Linux Containers and Network Namespaces

Containers provide a relatively new mechanism to execute self-contained network device logic on a host, and Netlab supports them through Containerlab. From a developer perspective, there are some nuances in dealing with the provisioning of generic Linux containers.

Network Namespaces

Each container runs inside its own network namespace (netns), which contains the logical devices that make up its interfaces to the external world. Containers typically have a minimal number of 1 network interface (not counting the internal loopback); in the context of Netlab, most network device containers have multiple interfaces, all of which need to be provisioned.

To minimize dependencies on programs available inside each Linux container image, Netlab implements logic to use the Linux host for provisioning while operating inside the target Linux container netns. This logic is triggered by the name of the provisioning script: If the name of the provisioning template ends with -clab.j2, it gets executed on the host using ip netns exec. Otherwise, a docker exec command is used to execute the provisioning script within the container (using whatever program binaries it contains)

See netsim/ansible/tasks/deploy-config/linux-clab.yml for details.