The next step is get the basic connectivity, so at least new namespace can connect to the ones next to it.
Firstly, we need to bring the interface up. By default interfaces are added in the DOWN state, meaning they are off. You can see this by running ip addr an the interface will say state DOWN. (Note: ignore the value after the @, the inteface name if everything before the @)
root@podman-test:/home/jacob# ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
5: c0@if6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 16:8e:9d:07:22:d5 brd ff:ff:ff:ff:ff:ff link-netns right
8: c1@if7: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 3a:06:cb:1f:17:27 brd ff:ff:ff:ff:ff:ff link-netns leftTo bring an interface up, use the following command (since the shells for the namespaces are root, I'm not including sudo):
ip link set <INTERFACE> upIf you check with ip addr, you'll see the output has changed:
7: l0@if8: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
link/ether 9e:97:5e:57:83:54 brd ff:ff:ff:ff:ff:ff link-netns centerThe state will be LOWERLAYERDOWN until the other end of the connection is brought up, then it will be state UP:
7: l0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 9e:97:5e:57:83:54 brd ff:ff:ff:ff:ff:ff link-netns centerOnce all interfaces (l0, c0, c1, r0) are in the UP state, move onto the next section.
Note: Most Linux distributions will bring up their interfaces by default. However, if new interfaces are added (new NIC, for example), they may not.
We want to set up the network with these ranges:
192.168.70.0/24 172.17.40.0/24
left <------------> center <------------> right
.2 .1 .1 .2To set an IP address on an interface (since the shells for the namespaces are root, I'm not including sudo):
ip addr add <IP>/<PREFIX> dev <INTERFACE> For left, the interface is l0 (verify with ip addr in the left namespace), and the IP and prefix we want is 192.168.70.2 and 24. To set the IP then is:
ip addr add 192.168.70.2/24 dev l0Before you move on, make sure the following IPs are configured on the interfaces in the namespace:
| Namespace | Interface | Address | Prefix |
|---|---|---|---|
| left | l0 |
192.168.70.2 |
24 |
| center | c1 |
192.168.70.1 |
24 |
| center | c0 |
172.17.40.1 |
24 |
| right | r0 |
172.17.40.2 |
24 |
We can verify we can connect to our neighbor namespaces by pinging them with the ping command. So on left we can verify we can connect to center by pinging the IP on the interface connected to left (use ctrl-c to stop ping, otherwise it will go forever):
(left)$ ping 192.168.70.1
PING 192.168.70.1 (192.168.70.1) 56(84) bytes of data.
64 bytes from 192.168.70.1: icmp_seq=1 ttl=64 time=0.080 ms
64 bytes from 192.168.70.1: icmp_seq=2 ttl=64 time=0.081 ms
64 bytes from 192.168.70.1: icmp_seq=3 ttl=64 time=0.085 msOn center we can ping both the addresses on left and right:
(center)$ ping 192.168.70.2
PING 192.168.70.2 (192.168.70.2) 56(84) bytes of data.
64 bytes from 192.168.70.2: icmp_seq=1 ttl=64 time=0.071 ms
64 bytes from 192.168.70.2: icmp_seq=2 ttl=64 time=0.057 ms
^C
--- 192.168.70.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1003ms
rtt min/avg/max/mdev = 0.057/0.064/0.071/0.007 ms
(center)$ ping 172.17.40.2
PING 172.17.40.2 (172.17.40.2) 56(84) bytes of data.
64 bytes from 172.17.40.2: icmp_seq=1 ttl=64 time=0.060 ms
64 bytes from 172.17.40.2: icmp_seq=2 ttl=64 time=0.080 ms
64 bytes from 172.17.40.2: icmp_seq=3 ttl=64 time=0.036 ms
^C
--- 172.17.40.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2044ms
rtt min/avg/max/mdev = 0.036/0.058/0.080/0.018 msAnd right can ping center:
(right)$ ping 172.17.40.1
PING 172.17.40.1 (172.17.40.1) 56(84) bytes of data.
64 bytes from 172.17.40.1: icmp_seq=1 ttl=64 time=0.072 ms
64 bytes from 172.17.40.1: icmp_seq=2 ttl=64 time=0.082 msHowever, left cannot ping right:
(left)$ ping 172.17.40.2
ping: connect: Network is unreachableRemember our question: "how do I get there?" left can ping center because they are directly connected. left knows that when we ping 192.168.70.1, its connected to that network and so it can get there ("route" it there). A computer knows how to route to networks directly connected to it. Past those direct connections though, it doesn't know how to get there. Thus, when we try to ping right, it gives up since it doesn't know what to do with it. We need to tell it what and where to route packets outside its directly connected network. That's the goal of part 3!