Location>code7788 >text

Linux netns usage summary

Popularity:5 ℃/2024-08-06 14:16:45

Linuxnetns(Network Namespace) is a powerful network isolation function provided by the Linux kernel, which can create multiple independent network spaces, each space has its own independent network stack, including network interfaces (network cards), routing tables, iptables rules and so on. This isolation mechanism allows different applications or services to run in a network environment without interfering with each other, improving system security and flexibility. The following is a description of thenetnsA detailed summary and example illustration of the

One,netnsBasic concepts and characteristics of

  • Basic Concepts:netnsis a network namespace mechanism provided by the Linux kernel to enable isolation of network resources.
  • Features:
    • Isolated: differentnetnsThey are completely isolated from each other and do not have direct access to each other's network resources.
    • Independence: eachnetnsAll have their own separate network stacks, including network interfaces, routing tables, iptables rules, and so on.
    • Flexibility: can be created, deleted and modified as needednetns, to suit different application scenarios.

Two,netnsThe way it is used

netnsThe use of this is mainly through theipcommandnetnssubcommands to manage. The following are some commonly usedip netnsCommand:

  • View Allnetnsip netns list
  • establishnetnsip netns add <name>
  • removingnetnsip netns del <name>
  • existnetnsin which the command is executed:ip netns exec <name> <command>

Three,netnsExamples of illustrations

The following is an example of how to use thenetnsExample of creating and configuring a network isolation environment:

  1. Create twonetns

    ip netns add ns0  
    ip netns add ns1
  2. Add and configure a virtual NIC:
    First, two virtual NICs need to be added (e.g., using thetun/tapequipment orvethpair) and configure the IP address. Here is an example of avethPair of examples:
    ip link add name veth0 type veth peer name veth1  
    ip link set veth0 up  
    ip link set veth1 up  
    ip addr add 10.0.0.1/24 dev veth0  
    ip addr add 10.0.0.2/24 dev veth1
  3. Move the virtual NIC to a differentnetns
    ip link set veth0 netns ns0  
    ip link set veth1 netns ns1
  4. existnetnsConfigure the network interface in the
    As a result of moving the network interface tonetnsAfter that, its state is reset, so it needs to be reset in thenetnsThe network interface is reconfigured in the
    ip netns exec ns0 ip link set veth0 up  
    ip netns exec ns0 ip addr add 10.0.0.1/24 dev veth0  
    ip netns exec ns1 ip link set veth1 up  
    ip netns exec ns1 ip addr add 10.0.0.2/24 dev veth1
  5. Test network isolation:
    On the host machine, try pinging twonetnsin the IP address, you will find that you can't ping it (because the network is isolated). Then, after thenetnsExecute the ping command internally to test network connectivity:
    ip netns exec ns0 ping 10.0.0.2  # Unable to ping
    ip netns exec ns1 ping10.0.0.1  # Unable to ping
    ip netns exec ns0 ping10.0.0.1  # existns0centerpingoneself,be capable ofpingclassifier for frequency of telegrams, phone calls

Four,netnsscenarios

netnsIt is widely used in scenarios that require network isolation, such as:

  • Container technology: e.g. Docker is based onnetnsThe network isolation implemented, where each container runs on its ownnetnsCenter.
  • Virtualization technology: In a virtualized environment, it is possible to use thenetnsProvide separate network environments for different virtual machines.
  • Web Testing: When developing or testing web applications, you can use thenetnsSimulate different network environments.

In conclusion.netnsis a very useful network isolation mechanism in Linux that provides flexible, secure, and efficient network environment management capabilities.