This assumes a routing/IP setup like OVH has for multiple IPs, with everything through a single physical interface. Virtual MACs should not be used.
The key benefits of this over editing application configs are:
- Handles applications that force listen on all interfaces
- Handles outbound traffic sensibly (ie without editing source addresses)
- Applications that sniff the public IP see the secondary IP
- Fails loudly - application will lose all connectivity, rather than being silently unconfined
Write a post-up script like:
#!/bin/sh
ip netns add mynamespace
ip link add myipvl link eno1 type ipvlan mode l3
ip link set myipvl netns mynamespace
ip netns exec mynamespace ifconfig myipvl 1.1.1.1/32 up
ip netns exec mynamespace ip route add default dev myipvl
ip netns exec mynamespace ip link set dev lo upWhere mynamespace and myipvl are arbitrary strings, and 1.1.1.1 is the secondary IP you want to use.
Then in the systemd service, add:
NetworkNamespacePath=/run/netns/mynamespace
Leave a Reply