Back to blogs

Learn Network Namespaces

linux

In this blog, we gonna learn how network namespaces works.

First off, install openvswitch in your Ubuntu

apt-get update
apt-get install openvswitch-switch

Now let us create a namespace

ip netns add red
ip netns add blue

You can seen these new namespaces created at

ls /var/run/netns
red blue

In order to see the ip link at each namespaces

ip netns exec red ip link

1: lo: mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

Similar will be the case with the blue namespace

In order the red to communicate with blue namespace, they needs to connected via virtual switch. For this we use OVS.
We will first create a virtual bridge using Openswitch or Linux Bridge We will show both ways here.

First OpenSwitch

ovs-vsctl add-br OVS1

This will create a bridge named OVS1 with a default interface OVS1

Next to show the virtual switch

ovs-vsctl show
cf8eb0c9-306c-47ee-8149-a6caa10584ed
Bridge OVS1
Port OVS1
Interface OVS1
type: internal
ovs_version: "2.13.8"

Now in the root namespace or in the host if you issue “ip link” command you will see the interface OVS1 added

ip link

We have red, blue and OVS1 namespaces and now lets connect altogether, for this we veth interfaces. Veth acts like a pipe connecting
these namespaces

ip link add eth0-r type veth peer name veth-r
We will connect eth0-r in red namespace and veth-r in OVS1 namespace

ip link set eth0-r netns red
Now you no longer can see eth0-r in host or root namespace but it can be seen in the “red namespace” You can verify this by
“ip netns exec red ip link”

Now to add the other end to OVS issue the command

ovs-vsctl add-port OVS1 veth-r

The veth-r will be now in OVS1 switch

ip link set dev veth-r up #This is important

ovs-vsctl show
cf8eb0c9-306c-47ee-8149-a6caa10584ed
Bridge OVS1
Port OVS1
Interface OVS1
type: internal
Port veth-r
Interface veth-r
ovs_version: "2.13.8"

Let us repeat the entire steps for the blue namespace as well

ip link add eth0-b type veth peer name veth-b
ip link set eth0-b netns blue
ovs-vsctl add-port OVS1 veth-b

ip link set dev veth-b up #This is important

Now the network is set, but all the links are down and without an IP to communicate. So let’s follow the below steps

ip netns exec red ip link set dev lo up
ip netns exec red ip link set dev eth0-r up
ip netns exec red ip address add 10.0.0.1/24 dev eth0-r

Similar for blue

ip netns exec blue ip link set dev lo up
ip netns exec blue ip link set dev eth0-b up
ip netns exec blue ip address add 10.0.0.2/24 dev eth0-b

Instead of using ip netns exec blue/red We can directly enter the namespace of each by

ip netns exec blue/red bash and execute the ip link commands directly. You can type “exit” to get out of that
particular namespace.

Now try pinging

If you are going with Linux Bridge follow the below steps

ip link add linbr-0 type bridge

ip link add veth-red type veth peer name veth-red-br
ip link add veth-green type veth peer name veth-green-br
ip link set veth-red netns red
ip link set veth-red-br master linbr-0
ip link set veth-green netns green
ip link set veth-green-br master linbr-0
ip -n red addr add 10.0.0.1/24 dev veth-red
ip -n green addr add 10.0.0.2/24 dev veth-green
ip -n red link set veth-red up
ip link set veth-red-br up
ip -n green link set veth-green up
ip link set veth-green-br up
ip addr add 10.0.0.10/24 dev linbr-0
ip netns exec red bash
ping 10.0.0.2

Leave a Reply

Your email address will not be published. Required fields are marked *