Configuring network namespaces in Linux

3 months ago by in Thesis Tagged: , , , , ,

This is a step by step walkthrough on configuring network namespaces using the unshare method. With unshare you can create kernel namespaces for resource isolation. There are several resources you can isolate (for example UTSNAME, PID, USER, NETWORK,…)
This thesis will mainly focus on creating network namespaces.

Creating two linux containers and bridging them together.

In this example we will just use 3 virtual terminals: tty0, tty1 and tty2.
tty0 will be the main shell.
tty1 and tty2 will be used to create the two linux containers.
We will connect the containers using a bridge, this way you will also be able to communicate from the host to the containers.

 ___________________________________
|  _____________   ______________  |
| | Container 0 | | Container 1 |  |
| |             | |             |  |
| |   lxc0.1    | |    lxc1.1   |  |
| |(192.168.1.3)| |(192.168.1.4)|  |
| |______|______| |______|______|  |
|        |               |         |
|     lxc0.0           lxc1.0      |
|________|_______________|_________|
|               br0                |
|          (192.168.1.1)           |
|__________________________________|

Create the two virtual links.

ip link add name lxc0.0 type veth peer name lxc0.1
ifconfig lxc0.0 up

Create a bridge and add the virtual link to the bridge

brctl addbr br0
ifconfig br0 192.168.1.1/24 up
brctl addif br0 lxc0.0
brctl addif br0 lxc1.0

Use brctl show to confirm both interfaces are added to br0.

Creating the containers

create the first container in tty1
unshare --net /bin/bash

Get the process id of this containerized bash shell:

echo $$
Create the second container in tty2
unshare --net /bin/bash

Get the process id:

echo $$

Move the endpoints of the virtual links to the containers

Use both process id’s to move lxc0.1 and lxc1.1 to the network namespace.

ip link set lxc0.1 netns CONTAINER_1_PID
ip link set lxc1.1 netns CONTAINER_2_PID

Go back to the containerized shells and assign IP adresses to the endpoints that have been moved to the container.

ifconfig lxc0.1 192.168.1.3/24 up
ifconfig lxc1.1 192.168.1.4/24 up

It is also possible to enable the loopback interface in both containers:

ifconfig lo up

This guide is based on the documentation on LXC sourceforge page.

I am a student @ University College Ghent. Currently working as a thesis student for iMinds, creating a large-scale framework for emulations of network topologies, using virtualization technologies. Experience in various networking technologies such as, but not limited to, interior and exterior routing protocols, Cisco IOS, Quagga and RouteFlow.

Leave a Comment

Ah-Lun Tang