Differences

This shows you the differences between two versions of the page.

--- network_namespaces [2018/08/19 08:51] – [Overview] rpjday
+++ network_namespaces [2018/08/19 16:24] (current) – [Roman Mashak] rpjday
@@ Line 3: / Line 3: @@
 How to use network namespaces and ''ip netns'' to tie two ports together in order to ping out one port and to the other.
-Updated links:
+Links:
   * [[http://man7.org/linux/man-pages/man8/ip-netns.8.html|ip-netns (8) man page]]
   * [[https://blog.scottlowe.org/2013/09/04/introducing-linux-network-namespaces/|Introducing Linux Network Namespaces (Scott Lowe's Blog, Sep 2013)]]
+  * [[http://www.opencloudblog.com/?p=42|Linux Network Namespaces (Open Cloud Blog, Sep 2013)]]
+  * [[https://lwn.net/Articles/580893/|Namespaces in operation, part 7: Network namespaces (LWN.net, Jan 2014)]]
+    * [[https://lwn.net/Articles/531114/#series_index|Full namespace series]]
   * [[https://serverfault.com/questions/568839/linux-network-namespaces-ping-fails-on-specific-veth|Linux network namespaces - ping fails on specific veth (Server Fault, 2014)]]
+  * [[https://www.slideshare.net/MikeWilson35/linux-network-namespaces|Linux network namespaces (Mike Wilson Slideshare (Aug 2015)]]
+  * [[https://www.dasblinkenlichten.com/an-introduction-to-network-namespaces/|An introduction to network namespaces (Das Blinken Lichten, Oct 2015)]]
   * [[https://blogs.igalia.com/dpino/2016/04/10/network-namespaces/|Network namespaces (Unweaving the web, Apr 2016)]]
+  * [[http://abregman.com/2016/09/29/linux-network-namespace/|Linux: Network Namespace (Arie Bregman, Sep 2016}]]
+  * [[https://unix.stackexchange.com/questions/391193/how-to-forward-traffic-between-linux-network-namespaces|How to forward traffic between Linux network namespaces? (Stack Exchange, 2017)]]
+  * [[https://docs.openstack.org/neutron/pike/admin/intro-network-namespaces.html|Network namespaces (OpenStack, Aug 2018)]]
+  * [[https://docker-k8s-lab.readthedocs.io/en/latest/docker/netns.html|Linux Network Namespace Introduction (Docker Kubernetes Lab)]]
-Links:
-  * [[http://abregman.com/2016/09/29/linux-network-namespace/|Linux: Network Namespace (Arie Bregman, 2016)]]
-  * [[http://www.opencloudblog.com/?p=42|Linux Networking Namespaces (Open Cloud Blog, 2013)]]
-  * [[https://lwn.net/Articles/580893/|Namespaces in operation, part 7: Network namespaces (LWN.net, 2014)]]
-    * [[https://lwn.net/Articles/531114/#series_index|Full namespace series]]
 ===== man ip-netns =====
@@ Line 89: / Line 92: @@
 Namespaces is a good solution. Something like this should work:
-ip netns add namespace1
+ip netns add ns1
-ip netns add namespace2
+ip netns add ns2
-ip link set eth1 netns namespace1
+ip link set eth1 netns ns1
-ip link set eth2 netns namespace2
+ip link set eth2 netns ns2
-ip netns exec namespace1 \
+ip netns exec ns1 \
         ip addr add 10.42.42.42/24 dev eth1
-ip netns exec namespace1 \
+ip netns exec ns1 \
         ip link set eth1 up
-ip netns exec namespace2 \
+ip netns exec ns2 \
         ip addr add 10.42.42.24/24 dev eth2
-ip netns exec namespace2 \
+ip netns exec ns2 \
         ip link set eth2 up
-ip netns exec namespace1 \
+ip netns exec ns1 \
         ping 10.42.42.24
@@ Line 120: / Line 123: @@
 the same without involving namespaces. It's a bit hackish but sometimes
 convenient. I can dig if someone is interested.
+</code>
+==== Roman Mashak ====
+<code>
+I used this in the past to test dual-port NIC over loopback cable, you
+will need to ajust the script:
+#!/bin/bash -x
+ip="sudo $HOME/bin/ip"
+eth1=192.168.2.100
+eth2=192.168.2.101
+dev1=eth1
+dev2=eth2
+dev1mac=00:1b:21:9b:24:b4
+dev2mac=00:1b:21:9b:24:b5
+# fake client interfaces and addresses
+dev=dummy0
+dev_mac=00:00:00:00:00:11
+# max fake clients supported for simulation
+maxusers=3
+## Create dummy device
+## Accepted parameters:
+##    $1 - devname
+##    $2 - devmac
+##    $3 - subnet (e.g. 10.10.10)
+##    $4 - max number of IP addresses to create on interface
+setup_dummy()
+{
+#   sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
+   # Enable tc hardware offload
+#   ethtool -K $SGW_DEV hw-tc-offload on
+   $ip link add $1 address $2 type dummy
+   $ip link set $1 up
+   for i in `seq 1 $4`;
+   do
+      $ip addr add $3.$i/32 dev $1
+   done
+}
+## Delete dummy device
+## Accepted parameters:
+##    $1 - devname
+delete_dummy()
+{
+  $ip link del $1 type dummy
+}
+setup_network()
+{
+  # Send traffic eth3 <-> eth4 over loopback cable, where both interfaces
+  # eth3 and eth4 are in the same subnet.
+  #
+  # We assume that NetworkManager is not running and eth3/eth4 are configured
+  # via /etc/network/interfaces:
+  #
+  # 192.168.1.100/32 dev eth3
+  # 192.168.1.101/32 dev eth4
+  #
+  # Specify source IP address when sending the traffic:
+  # ping -I 192.168.1.100 192.168.1.101
+  #
+  #
+  $ip neigh add $eth2 lladdr $dev2mac nud permanent dev $dev1
+  $ip neigh add $eth1 lladdr $dev1mac nud permanent dev $dev2
+  $ip route add table main $eth1 dev $dev2
+  $ip route add table main $eth2 dev $dev1
+  $ip rule add from all lookup local pref 100
+  $ip rule del pref 0
+  $ip rule add from $eth2 to $eth1 iif $dev1 lookup local pref 1
+  $ip rule add from $eth1 to $eth2 iif $dev2 lookup local pref 2
+  $ip rule add from $eth2 to $eth1 lookup main pref 3
+  $ip rule add from $eth1 to $eth2 lookup main pref 4
+#  $ip rule add from 10.10.10.0/24 to $eth1 iif $dev1 lookup local pref 5
+#  $ip rule add from 10.10.10.0/24 to $eth2 iif $dev2 lookup local pref 6
+#  $ip rule add from $eth1 to 10.10.10.0/24 iif $dev2 lookup local pref 7
+#  $ip rule add from $eth2 to 10.10.10.0/24 iif $dev1 lookup local pref 8
+}
+restore_network()
+{
+  # FIX: hangs connections
+  $ip rule flush
+  $ip rule add priority 32767 lookup default
+}
+#delete_dummy dummy0
+#delete_dummy dummy1
+#setup_dummy dummy0 00:00:00:00:00:11 10.10.10 3
+#setup_dummy dummy1 00:00:00:00:00:22 20.20.20 3
+setup_network
 </code>