Mastering Linux Network Namespaces: A Hands-On Simulation with Bridges and Routing

Introduction

Networking is a crucial aspect of Linux system administration, and understanding network namespaces, virtual Ethernet (veth) pairs, and bridges can significantly enhance your networking skills. This blog provides a step-by-step guide to setting up a simulated network environment using a Bash script that creates and connects two hosts through a router. Whether you're a networking student, a system administrator, or an enthusiast, this hands-on tutorial will help you grasp fundamental Linux networking concepts.

Why Network Namespaces?

Network namespaces provide isolated network environments within the same system, allowing for realistic network simulations and testing without needing separate physical machines or VMs. With namespaces, you can:

• Simulate different network environments on a single machine.
• Test routing configurations.
• Experiment with firewall rules and traffic control.

Project Overview

This project sets up a virtual network using:

• Three network namespaces: Two hosts (ns1, ns2) and a router (router-ns).
• Two virtual bridges (br0, br1) to connect the hosts and router.
• Virtual Ethernet (veth) pairs to link the namespaces to the bridges.
• Routing configurations to allow communication between the hosts via the router.

By the end of this tutorial, ns1 and ns2 will be able to communicate through router-ns.

Script Breakdown

The Bash script automates the setup process. Below is a high-level overview of its components:

1. Creating Network Namespaces

sudo ip netns add ns1
sudo ip netns add ns2
sudo ip netns add router-ns

These commands create three separate network namespaces.

2. Setting Up Virtual Bridges

sudo ip link add br0 type bridge
sudo ip link add br1 type bridge
sudo ip link set br0 up
sudo ip link set br1 up

Bridges act as virtual switches to connect different interfaces.

3. Creating Virtual Ethernet (veth) Pairs

sudo ip link add br0-l-veth type veth peer name ns1-veth
sudo ip link add br1-l-veth type veth peer name ns2-veth

These veth pairs provide a virtual connection between the namespaces and the host system.

4. Assigning veth Interfaces to Namespaces

sudo ip link set ns1-veth netns ns1
sudo ip link set ns2-veth netns ns2

Each namespace gets one end of a veth pair.

5. Connecting Interfaces to Bridges

sudo ip link set br0-l-veth master br0
sudo ip link set br1-l-veth master br1

This step attaches one side of the veth pair to the respective bridge.

6. Configuring IP Addresses

sudo ip netns exec ns1 ip addr add 10.11.0.2/24 dev ns1-veth
sudo ip netns exec ns2 ip addr add 10.12.0.2/24 dev ns2-veth

Each namespace gets an IP address.

7. Adding Default Routes

sudo ip netns exec ns1 ip route add default via 10.11.0.254
sudo ip netns exec ns2 ip route add default via 10.12.0.254

The default routes ensure that ns1 and ns2 send traffic through the router.

8. Setting Up the Router Namespace

sudo ip link add br0-r-veth type veth peer name router-ns-veth1
sudo ip link add br1-r-veth type veth peer name router-ns-veth2
sudo ip link set router-ns-veth1 netns router-ns
sudo ip link set router-ns-veth2 netns router-ns

These commands set up the router’s interfaces.

9. Configuring the Router’s IP Addresses

sudo ip netns exec router-ns ip addr add 10.11.0.254/24 dev router-ns-veth1
sudo ip netns exec router-ns ip addr add 10.12.0.254/24 dev router-ns-veth2

The router gets an IP in both subnets.

10. Enabling IP Forwarding on the Router

sudo ip netns exec router-ns sysctl -w net.ipv4.ip_forward=1

This command allows the router to forward traffic between ns1 and ns2.

11. Testing Connectivity

sudo ip netns exec ns1 ping -c 3 10.11.0.254
sudo ip netns exec ns2 ping -c 3 10.12.0.254
sudo ip netns exec ns1 ping -c 3 10.12.0.2
sudo ip netns exec ns2 ping -c 3 10.11.0.2

If all pings succeed, the network is correctly configured.

Cleanup

To remove the network setup, run:

sudo ip netns del ns1
sudo ip netns del ns2
sudo ip netns del router-ns
sudo ip link del br0
sudo ip link del br1

Alternatively, create a cleanup.sh script for convenience.

Troubleshooting

1. Check IP Forwarding

sudo sysctl -w net.ipv4.ip_forward=1
sudo ip netns exec router-ns sysctl -w net.ipv4.ip_forward=1

Ensure that packet forwarding is enabled.

2. Inspect Interfaces

sudo ip netns exec ns1 ip link
sudo ip netns exec ns1 ip addr

Use these commands to verify the interface status.

3. Check Routing Tables

sudo ip netns exec ns1 ip route
sudo ip netns exec router-ns ip route

Ensure that routes are correctly set up.

4. Firewall Issues

sudo iptables -L FORWARD

Check if firewall rules are blocking traffic.

Conclusion

This hands-on simulation provides an excellent understanding of networking concepts such as namespaces, veth pairs, bridges, and routing. Automating the setup with a Bash script allows you to easily create and test different network configurations without additional hardware.

For the complete script and more details, visit my GitHub repository: Network Namespace Simulation.