Testing virtual interface inside a namespace

12 09 2016

One virtual interface (veth0/1) into one namespace (blue) with internet conectivity

– First of all, enable ip forward:

echo 1 > /proc/sys/net/ipv4/ip_forward

– Create the virtual ethernet interface, a veth pair, and bring one side up:

ip link add veth0 type veth peer name veth1
ip link set veth0 up

– Create the network namespace, called blue, in which the other side of the veth is going to reside:

ip netns add blue

– Put the corresponding veth side, veth1, into the namespace. Take into account that the other side, veth0, reside in the system namespace:

ip link set veth1 netns blue

– Configure the veth1 with an IP address and bring it up. The command is executed inside the namespace:

ip netns exec blue ifconfig veth1 10.1.1.1/24 up

– Bring up lo interface too for avoid extrange problems:

ip netns exec blue ip link set dev lo up

– Create the bridge, called br0, and bring it up:

ip link add name br0 type bridge
ip link set br0 up

– Assign an IP address to the bridge interface for gain the level3 behaviour, if not, only works as level2:

ip addr add 10.1.1.254/24 dev br0

– Include the veth0, which is outside the namespace, into the bridge:

ip link set veth0 master br0

– Add a default route for the namespace inside it:

ip netns exec blue ip route add default via 10.1.1.254

– Add the iptables rules for allow NAT in the host system:

iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

– Test 1. Ping and traceroute from the host to the namespace:

ping -c1 10.1.1.1
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.063 ms

traceroute 10.1.1.1
traceroute to 10.1.1.1 (10.1.1.1), 30 hops max, 60 byte packets
1 10.1.1.1 (10.1.1.1) 0.051 ms 0.012 ms 0.010 ms

– Test 2. Ping and traceroute from the namespace to the bridge:

ip netns exec blue ping -c1 10.1.1.254
PING 10.1.1.254 (10.1.1.254) 56(84) bytes of data.
64 bytes from 10.1.1.254: icmp_seq=1 ttl=64 time=0.038 ms

ip netns exec blue traceroute 10.1.1.254
traceroute to 10.1.1.254 (10.1.1.254), 30 hops max, 60 byte packets
1 10.1.1.254 (10.1.1.254) 0.059 ms 0.013 ms 0.009 ms

– Test 3. Ping and traceroute from the namespace to internet:

ip netns exec blue ping -c1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=0.838 ms

ip netns exec blue traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 10.1.1.254 (10.1.1.254) 0.050 ms 0.012 ms 0.008 ms
...
9 google-public-dns-a.google.com (8.8.8.8) 0.884 ms 0.701 ms 0.681 ms

Two virtual interfaces (veth0/1 and veth10/11) into two different namespaces each one (blue and green) using the same subnet with internet conectivity

– Plus the steps done above…

– Create the virtual ethernet interface, and bring it up:

ip link add veth10 type veth peer name veth11
ip link set veth10 up

– Create the network namespace, and include the veth11 interface into it:

ip netns add green
ip link set veth11 netns green

– Include the veth10 into the bridge:

ip link set veth10 master br0

– Configure the veth11 with an IP address, bring it up, the same for lo, and add the default route to the bridge:

ip netns exec green ifconfig veth11 10.1.1.11/24 up
ip netns exec green ip link set dev lo up
ip netns exec green ip route add default via 10.1.1.254

– Test 4. Ping and traceroute from the blue namespace to the green:

ip netns exec blue ping -c1 10.1.1.11
PING 10.1.1.11 (10.1.1.11) 56(84) bytes of data.
64 bytes from 10.1.1.11: icmp_seq=1 ttl=64 time=0.059 ms

ip netns exec blue traceroute 10.1.1.11
traceroute to 10.1.1.11 (10.1.1.11), 30 hops max, 60 byte packets
1 10.1.1.11 (10.1.1.11) 0.055 ms 0.015 ms 0.015 ms

– Test 5. Ping and traceroute from the green namespace to the blue:

ip netns exec green ping -c1 10.1.1.1
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.068 ms

ip netns exec green traceroute 10.1.1.1
traceroute to 10.1.1.1 (10.1.1.1), 30 hops max, 60 byte packets
1 10.1.1.1 (10.1.1.1) 0.060 ms 0.010 ms 0.008 ms

– Test 6. Ping and traceroute from green namespace to internet:

ip netns exec green ping -c1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=0.804 ms

ip netns exec green traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 10.1.1.254 (10.1.1.254) 0.073 ms 0.010 ms 0.007 ms
...
9 google-public-dns-a.google.com (8.8.8.8) 0.663 ms 0.726 ms 0.680 m

Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: