Linux 101 : Network namespaces

Namespaces are used to have isolated "compartments" for different resources within the same host.

We use process namespaces to isolate processes, networking namespaces to isolate networking stacks, ...

Creating a network namespace on the host:

Network namespaces are connected through a virtual cable called a "veth pair" or virtual Ethernet.

Below, we can see the network namespace "net_namespace" connected to the host' s default network namespace.

We create a network namespace using the below command:

We check the network interfaces in our namespace using the below command:

The above command is equivalent to this one:

We can only see the loopback interface after executing the command "ip link" inside the "net_namespace" network namespace.

Remark:

The ethernet interface of the host is not visible from within the "net_namespace" network namespace.

The virtual Ethernet pair:

A virtual Ethernet pair can be compared to a virtual Ethernet cable with two ends ( veth_host and veth_ns ) as we can see in our above diagram.

We create our virtual cable using the below command:

We connect one end of the cable veth_ns to the "net_namespace" namespace:

And we assign to our virtual adapter veth_ns an IP address in the namespace "net_namespace":

We could also use the below commands, they are equivalent to the above command:

We also assign the other end of the virtual cable an IP address:

We could also use the below commands, they are equivalent to the above command:

We can test our connection by pinging the "veth_ns" interface from our host's default network namespace:

Displaying the network interfaces:

The below command displays the network interface veth_ns inside the "net_namespace" namespace:

On the host, we display the "veth_host" interface using the below command:

IT hands-on