RtoDto.net
Network/Security/Programming

Linux Namespace – Routing Instance

rtoodtoo linux April 13, 2015

In Linux, in the past I was using iproute2 and multiple routing tables to do some more advance stuff but when I became aware of Namespace, things really changed for me. Namespaces in Linux seem to be similar to logical systems in Junos. It seems to be a bit more than a routing instance in my opinion. I believe this much of introduction is sufficient. Now I would like to show several commands by which we can create a new routing instance inside a Linux box. To this new routing instance we will also assign a VLAN interface.

I have a linux box named vHost2. It has 2 physical ethernet interfaces as you can see. (Actually more but I am hiding some to make the output more brief) eth1 is connected to a trunk port on the switch side so that I can create vlan interfaces on this physical interface.

root@vHost2:~# ip link
1: lo:  mtu 16436 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0:  mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 00:0c:29:47:47:af brd ff:ff:ff:ff:ff:ff
3: eth1:  mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 00:0c:29:47:47:b9 brd ff:ff:ff:ff:ff:ff

First create the vlan interface.

root@vHost2:~#ip link add dev vlan971 link eth1 type vlan id 971
root@vHost2:~#ip link set dev vlan971 up

root@vHost2:~# ip link
1: lo:  mtu 16436 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0:  mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 00:0c:29:47:47:af brd ff:ff:ff:ff:ff:ff
3: eth1:  mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 00:0c:29:47:47:b9 brd ff:ff:ff:ff:ff:ff
9: vlan971@eth1:  mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 00:0c:29:47:47:b9 brd ff:ff:ff:ff:ff:ff

Yes now we have vlan971 interface created. If we speak in Junos terms, we created the interface on the master routing instance. Now we will create a new name space named BRANCHD

root@vHost2:~# ip netns add BRANCHD
root@vHost2:~# ip netns list
BRANCHD
root@vHost2:~# ip netns exec BRANCHD ip link
10: lo:  mtu 16436 qdisc noop state DOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

Great! we have the first routing instance on the system. We also checked the interface list on this name space and as you can see there is only loopback interface. It is a new instance created with no other interfaces bound to it. Now we will assing this vlan971 interface which is tied to the physical interface eth1 to this name space. 

root@vHost2:~# ip link set vlan971 netns BRANCHD
root@vHost2:~# ip netns exec BRANCHD ip link set vlan971 up
root@vHost2:~# ip netns exec BRANCHD ip link
9: vlan971@if3:  mtu 1500 qdisc noqueue state UP mode DEFAULT 
    link/ether 00:0c:29:47:47:b9 brd ff:ff:ff:ff:ff:ff
10: lo:  mtu 16436 qdisc noop state DOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

See? now we have a new interface on this instance. Now it is time to assign and IP and default route

root@vHost2:~# ip netns exec BRANCHD ip addr add 192.7.1.3/24 dev vlan971

root@vHost2:~# ip netns exec BRANCHD ip route add 0/0 via 192.7.1.1

root@vHost2:~# ip netns exec BRANCHD ip addr
9: vlan971@if3:  mtu 1500 qdisc noqueue state UP 
    link/ether 00:0c:29:47:47:b9 brd ff:ff:ff:ff:ff:ff
    inet 192.7.1.3/24 scope global vlan971
    inet6 fe80::20c:29ff:fe47:47b9/64 scope link 
       valid_lft forever preferred_lft forever
10: lo:  mtu 16436 qdisc noop state DOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

root@vHost2:~# ip netns exec BRANCHD ip route
default via 192.7.1.1 dev vlan971 
192.7.1.0/24 dev vlan971  proto kernel  scope link  src 192.7.1.3 


root@vHost2:~# ip netns exec BRANCHD ping 192.7.1.1 -c 5
PING 192.7.1.1 (192.7.1.1) 56(84) bytes of data.
64 bytes from 192.7.1.1: icmp_req=1 ttl=64 time=2.45 ms
64 bytes from 192.7.1.1: icmp_req=2 ttl=64 time=0.632 ms
64 bytes from 192.7.1.1: icmp_req=3 ttl=64 time=1.36 ms
64 bytes from 192.7.1.1: icmp_req=4 ttl=64 time=4.55 ms
64 bytes from 192.7.1.1: icmp_req=5 ttl=64 time=2.65 ms

Now our routing instance device is ready! For any changes, you can use the “ip netns exec” command. It gives you enourmous flexibility actually. For example in addition to routing you have also a separate netfilter i.e you can use separate iptables rules for your new instance. In the past I was firing up a new virtual machine to do some operations but after name space, I can simulate dozens of nodes with different services in a couple of minutes with just a few linux commands. Why I am so enthusiastic about this? I think I consider this like a swiss knife for networking. It made a lot of time consuming stuff so easier now. If you do any fancy stuff with namespaces, please do share here.

Tags:

About: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE

One thought on “Linux Namespace – Routing Instance”

Leave a Reply to xxxCancel reply

Discover more from RtoDto.net

Subscribe now to keep reading and get access to the full archive.

Continue reading