{"id":116,"date":"2013-11-13T21:08:01","date_gmt":"2013-11-13T20:08:01","guid":{"rendered":"http:\/\/www.opencloudblog.com\/?p=116"},"modified":"2021-01-17T13:18:24","modified_gmt":"2021-01-17T12:18:24","slug":"linux-network-namespaces-background","status":"publish","type":"post","link":"https:\/\/www.opencloudblog.com\/?p=116","title":{"rendered":"Linux Network Namespaces – Background"},"content":{"rendered":"

Namespaces<\/h1>\n

Managing network namespaces using the ip command is the prefered way. It is helpful to understand, what’s going on in the (kernel) background.<\/p>\n

If you create two network namespaces using<\/p>\n

ip netns add ns1\r\nip netns add ns2<\/pre>\n
you find to entries in the directory \/var\/run\/netns\/<\/p>\n
ls -la \/var\/run\/netns\/\r\ntotal 0\r\ndrwxr-xr-x  2 root root   80 Sep 19 22:18 .\r\ndrwxr-xr-x 39 root root 1500 Sep 19 22:18 ..\r\n-r--r--r--  1 root root    0 Sep 19 22:18 ns1\r\n-r--r--r--  1 root root    0 Sep 19 22:18 ns2<\/pre>\n
Each process has an unique inode assigned. This inode makes it possible to check, if two processes belongs to a name namespace. Look in \/proc\/self\/ns\/<\/strong>\u00a0\u00a0to the entry net<\/strong>:<\/p>\n
root:~# ls -la \/proc\/self\/ns\/\r\n...\r\nlrwxrwxrwx 1 root root 0 Sep 19 22:36 net -> net:[4026531956]\r\n...\r\n\r\nroot:~# ip netns exec ns1 ls -la \/proc\/self\/ns\/\r\n...\r\nlrwxrwxrwx 1 root root 0 Sep 19 22:37 net -> net:[4026532399]\r\n...\r\n\r\nroot:~# ip netns exec ns2 ls -la \/proc\/self\/ns\/\r\n...\r\nlrwxrwxrwx 1 root root 0 Sep 19 22:41 net -> net:[4026532485]\r\n...<\/pre>\n
The shell process, which we are using and the namespaces ns1 and ns2 have different net:[] inodes assigned. These inodes are the inodes of the entries in \/var\/run\/netns\/ . If this is the default network namespace you will not see an entry.<\/p>\n
Network namespaces might also be assigned to PIDs.<\/p>\n
Newer versions if ip have the commands ip netns identify PID<\/strong> (This command walks through \/var\/run\/netns and finds all the network namespace names for network namespace of the specified process) and ip netns pids NAME<\/strong> (This command walks through proc and finds all of the process who have the named network namespace as their primary network namespace).<\/p>\n
A cat \/proc\/self\/mounts<\/strong> shows the total number of network namespaces in the system:<\/p>\n
cat \/proc\/self\/mounts\r\n...\r\nmany lines cut\r\n...\r\nproc net:[4026532399] proc rw,nosuid,nodev,noexec,relatime 0 0\r\nproc net:[4026532485] proc rw,nosuid,nodev,noexec,relatime 0 0\r\n\r\nThe two lines above show that there are two network namespaces active in the system<\/pre>\n
If you exectute the same command in a network namespace using ip netns exec ns1 cat \/proc\/self\/mounts<\/strong> you get:<\/p>\n
ip netns exec ns1 cat \/proc\/self\/mounts\r\n...\r\nmany lines cut \r\n...\r\nproc net:[4026532399] proc rw,nosuid,nodev,noexec,relatime 0 0\r\nproc net:[4026532485] proc rw,nosuid,nodev,noexec,relatime 0 0\r\n...\r\nns1 \/sys sysfs rw,relatime 0 0\r\n\r\nthe last line shows the network namespace of the current process<\/pre>\n
\u00a0Interfaces<\/h1>\n
If you create a veth pair and assign one side to ns1 and the other sinde to ns2 using the commands<\/p>\n
ip link add veth-a type veth peer name veth-b\r\nip link set veth-a netns ns1\r\nip link set veth-b netns ns2<\/pre>\n
Interfaces may also be assigned to a process:<\/p>\n
# create a veth pair\r\n# assign the other side to PID 1234\r\n#\r\nip link add veth-e type veth peer name veth-f netns 1234<\/pre>\n
This attaches the interface veth-f not only to PID 1234, it attaches the interface to the network namespace to which the process 1234 is belonging to. The network namespace survives, even if the process terminates.<\/p>\n
How do you find the namespaces to which the interface are belonging to?<\/p>\n
How do you find all interfaces in your system and the mapping to network namespaces\/pids?<\/p>\n
 <\/p>\n
<\/h2>\n","protected":false},"excerpt":{"rendered":"
Namespaces Managing network namespaces using the ip command is the prefered way. It is helpful to understand, what’s going on in the (kernel) background. If you create two network namespaces using ip netns add ns1 ip netns add ns2 you find to entries in the directory \/var\/run\/netns\/ ls -la \/var\/run\/netns\/ total 0 drwxr-xr-x 2 root […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"_links":{"self":[{"href":"https:\/\/www.opencloudblog.com\/index.php?rest_route=\/wp\/v2\/posts\/116"}],"collection":[{"href":"https:\/\/www.opencloudblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.opencloudblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.opencloudblog.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.opencloudblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=116"}],"version-history":[{"count":15,"href":"https:\/\/www.opencloudblog.com\/index.php?rest_route=\/wp\/v2\/posts\/116\/revisions"}],"predecessor-version":[{"id":237,"href":"https:\/\/www.opencloudblog.com\/index.php?rest_route=\/wp\/v2\/posts\/116\/revisions\/237"}],"wp:attachment":[{"href":"https:\/\/www.opencloudblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.opencloudblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.opencloudblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}