernet3b/10/1 host-if if-ns1
vpp# lcp create VirtualFunctionEthernet3b/10/3 host-if if-ns2

$ ip link

151: if-ns1: <BROADCAST,MULTICAST> mtu 9000 qdisc mq state DOWN mode 
DEFAULT group default qlen 1000

    link/ether 02:09:c0:4b:41:34 brd ff:ff:ff:ff:ff:ff

152: if-ns2: <BROADCAST,MULTICAST> mtu 9000 qdisc mq state DOWN mode 
DEFAULT group default qlen 1000

    link/ether 02:09:c0:00:3d:84 brd ff:ff:ff:ff:ff:ff

$ ip link set dev if-ns1 up
$ ip link set dev if-ns2 up

$ ip link

151: if-ns1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state 
UNKNOWN mode DEFAULT group default qlen 1000

    link/ether 02:09:c0:4b:41:34 brd ff:ff:ff:ff:ff:ff

152: if-ns2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state 
UNKNOWN mode DEFAULT group default qlen 1000

    link/ether 02:09:c0:00:3d:84 brd ff:ff:ff:ff:ff:ff

vpp# show interface

              Name               Idx    State  MTU 
(L3/IP4/IP6/MPLS)     Counter          Count

VirtualFunctionEthernet3b/10/1    1      up 9000/0/0/0
VirtualFunctionEthernet3b/10/3    2      up 9000/0/0/0



# Not working:
vpp# show interface

              Name               Idx    State  MTU 
(L3/IP4/IP6/MPLS)     Counter          Count

VirtualFunctionEthernet3b/10/1    1     down 9000/0/0/0
VirtualFunctionEthernet3b/10/3    2     down 9000/0/0/0

vpp# lcp create VirtualFunctionEthernet3b/10/1 host-if if-ns1 netns ns1
vpp# lcp create VirtualFunctionEthernet3b/10/3 host-if if-ns2 netns ns2

$ ip -all netns exec ip link

netns: ns2

1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group 
default qlen 1000

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

3: if-ns2: <BROADCAST,MULTICAST> mtu 9000 qdisc mq state DOWN mode 
DEFAULT group default qlen 1000

    link/ether 02:09:c0:45:49:2d brd ff:ff:ff:ff:ff:ff

netns: ns1

1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group 
default qlen 1000

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

3: if-ns1: <BROADCAST,MULTICAST> mtu 9000 qdisc mq state DOWN mode 
DEFAULT group default qlen 1000

    link/ether 02:09:c0:8d:d4:08 brd ff:ff:ff:ff:ff:ff

$ ip netns exec ns1 ip link set dev if-ns1 up
$ ip netns exec ns2 ip link set dev if-ns2 up

$ ip -all netns exec ip link

netns: ns2

1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group 
default qlen 1000

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

3: if-ns2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state 
UNKNOWN mode DEFAULT group default qlen 1000

    link/ether 02:09:c0:45:49:2d brd ff:ff:ff:ff:ff:ff

netns: ns1

1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group 
default qlen 1000

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

3: if-ns1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state 
UNKNOWN mode DEFAULT group default qlen 1000

    link/ether 02:09:c0:8d:d4:08 brd ff:ff:ff:ff:ff:ff

vpp# show interface

              Name               Idx    State  MTU 
(L3/IP4/IP6/MPLS)     Counter          Count

VirtualFunctionEthernet3b/10/1    1     down 9000/0/0/0
VirtualFunctionEthernet3b/10/3    2     down 9000/0/0/0



# Corresponding log entries:
vpp[4403]: vpp[4403]: clib_c11_violation: s2 NULL
vpp[4403]: clib_c11_violation: s2 NULL
vpp[4403]: vpp[4403]: clib_c11_violation: s2 NULL
vpp[4403]: clib_c11_violation: s2 NULL




As you can see, the netlink messages only get relayed from the default 
namespace and not the other ones. Creating the interfaces in the 
default namespace and then moving them to the other ones also does not 
work. It results in the interfaces disappearing from the kernel and 
VPP altogether.







--
Pim van Pelt<[email protected]>
PBVP1-RIPEhttps://ipng.ch/


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#26745): https://lists.fd.io/g/vpp-dev/message/26745
Mute This Topic: https://lists.fd.io/mt/117519114/21656
Group Owner: [email protected]
Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/14379924/21656/631435203/xyzzy 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-























					Reply via email to