What is network namespace?

What is network namespace?

A network namespace is a logical copy of the network stack from the host system. Each namespace has its own IP addresses, network interfaces, routing tables, and so forth. The default or global namespace is the one in which the host system physical interfaces exist.

How do Veth pairs work?

The VETH (virtual Ethernet) device is a local Ethernet tunnel. Devices are created in pairs, as shown in the diagram below. Packets transmitted on one device in the pair are immediately received on the other device. When either device is down, the link state of the pair is down.

What is network namespace in Docker?

Docker uses many Linux namespace technologies for isolation, there are user namespace, process namespace, etc. For network isolation docker uses Linux network namespace technology, each docker container has its own network namespace, which means it has its own IP address, routing table, etc.

What is Veth interface Docker?

Docker (and probably any container technology) uses linux network namespaces to isolate container network from host network. A “veth pair” is basically a virtual network cable which have a virtual network interface device (NIC) on each end.

How does Veth work with network namespaces?

Each veth device acts like a patch cable and is actually made up of two network devices, one for each end (e.g. peer1-a and peer1-b ). By adding those interfaces between bridges and/or namespaces, you create a link between them.

What can a Veth device be used for?

A veth device is a virtual ethernet device that you can think of as a real ethernet cable connecting two other devices. Virtual ethernet devices act as tunnels between network namespaces. They create a bridge to a physical network device in another namespace. Virtual ethernets can also be used as standalone network devices as well.

How to create second Veth pair in virbr0?

Now we create the second veth pair to connect the namespace into the private network. For this example we’ll be connecting to virbr0 network, where our first set of VMs are running. Again, give them useful names. Now we need to add the peer1-virbr0 interface to the virbr0 private network bridge.

How are Veth peer interfaces used in Veth?

Our first veth peer interfaces pair will be used to connect the namespace to the upstream bridge ( br0 ). Give them a name that makes sense to you; here I’m making it sequential again and specifying the purpose.