IP Namespace

指令: ip netns

# Creates a network namespace

ip netns add vm1

P.S.

ip netns del netns0

# list of current named network namespaces

ip netns [ list ]

# switches ip to the specified network namespace NETNS.

-n, -netns <NETNS>

ip netns exec NETNS ip [ OPTIONS ] OBJECT { COMMAND | help }

相當於

ip -n[etns] NETNS [ OPTIONS ] OBJECT { COMMAND | help }

i.e. veth

(netns0) veth01 <-> veth01 (netns1)

# 建立兩個 namespace (netns0, netns1)

ip netns add netns0
ip netns add netns1

# 在兩個 namespace 內分別建立 veth01, veth10 pair

ip link add veth01 netns netns0 type veth peer name veth10 netns netns1
ip -n netns0 link set veth01 up
ip -n netns1 link set veth10 up

ip -n netns0 link

# 設定 IP

ip -n netns0 addr add 192.168.254.10/24 dev veth01
ip -n netns1 addr add 192.168.254.11/24 dev veth10

ip -n netns0 addr

ip netns exec netns0 ping 192.168.254.11

# 證明是一出一入

ip -n netns1 addr del 192.168.254.11/24 dev veth10
ip -n netns1 -s link show veth10

P.S.

ip netns pids NAME                   # Report processes in the named network namespace

Doc

man 8 ip-netns
man 8 ip-link

Namespace - ns_exec

Kernel Settings

CONFIG_SYSFS=n
CONFIG_NAMESPACES=y
CONFIG_NET_NS=y
CONFIG_VETH=y
CONFIG_MACVLAN=y

echo 1 > /proc/sys/net/ipv4/ip_forward

echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

Diagram

veth0(0.101) <---> veth1(0.102)

ip link add type veth <-- create veth0, veth1
(ip link add name FOO type veth peer name BAR)
ifconfig veth0 192.168.0.101/24 up
route add -host 192.168.0.102 dev veth0

In shell 1

ip link set veth1 netns $PID_OF_SHELL_2

In shell 2

ns_exec -nm -- /bin/bash

mount -t sysfs none /sys

ifconfig veth1 192.168.0.102/24 up

ifconfig lo up

ping 192.168.0.2

ip link delete veth0