CozyFex
Posts Tags Categories English
CozyFex

Contents

Network Namespace

CozyFex included in kubernetes k8s orchestration network
   1116 words   6 minutes 

Process Namespace

1

ps aux

1
2
3

USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root           1  0.0  0.1  21852 11328 ?        Ss   05:34   0:01 /sbin/init
root        1659  0.0  0.0    968     4 ?        Ss   05:34   0:00 /pause
PID
PID that is above, that is a process namespace.
In above example, 1 and 1659.

Network Namespace

Routing Table
A Routing Table, or RIB(Routing Information Base), is a data table stored in a router or a network host that lists the routes to particular network destinations, and in some cases, metrics (distances) associated with those routes.
ARP Table
ARP(Address Resolution Protocol) is the method for finding a host’s Link Layer (MAC) address when only its IP address is known.

Create Network NS

1

ip netns add red
/network-namespace/network-ns-red.png
1

ip netns add blue
/network-namespace/network-ns-red-and-blue.png
1
2
3
4

ip netns

red
blue

Execute in Network NS

Check Ethernet List

1

ip link

1
2

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc state UP mode DEFAULT qlen 1000 link/ether 02:42:ac:11:00:08 brd ff:ff:ff:ff:ff:ff

Execute as a NS

1
2
3
4
5
6
7

# Full Command
ip netns exec red ip link

# Short Command
ip -n red link

# 'netns exec red ip' = '-n red'
arp
1
2
3
4
5

# Default NS
arp

# red NS
ip netns exec red arp

1
2
3
4
5

Address         HWtype      HWaddress           Flags   Mask    Iface
172.17.0.21     ether       02:42:ac:11:00:15   C               eth0
172.16.0.8      ether       06:fe:d3:b5:59:65   C               eth0
_gateway        ether       02:42:d5:7a:84:8e   C               eth0
host01          ether       02:42:ac:11:00:1c   C               eth0

route

1
2
3
4
5

# Default NS
route

# red NS
ip netns exec red route

1
2
3
4
5

Kernel IP routing table
Destination     Gateway     Genmask         Flags   Metric  Ref Use Iface
default         _gateway    0.0.0.0         UG      202     0   0   eth0
172.17.0.0      0.0.0.0     255.255.0.0     U       202     0   0   eth0
172.17.0.0      0.0.0.0     255.255.255.0   U       0       0   0   docker0

Virtual Ethernet

Create veth

1

ip link add veth-red type veth peer name veth-blue
/network-namespace/network-ns-veth-red-blue.png

Set veth-red to NS red

1

ip link set veth-red netns red
/network-namespace/network-ns-veth-red.png

Set veth-blue to NS blue

1

ip link set veth-blue netns blue
/network-namespace/network-ns-veth-blue.png

Assign IP to Virtual Ethernet

1
2

ip -n red addr add 192.168.15.1 dev veth-red
ip -n blue addr add 192.168.15.2 dev veth-blue
/network-namespace/network-ns-ip.png

Bring Virtual Ethernet Up

1
2

ip -n red  link set veth-red up
ip -n blue link set veth-blue up
/network-namespace/network-ns-up.png

Ping

1
2
3
4

ip netns exec red ping 192.168.15.2

PING 192.168.15.2 (192.168.15.2) 56(84) bytes of data.
64 bytes from 192.168.15.2: icmp_seq=1 ttl=64 time=0.026 ms

ARP

red ARP

1

ip netns exec red arp

1
2

Address         HWtype  HWaddress           Flags   Mask    Iface
192.168.15.2    ether   ba:b0:6d:68:09:e9   C               veth-red
red ARP Table
IPMAC
192.168.15.2ba:b0:6d:68:09:e9

blue ARP

1

ip netns exec blue arp

1
2

Address         HWtype  HWaddress           Flags   Mask    Iface
192.168.15.1    ether   7a:9d:9b:c8:3b:7f   C               veth-blue
blue ARP Table
IPMAC
192.168.15.17a:9d:9b:c8:3b:7f

Host ARP

1

arp

1
2
3

Address       HWtype    HWaddress           Flags   Mask    Iface
192.168.1.3   ether     52:54:00:12:35:03   C               eth0
192.168.1.4   ether     52:54:00:12:35:04   C               eth0
Host ARP Table
IPMAC
192.168.1.352:54:00:12:35:03
192.168.1.452:54:00:12:35:04

Linux Bridge

Add Bridge

1

ip link add v-net-0 type bridge
/network-namespace/network-ns-bridge.png

State Bridge

1

ip link

1
2
3
4
5
6

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 02:0d:31:14:c7:a7 brd ff:ff:ff:ff:ff:ff
6: v-net-0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 06:9d:69:52:6f:61 brd ff:ff:ff:ff:ff:ff
Bridge
You can see state DOWN.

Active Bridge

1

ip link set dev v-net-0 up
/network-namespace/network-ns-bridge-up.png

Delete Virtual Ethernet

1

ip -n red link del veth-red
/network-namespace/network-ns-bridge-without-veth.png

Create Virtual Ethernet

Red Bridge Virtual Ethernet

1

ip link add veth-red type veth peer name veth-red-br
/network-namespace/network-ns-bridge-red-veth.png

Blue Bridge Virtual Ethernet

1

ip link add veth-blue type veth peer name veth-blue-br
/network-namespace/network-ns-bridge-blue-veth.png

Connect veth-red to NS red

1

ip link set veth-red netns red
/network-namespace/network-ns-bridge-red-veth-red.png

Connect veth-red-br to Bridge v-net-0

1

ip link set veth-red-br master v-net-0
/network-namespace/network-ns-bridge-red-br.png

Connect veth-blue to NS blue

1

ip link set veth-blue netns blue
/network-namespace/network-ns-bridge-blue-veth-blue.png

Connect veth-blue-br to Bridge v-net-0

1

ip link set veth-blue-br master v-net-0
/network-namespace/network-ns-bridge-blue-br.png

Assign IP to Virtual Ethernet

1
2

ip -n red addr add 192.168.15.1 dev veth-red
ip -n blue addr add 192.168.15.2 dev veth-blue
/network-namespace/network-ns-bridge-ip.png

Bring Virtual Ethernet Up

1
2

ip -n red link set veth-red up
ip -n blue link set veth-blue up
/network-namespace/network-ns-bridge-veth-up.png

Assign IP to v-net-0

Ping Test

1
2
3

ping 192.168.15.1

Not Reachable!

Assign IP

1

ip addr add 192.168.15.5/24 dev v-net-0
/network-namespace/network-ns-bridge-net-ip.png

Ping Test Again

1
2
3
4

ping 192.168.15.1

PING 192.168.15.1 (192.168.15.1) 56(84) bytes of data.
64 bytes from 192.168.15.1: icmp_seq=1 ttl=64 time=0.026 ms

LAN(Local Area Network)

LAN Diagram

/network-namespace/network-ns-bridge-base.png

NS blue to LAN

Check Connection

1
2
3

ip netns exec blue ping 192.168.1.3

Connect: Network is unreachable

1
2
3
4

ip netns exec blue route

Destination   Gateway   Genmask         Flags   Metric  Ref   Use   Iface
192.168.15.0  0.0.0.0   255.255.255.0   U       0       0     0     veth-blu

Add Route(Gateway) to NS blue

1
2
3
4
5

ip netns exec blue ip route add 192.168.1.0/24 via 192.168.15.5 

Destination   Gateway         Genmask         Flags   Metric  Ref   Use   Iface
192.168.15.0  0.0.0.0         255.255.255.0   U       0       0     0     veth-blu
192.168.1.0   192.1168.15.5   255.255.255.0   UG      0       0     0     veth-blu
/network-namespace/network-ns-bridge-gateway.png

Ping NS blue to LAN

1
2
3

ip netns exec blue ping 192.168.1.3

PING 192.168.1.3 (192.168.1.3) 56(84) bytes of data.

Add NAT

1

iptables -t nat -A POSTROUTING -s 192.168.15.0/24 -j MASQUERADE
/network-namespace/network-ns-bridge-nat.png

Ping NS blue to LAN Again

1
2
3
4
5

ip netns exec blue ping 192.168.1.3

PING 192.168.1.3 (192.168.1.3) 56(84) bytes of data.
64 bytes from 192.168.1.3: icmp_seq=1 ttl=63 time=0.587 ms
64 bytes from 192.168.1.3: icmp_seq=2 ttl=63 time=0.466 ms

NS blue to WAN

Ping NS blue to WAN

1
2
3

ip netns exec blue ping 8.8.8.8

Connect: Network is unreachable

Check NS blue Route

1
2
3
4
5

ip netns exec blue route

Destination     Gateway         Genmask         Flags   Metric  Ref   Use   Iface
192.168.15.0    0.0.0.0         255.255.255.0   U       0       0     0     veth-blue
192.168.1.0     192.168.15.5    255.255.255.0   UG      0       0     0     veth-blue

Add Default Gateway

1

ip netns exec blue ip route add default via 192.168.15.5
/network-namespace/network-ns-bridge-default-gateway.png
1
2
3
4
5
6

ip netns exec blue route

Destination     Gateway         Genmask         Flags   Metric  Ref   Use   Iface
192.168.15.0    0.0.0.0         255.255.255.0   U       0       0     0     veth-blue
192.168.1.0     192.168.15.5    255.255.255.0   UG      0       0     0     veth-blue
Default         192.168.15.5    255.255.255.0   UG      0       0     0     veth-blue

Ping NS blue to WAN Again

1
2
3
4

ip netns exec blue ping 8.8.8.8

64 bytes from 8.8.8.8: icmp_seq=1 ttl=63 time=0.587 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=63 time=0.466 ms
Updated on 2021-05-29
Read Markdown
 kubernetesnetworknamespace
Back | Home