Linux namespaces are mostly use in container technologies. They very usefully, efficient and fast to deploy.
Before I using Docker, I use namespaces for isolating internal applications is not accessible from outside, creating multiple getaway and client on flat network which is not capable to vlan, NAT46-NAT64 implementations, and my own research which is Multi Geolocation Gateway service.
I also start to use namespaces for testing purpose, due to having not enough physical hardware.
Controlling Network NameSpaces with IProute2
Before starting , you can use
docker run -it --rm --privileged ahmetozer/cna command for creating and using temporarily test environment.
Creating Network Namespace
Let assume that we want to test Geneve tunnel. We need a two computer but don’t have it. So we can create a two network namespace.
To creating, we are use add argument.
ip netns add computer1 ip netns add computer2
Connecting Network Namespaces with VETH
Namespaces are ready but they are not have a connection to each other.
Of course we don’t have to thing about UTP cable specifications while using virtual environment 🙂.
The namespaces are connected each other with virtual Ethernet devices also we called as veth. There are two type and four information are required while creating. They are namespace names and virtual ethernet device names. Scheme of command is like,
ip link add [virtual ethernet device name 1] netns [namespace name 1] type veth peer name [virtual ethernet device name 2] netns [namespace name 2]
In this experimentation we are use bellow command to connecting two different namespace.
ip link add eth1 netns computer1 type veth peer name eth1 netns computer2
Setting Up VETH
Now they are connected and virtual interfaces are ready to configuration. To configuration, we have to switch from main network to namespace. With ip netns exec command, we can jump into namespace.
ip netns exec [namespace name] [executed command]
ip netns exec computer1 ifconfig eth1 198.51.100.1 up ip netns exec computer2 ifconfig eth1 198.51.100.2 up
Start to testing
Lets create a Geneve interfaces for testing.
ip netns exec computer1 ip link add name geneve0 type geneve id 1 remote 198.51.100.2 ip netns exec computer1 ifconfig geneve0 192.0.2.1 up ip netns exec computer2 ip link add name geneve0 type geneve id 1 remote 198.51.100.1 ip netns exec computer2 ifconfig geneve0 192.0.2.2 up
Everything is ready, lets try to ping from namespace-1 over geneve to namespace-2.
ip netns exec computer1 bash ping 192.0.2.2 -c 5 traceroute 192.0.2.2 exit
[email protected]:~# ip netns exec computer1 bash [email protected]:~# ping 192.0.2.2 -c 5 PING 192.0.2.2 (192.0.2.2) 56(84) bytes of data. 64 bytes from 192.0.2.2: icmp_seq=1 ttl=64 time=0.048 ms 64 bytes from 192.0.2.2: icmp_seq=2 ttl=64 time=0.095 ms 64 bytes from 192.0.2.2: icmp_seq=3 ttl=64 time=0.091 ms 64 bytes from 192.0.2.2: icmp_seq=4 ttl=64 time=0.101 ms 64 bytes from 192.0.2.2: icmp_seq=5 ttl=64 time=0.094 ms --- 192.0.2.2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4152ms rtt min/avg/max/mdev = 0.048/0.085/0.101/0.019 ms [email protected]:~# traceroute 192.0.2.2 traceroute to 192.0.2.2 (192.0.2.2), 30 hops max, 60 byte packets 1 192.0.2.2 (192.0.2.2) 0.310 ms 0.261 ms 0.215 ms [email protected]:~# exit exit
Deleting Network NameSpaces
When the your test or work is done, The namespaces are can be easily to remove with just single command.
ip netns del [namespace name]
ip netns del computer1 ip netns del computer2
Moving interfaces into Namespace
You can also move physical or another virtual network interface to namespace with ip link set command
ip link set dev [interface name] netns [namespace name]
ip link set dev eth5 netns computer1 ip netns exec computer1 ifconfig eth5
Another Demo | Mesh Topology
I have project and it is again related to network. Before developing stage in phase 2 on my own project I want to test mesh network.
Here is automated script for creating Mesh Topology in Namespaces. Before testing I strictly recommend to run this script in container due to some kind issues.
You can execute iptraf-ng in test namespace and you can observe the experiment.
docker run -it --rm --privileged ahmetozer/cna curl https://gist.githubusercontent.com/ahmetozer/d01538327a98ed70cf04e48e89fe8c31/raw/mesh-topology-example.sh -o mesh-topology-example.sh ; chmod +x mesh-topology-example.sh ./mesh-topology-example.sh ip netns exec node-1 iptraf-ng
Stay safe, see you in next blog.