Introduction to network namespace and the process of connecting two network namespaces

Introduction

A network namespace is a powerful feature of Linux. In Linux, a network namespace is a way to create separate and isolated networks within a single computer. It’s like having multiple virtual networks on the same machine. It allows different processes or groups of processes to have their own independent network stacks, network interfaces, IP addresses, routing tables, and other network-related resources.

Network namespaces are commonly used in scenarios such as containerization and virtualization to provide network-level isolation for different applications, services, or containers running on the same host. By utilizing network namespaces, you can create isolated network environments for each container or application, preventing them from interfering with each other or accessing resources they shouldn’t.

Objectives

Your objective is to create two network namespaces and connect them with a virtual ethernet cable. In this process, you have to do the following steps

1. Create the network namespaces
2. Create the virtual Ethernet interfaces and link them
3. Move each end of the virtual Ethernet pair into their respective namespaces
4. Configure IP addresses for the virtual ethernet interfaces
5. Enable the virtual Ethernet interfaces
6. Test connectivity

Create the network namespaces

sudo ip netns add <namespace-name-1>
sudo ip netns add <namespace-name-2>

Replace <namespace-name-1> and <namespace-name-2>with the actual name of the namespaces, you want to create.

If want to check wheater namespaces are created or not you can run the following command:

sudo ip netns list

In case you want to delete a namespace you can run the following command:

sudo ip netns delete <namespace-name>

Replace <namespace-name> with the actual name of the namespace, you want to delete.

Create the virtual Ethernet interfaces and link them

sudo ip link add <virtual-ethernet-interface-1> type veth peer name <virtual-ethernet-interface-2>

Replace <virtual-ethernet-interface-1> and <virtual-ethernet-interface-2> with the actual name of the virtual ethernets.

You can verify whether the virtual ethernet (veth) pair was created or not using this command:

ip link list

now you will see a pair of veth interfaces (using the names you assigned in the command above) listed there. Right now, they both belong to the “default” or “global” namespace. You need to move each end of the virtual ethernet pair into their respective namespaces.

Move each end of the virtual ethernet pair into their respective namespaces

sudo ip link set <virtual-ethernet-interface-1> netns <namespace-name-1>
sudo ip link set <virtual-ethernet-interface-2> netns <namespace-name-2>

Replace <virtual-ethernet-interface-1> with the first virtual ethernet interface and <virtual-ethernet-interface-2> with the second virtual ethernet interface.

Replace<namespace-name-1> with the first namespace and <namespace-name-2>with the second namespace.

If you want to verify whether each virtual ethernet interface is connected to the correct namespace or not sudo ip link list the command will not work. Because sudo ip link list the command shows the ethernet interface in the current namespace. So, you will not see the newly created virtual ethernet interfaces. To see them you have to run the following command :

sudo ip netns exec <namespace-name-1> ip link list
sudo ip netns exec <namespace-name-2> ip link list

Replace <namespace-name-1> and <namespace-name-2>with the actual name of the namespaces.

Configure IP addresses for the virtual ethernet interfaces

sudo ip netns exec <namespace-name-1> ip addr add 192.168.1.1/24 dev <virtual-ethernet-interface-1>
sudo ip netns exec <namespace-name-2> ip addr add 192.168.1.2/24 dev <virtual-ethernet-interface-2>

Replace <virtual-ethernet-interface-1> with the first virtual ethernet interface and <virtual-ethernet-interface-2> with the second virtual ethernet interface.

Replace<namespace-name-1> with the first namespace and <namespace-name-2>with the second namespace.

Enable the virtual Ethernet interfaces

sudo ip netns exec <namespace-name-1> ip link set <virtual-ethernet-interface-1> up
sudo ip netns exec <namespace-name-2> ip link set <virtual-ethernet-interface-2> up

Replace <virtual-ethernet-interface-1> with the first virtual ethernet interface and <virtual-ethernet-interface-2> with the second virtual ethernet interface.

Replace<namespace-name-1> with the first namespace and <namespace-name-2>with the second namespace.

Test connectivity

sudo ip netns exec <namespace-name-1> ping <ip-address>

Replace<namespace-name-1> with the first namespace and <ip-address>with the IP address of the second namespace.

If you see the following response then the namespace is communicating properly.

PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.030 ms
64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=0.059 ms
64 bytes from 192.168.1.2: icmp_seq=3 ttl=64 time=0.058 ms
64 bytes from 192.168.1.2: icmp_seq=4 ttl=64 time=0.066 ms
64 bytes from 192.168.1.2: icmp_seq=5 ttl=64 time=0.097 ms
64 bytes from 192.168.1.2: icmp_seq=6 ttl=64 time=0.065 ms
64 bytes from 192.168.1.2: icmp_seq=7 ttl=64 time=0.057 ms
64 bytes from 192.168.1.2: icmp_seq=8 ttl=64 time=0.057 ms
64 bytes from 192.168.1.2: icmp_seq=9 ttl=64 time=0.057 ms
64 bytes from 192.168.1.2: icmp_seq=10 ttl=64 time=0.063 ms
64 bytes from 192.168.1.2: icmp_seq=11 ttl=64 time=0.064 ms
64 bytes from 192.168.1.2: icmp_seq=12 ttl=64 time=0.064 ms
64 bytes from 192.168.1.2: icmp_seq=13 ttl=64 time=0.058 ms

Conclusion

Probably you have understood what is Linux namespace and how to create it. Now you are also familiar with some operations on the Linux namespace.