Linuxnetns
(Network Namespace) is a powerful network isolation function provided by the Linux kernel, which can create multiple independent network spaces, each space has its own independent network stack, including network interfaces (network cards), routing tables, iptables rules and so on. This isolation mechanism allows different applications or services to run in a network environment without interfering with each other, improving system security and flexibility. The following is a description of thenetns
A detailed summary and example illustration of the
One,netns
Basic concepts and characteristics of
- Basic Concepts:
netns
is a network namespace mechanism provided by the Linux kernel to enable isolation of network resources. - Features:
- Isolated: different
netns
They are completely isolated from each other and do not have direct access to each other's network resources. - Independence: each
netns
All have their own separate network stacks, including network interfaces, routing tables, iptables rules, and so on. - Flexibility: can be created, deleted and modified as needed
netns
, to suit different application scenarios.
- Isolated: different
Two,netns
The way it is used
netns
The use of this is mainly through theip
commandnetns
subcommands to manage. The following are some commonly usedip netns
Command:
- View All
netns
:ip netns list
- establish
netns
:ip netns add <name>
- removing
netns
:ip netns del <name>
- exist
netns
in which the command is executed:ip netns exec <name> <command>
Three,netns
Examples of illustrations
The following is an example of how to use thenetns
Example of creating and configuring a network isolation environment:
-
Create two
netns
:ip netns add ns0 ip netns add ns1
- Add and configure a virtual NIC:
First, two virtual NICs need to be added (e.g., using thetun/tap
equipment orveth
pair) and configure the IP address. Here is an example of aveth
Pair of examples:ip link add name veth0 type veth peer name veth1 ip link set veth0 up ip link set veth1 up ip addr add 10.0.0.1/24 dev veth0 ip addr add 10.0.0.2/24 dev veth1
- Move the virtual NIC to a different
netns
:ip link set veth0 netns ns0 ip link set veth1 netns ns1
- exist
netns
Configure the network interface in the
As a result of moving the network interface tonetns
After that, its state is reset, so it needs to be reset in thenetns
The network interface is reconfigured in theip netns exec ns0 ip link set veth0 up ip netns exec ns0 ip addr add 10.0.0.1/24 dev veth0 ip netns exec ns1 ip link set veth1 up ip netns exec ns1 ip addr add 10.0.0.2/24 dev veth1
- Test network isolation:
On the host machine, try pinging twonetns
in the IP address, you will find that you can't ping it (because the network is isolated). Then, after thenetns
Execute the ping command internally to test network connectivity:ip netns exec ns0 ping 10.0.0.2 # Unable to ping ip netns exec ns1 ping10.0.0.1 # Unable to ping ip netns exec ns0 ping10.0.0.1 # existns0centerpingoneself,be capable ofpingclassifier for frequency of telegrams, phone calls
Four,netns
scenarios
netns
It is widely used in scenarios that require network isolation, such as:
- Container technology: e.g. Docker is based on
netns
The network isolation implemented, where each container runs on its ownnetns
Center. - Virtualization technology: In a virtualized environment, it is possible to use the
netns
Provide separate network environments for different virtual machines. - Web Testing: When developing or testing web applications, you can use the
netns
Simulate different network environments.
In conclusion.netns
is a very useful network isolation mechanism in Linux that provides flexible, secure, and efficient network environment management capabilities.