Network Prototyping with Linux Namespace

Linux namespaces are mostly use in container technologies. They very usefully, efficient and fast to deploy.

Before I using Docker, I use namespaces for isolating internal applications is not accessible from outside, creating multiple getaway and client on flat network which is not capable to vlan, NAT46-NAT64 implementations, and my own research which is Multi Geolocation Gateway service.

I also start to use namespaces for testing purpose, due to having not enough physical hardware.

Controlling Network NameSpaces with IProute2

Before starting , you can use docker run -it --rm --privileged ahmetozer/cna command for creating and using temporarily test environment.

Creating Network Namespace

Let assume that we want to test Geneve tunnel. We need a two computer but don’t have it. So we can create a two network namespace.
To creating, we are use add argument.

ip netns add computer1
ip netns add computer2

Connecting Network Namespaces with VETH

Namespaces are ready but they are not have a connection to each other.
Of course we don’t have to thing about UTP cable specifications while using virtual environment 🙂.
The namespaces are connected each other with virtual Ethernet devices also we called as veth. There are two type and four information are required while creating. They are namespace names and virtual ethernet device names. Scheme of command is like,

ip link add [virtual ethernet device name 1] netns [namespace name 1] type veth peer name [virtual ethernet device name 2] netns [namespace name 2]

In this experimentation we are use bellow command to connecting two different namespace.

ip link add eth1 netns computer1 type veth peer name eth1 netns computer2

Setting Up VETH

Now they are connected and virtual interfaces are ready to configuration. To configuration, we have to switch from main network to namespace. With ip netns exec command, we can jump into namespace.

ip netns exec [namespace name] [executed command]

ip netns exec computer1 ifconfig eth1 198.51.100.1 up
ip netns exec computer2 ifconfig eth1 198.51.100.2 up

Start to testing

Lets create a Geneve interfaces for testing.

ip netns exec computer1 ip link add name geneve0 type geneve id 1 remote 198.51.100.2
ip netns exec computer1 ifconfig geneve0 192.0.2.1 up
ip netns exec computer2 ip link add name geneve0 type geneve id 1 remote 198.51.100.1
ip netns exec computer2 ifconfig geneve0 192.0.2.2 up

Everything is ready, lets try to ping from namespace-1 over geneve to namespace-2.

ip netns exec computer1 bash
ping 192.0.2.2 -c 5
traceroute 192.0.2.2
exit

Demonstration.

[email protected]97ab8b00721:~# ip netns exec computer1 bash
[email protected]:~# ping 192.0.2.2 -c 5
PING 192.0.2.2 (192.0.2.2) 56(84) bytes of data.
64 bytes from 192.0.2.2: icmp_seq=1 ttl=64 time=0.048 ms
64 bytes from 192.0.2.2: icmp_seq=2 ttl=64 time=0.095 ms
64 bytes from 192.0.2.2: icmp_seq=3 ttl=64 time=0.091 ms
64 bytes from 192.0.2.2: icmp_seq=4 ttl=64 time=0.101 ms
64 bytes from 192.0.2.2: icmp_seq=5 ttl=64 time=0.094 ms

--- 192.0.2.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4152ms
rtt min/avg/max/mdev = 0.048/0.085/0.101/0.019 ms
[email protected]:~# traceroute 192.0.2.2
traceroute to 192.0.2.2 (192.0.2.2), 30 hops max, 60 byte packets
 1  192.0.2.2 (192.0.2.2)  0.310 ms  0.261 ms  0.215 ms
[email protected]:~# exit
exit

Deleting Network NameSpaces

When the your test or work is done, The namespaces are can be easily to remove with just single command.

ip netns del [namespace name]

ip netns del computer1
ip netns del computer2

Moving interfaces into Namespace

You can also move physical or another virtual network interface to namespace with ip link set command

ip link set dev [interface name] netns [namespace name]

ip link set dev eth5 netns computer1
ip netns exec computer1 ifconfig eth5

Another Demo | Mesh Topology

I have project and it is again related to network. Before developing stage in phase 2 on my own project I want to test mesh network.

Here is automated script for creating Mesh Topology in Namespaces. Before testing I strictly recommend to run this script in container due to some kind issues.

You can execute iptraf-ng in test namespace and you can observe the experiment.

docker run -it --rm --privileged ahmetozer/cna
curl https://gist.githubusercontent.com/ahmetozer/d01538327a98ed70cf04e48e89fe8c31/raw/mesh-topology-example.sh -o mesh-topology-example.sh ; chmod +x mesh-topology-example.sh
./mesh-topology-example.sh
ip netns exec node-1 iptraf-ng

Stay safe, see you in next blog.


© 2020 . All rights reserved.

Powered by Hydejack v7.5.0