Cloud-Ops by Marvellous

How to create a Linux network namespace.

Ezemba marvellous's photo
Ezemba marvellous
·

3 min read

This is just a simple illustration on how to create to network namespaces and linking them to a bridge network. The bridge network can also accomodate a large number of other network namespaces. The bridge network can also be used as a connectivity gateway to the internet for the network namespaces.

1. create two network namespaces namely net-ns-1 and net-ns-2 respectively then create a bridge network with the name net-bridge

sudo ip link add net-bridge type bridge

sudo ip netns add net-ns-1

sudo ip netns add net-ns-2

2 we set up our lo interface which was created by default in our namespaces and also set the bridge network up and assign an ip address to the bridge network only.

sudo ip link set net-bridge up

sudo ip netns exec net-ns-1 ip link set lo up

sudo ip netns exec net-ns-2 ip link set lo up

sudo ip addr add 192.168.1.1/24 dev net-bridge

3 create two veth interface for both namespaces

sudo ip link add veth-0 type veth peer name veth-1

sudo ip link add meth-0 type veth peer name meth-1

4 we link one pair of interface to the bridge network "net-bridge" then link the other pair tothe net work namespaces

sudo ip link set veth-0 master net-bridge sudo ip link set meth-0 master net-bridge

  1. we link the veth-1 to the net-ns-1 and link meth-1 to net-ns-2

    sudo ip link set veth-1 netns net-ns-1

    sudo ip link set meth-1 netns net-ns-2

  2. turn all networks on

    sudo ip netns exec net-ns-2 ip link set meth-1 up

    sudo ip netns exec net-ns-1 ip link set veth-1 up

    sudo ip link set veth-0 up sudo ip link set meth-0 up

  3. #6. add ip addresses to the network namespaces

    sudo ip netns exec net-ns-1 ip addr add 192.168.1.3/24 dev veth-1 sudo ip netns exec net-ns-2 ip addr add 192.168.1.4/24 dev meth-1

  4. to confirm that there's connectivity between the two network namespaces,ping both net-ns from their ip addresses,including the bridge network ip.

    sudo ip netns exec net-ns-1 ping 192.168.1.4 # net-ns-1 pinging net-ns-2 through ip address

  5. sudo ip netns exec net-ns-2 ping 192.168.1.3 # net-ns-2 pinging net-ns-1 through ip address

  6. #7. we set connectivity to the internet through the bridge-network sudo ip netns exec net-ns-1 ip route add default via 192.168.1.1 sudo ip netns exec net-ns-2 ip route add default via 192.168.1.1 #8 You will get error trying to ping the 8.8.8.8 default ip but we have to if traffic forwarding#is allowed

  7. sudo cat /proc/sys/net/ipv4/ip_forward #if it displays 0, edit the number to 1,but if it displays 1, leave it just the way it is. We proceed to set iptables rules to allow post routing.

  8. sudo iptables
    -t nat
    -A POSTROUTING
    -s 192.168.1.0/24 ! -o net-bridge
    -j MASQUERADE

  9. we can set iptables to allow network from outside trying to reach our private network namespace using iptables too.

    sudo iptables
    -t nat
    -A PREROUTING
    -d
    -p <protocol-type e.g tcp --dport <port-number
    -j DNAT --to-destination 192.168.1.3:5000

Linuxnetworkinglinux for beginners