Skip to content

umarfchy/playing-with-linux-network-namespaces

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
libs
libs
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

Playing 🎮 with Linux Network Namespaces

Objectives

Main tasks

  • create new network namespaces
  • connect two network namespaces via virtual ethernet (veth)
  • connect to a python HTTP server on a separate namespace
  • connect two network namespaces via a virtual switch bridge
  • use IP masquerading to establish an ingress connection

Meta tasks

  • docker test environment setup
  • apply color in bash at docker startup
  • run container forever
  • test network types
Connect Two Namespaces Using VETH- TL;DR 👇

Outline for basic command and process.

Note

Please prefix following commands with sudo if we're not logged in as a root user.

  1. Create a new network namespace
ip netns add <NAMESPACE_NAME>
  1. Create a veth cable and assign an interface to a particular namespace
ip link add <INTERFACE_NAME> type veth peer name <OTHER_INTERFACE_NAME>
ip link set <INTERFACE_NAME> netns <NAMESPACE_NAME>

Note

This step must be done after the interface assigning to a namespace is complete.

Now, enter into one of the namespaces

ip netns exec <NAMESPACE_NAME> bash
  1. Assign an IP address to an interface
ip addr add <SUBNET_WITH_CIDR> dev <INTERFACE_NAME>
  1. Bring up the interface
ip link set dev <INTERFACE_NAME> up
  1. Configure route

If we just want the namespace to send packets to the server that is making the request, we need to configure routes in both namespaces as follows -

ip route add default via <GATEWAY_IP> dev <INTERFACE_NAME>
  1. Test with ping
ping <OTHER_NAMESAPCE_IP>

We can also specify the interface

ping -I <INTERFACE> <OTHER_NAMESAPCE_IP> # 👈 from the other namespace
tcpdump -v -i <OTHER_INTERFACE> # 👈 from the other namespace

Find the step-by-step example to connect two network namespaces here.

Connect Two Namespaces Using Bridge - TL;DR 👇

Outline for basic command and process.

Note

Please prefix following commands with sudo if we're not logged in as a root user.

  1. Create a new network namespace
ip netns add <NAMESPACE_NAME>
  1. Create a bridge
ip link add <BRIDGE_NAME> type bridge
  1. Create veth cables and assign interfaces
ip link add <INTERFACE_NAME> type veth peer name <BRIDGE_INTERFACE_NAME>
ip link set <INTERFACE_NAME> netns <NAMESPACE_NAME>
ip link set <BRIDGE_INTERFACE_NAME> master <BRIDGE_NAME>
  1. Assign an IP address to the Bridge interface
ip addr add <SUBNET_WITH_CIDR> dev <BRIDGE_NAME>
  1. Assign an IP address to a namespace interface
ip netns exec <NAMESPACE_NAME> ip addr add <SUBNET_WITH_CIDR> dev <INTERFACE_NAME>
  1. Bring up the interface
ip link set dev <BRIDGE_INTERFACE_NAME> up
ip link set dev <BRIDGE_NAME> up
ip netns exec <NAMESPACE_NAME> ip link set dev <INTERFACE_NAME> up
  1. Configure route

If we just want the namespace to send packets to the server that is making the request, we need to configure routes in both namespaces as follows -

ip route add default via <GATEWAY_IP> dev <INTERFACE_NAME>
  1. Test with ping
ping -I <INTERFACE> <OTHER_NAMESAPCE_IP> # 👈 from the other namespace
tcpdump -v -i <OTHER_INTERFACE> # 👈 from the other namespace

Find the step-by-step example to connect two network namespaces here.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages