Linux Network NameSpaces

Introduction

Namespace : A class of elements (e.g. addresses, file locations, etc.) in which each element has a name unique to that class, although it may be shared with elements in other classes. (Definition)

Generally, Linux shares a single set of Network interfaces and routing tables across the entire Operating System. With Networking Namespace, its now possible for each Namespace to have its own routing table and other networking constructs.

Creating a Network Namespace

Let's create two Namespaces "red" and "blue". root@controller:~#ip netns add red root@controller:~#ip netns add blue

Listing the Namespace

root@controller:~# ip netns list blue red

Executing a command in a Namespace

ip netns exec <namespace> <command> root@controller:~# ip netns exec red ip link list 1: lo: <loopback> mtu 65536 qdisc noop state DOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

Adding interfaces to a Namespace

Its not possible to add a physical interface(like eth0) to a Namespace. One needs to create a virtual interface and add it to the Namespace. Virtual interfaces are created in pairs. One of them can be added to the default Namespace and other to the newly created Namespace.

Creating pair of Virtual Interface

Lets create two virtual interfaces "veth0" and "veth_blue". virtual interfaces are created here in the default namespace.

root@controller:~# ip link add veth0 type veth peer name veth_blue root@controller:~# ip link list 10: veth_blue: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 02:9e:3d:c4:5d:05 brd ff:ff:ff:ff:ff:ff 11: veth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether d2:e3:09:bf:41:10 brd ff:ff:ff:ff:ff:ff

Adding Virtual Interface to a Namespace

root@controller:~# ip link set veth0 netns blue

This command adds veth0 to Namespace blue, the other pair (veth_blue) is still present in the default namespace

Listing of default Namespace

This commands show the listing of default namespace, veth_blue is still present in the default namespace.

root@controller:~# ip link list 10: veth_blue: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 02:9e:3d:c4:5d:05 brd ff:ff:ff:ff:ff:ff

Listing of blue Namespace

veth0 has now moved to the blue Namespace.

root@controller:~# ip netns exec blue ip link list 11: veth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether d2:e3:09:bf:41:10 brd ff:ff:ff:ff:ff:ff

Similar setup for Red Namespace

Adding veth0 to red Namespace and its peer (veth_red) remains in the default namespace.

ip link add veth0 type veth peer name veth_red ip link set veth0 netns red