Linux Network namespaces

Create Network namespace

# IP netns Add Blue

# IP Netns List

Blue

Add a network port to namespace

Create Veth First

# IP link Add veth0 type Veth peer name Veth1

In the current namespace you can see Veth0 and veth1

# IP Link List

1:lo: <LOOPBACK,UP,LOWER_UP> MTU 65536 qdisc noqueue State UNKNOWN

Link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00

2:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU Qdisc pfifo_fast State up Qlen 1000

Link/ether 00:0c:29:b2:cf:72 BRD FF:FF:FF:FF:FF:FF

3:veth1: <BROADCAST,MULTICAST> MTU qdisc NoOp State down Qlen 1000

Link/ether ae:0d:00:e1:11:38 BRD FF:FF:FF:FF:FF:FF

4:veth0: <BROADCAST,MULTICAST> MTU qdisc NoOp State down Qlen 1000

Link/ether 42:E7:50:D4:BB:C5 BRD FF:FF:FF:FF:FF:FF

Add Veth1 to Namespace "blue"

# IP link set veth1 netns blue

At this point, the current namepapce can only see Veth0.

You can view the blue namespace's network port by following the commands below

# IP netns exec blue IP Link list

Configuring network Ports for Network namespace

IP netns exec allows you to configure the namespace network port

# IP netns exec Blue ifconfig veth1 172.17.42.2/16 up

Network namespace communication with the physical network card

It is achieved through bridge. See Veth pair section.

Main references

[0] Introducing Linux Network Namespaces

Veth pair

Veth pair is a way to communicate between different network namespace, Veth pair sends a network namespace data to another network namespace Veth. As follows:

# Add the namespaces

IP netns Add ns1

IP netns Add ns2

# Create the Veth pair

IP link Add tap1 type Veth peer name Tap2

# Move the interfaces to the namespaces

IP link set tap1 netns ns1

IP link set tap2 netns ns2

# Bring up the links

IP netns exec ns1 IP link set dev tap1 up

IP netns exec ns2 IP link set dev tap2 up

If multiple network namespace require communication, bridge is required:

# Add the namespaces

IP netns Add ns1

IP netns Add ns2

# Create the Switch

Bridge=br-test

Brctl ADDBR $BRIDGE

Brctl STP $BRIDGE off

IP link set Dev $BRIDGE up

#

# # # # PORT 1

# Create a Port pair

IP link Add tap1 type Veth peer name Br-tap1

# Attach one side to Linuxbridge

Brctl addif br-test Br-tap1

# Attach the other side to namespace

IP link set tap1 netns ns1

# Set the ports to up

IP netns exec ns1 IP link set dev tap1 up

IP link set Dev br-tap1 up

#

# # # # PORT 2

# Create a Port pair

IP link Add tap2 type Veth peer name Br-tap2

# Attach one side to Linuxbridge

Brctl addif br-test BR-TAP2

# Attach the other side to namespace

IP link set tap2 netns ns2

# Set the ports to up

IP netns exec ns2 IP link set dev tap2 up

IP link set Dev br-tap2 up

#

Kernel implementation

The implementation of Veth is similar to the loopback interface, which is relatively simple:

Drivers/net/veth.c

Static netdev_tx_t veth_xmit (struct sk_buff *skb, struct net_device *dev)

{

struct Net_device *RCV = NULL;

struct Veth_priv *priv, *rcv_priv;

Priv = Netdev_priv (dev);

RCV = priv->peer;

Rcv_priv = Netdev_priv (RCV);

Stats = this_cpu_ptr (priv->stats);

Length = skb->len;

Forward to Peer

if (DEV_FORWARD_SKB (RCV, SKB)! = net_rx_success)

Goto Rx_drop;

Netif_f_netns_local

Netif_f_netns_local is a feature of a network device that sets up the network device for this feature and does not allow the movement between different networks namespace. This type of device is also called a local device (locally devices).

Loopback,vxlan,ppp,bridge are all of this type of equipment. This value can be viewed through ethtool-k, or ethtool–show-features:

# ethtool-k Br0

netns-local:on [Fixed]

If the network namespace for this type of device, the following error is reported:

# IP Link Set br0 netns ns1

Rtnetlink answers:invalid argument

Refer to "Resource Management:linux kernel namespaces and cgroups"

Main references

[0] Linux switching–interconnecting namespaces

Transferred from: https://www.cnblogs.com/hustcat/p/3928261.html

Configuration reference: http://www.mamicode.com/info-detail-1726070.html

Linux Network namespaces