Linux Namespace – Routing Instance

49

Namespaces in Linux seem to be similar to logical systems in Junos. It seems to be a bit more than a routing instance in my opinion. I believe this much of introduction is sufficient. Now I would like to show several commands by which we can create a new routing instance inside a Linux box. To this new routing instance we will also assign a VLAN interface.

I have a linux box named vHost2. It has 2 physical ethernet interfaces as you can see. (Actually more but I am hiding some to make the output more brief) eth1 is connected to a trunk port on the switch side so that I can create vlan interfaces on this physical interface.
root@vHost2:~# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:47:47:af brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:47:47:b9 brd ff:ff:ff:ff:ff:ff
First create the vlan interface.
root@vHost2:~#ip link add dev vlan971 link eth1 type vlan id 971
root@vHost2:~#ip link set dev vlan971 up

root@vHost2:~# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:47:47:af brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:47:47:b9 brd ff:ff:ff:ff:ff:ff
9: vlan971@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT
link/ether 00:0c:29:47:47:b9 brd ff:ff:ff:ff:ff:ff
Yes now we have vlan971 interface created. If we speak in Junos terms, we created the interface on the master routing instance. Now we will create a new name space named BRANCHD
root@vHost2:~# ip netns add BRANCHD
root@vHost2:~# ip netns list
BRANCHD
root@vHost2:~# ip netns exec BRANCHD ip link
10: lo: <LOOPBACK> mtu 16436 qdisc noop state DOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
Great! we have the first routing instance on the system. We also checked the interface list on this name space and as you can see there is only loopback interface. It is a new instance created with no other interfaces bound to it. Now we will assing this vlan971 interface which is tied to the physical interface eth1 to this name space.
root@vHost2:~# ip link set vlan971 netns BRANCHD
root@vHost2:~# ip netns exec BRANCHD ip link set vlan971 up
root@vHost2:~# ip netns exec BRANCHD ip link
9: vlan971@if3: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP mode DEFAULT
link/ether 00:0c:29:47:47:b9 brd ff:ff:ff:ff:ff:ff
10: lo: <LOOPBACK> mtu 16436 qdisc noop state DOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
See? now we have a new interface on this instance. Now it is time to assign and IP and default route
root@vHost2:~# ip netns exec BRANCHD ip addr add 192.7.1.3/24 dev vlan971

root@vHost2:~# ip netns exec BRANCHD ip route add 0/0 via 192.7.1.1

root@vHost2:~# ip netns exec BRANCHD ip addr
9: vlan971@if3: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 00:0c:29:47:47:b9 brd ff:ff:ff:ff:ff:ff
inet 192.7.1.3/24 scope global vlan971
inet6 fe80::20c:29ff:fe47:47b9/64 scope link
valid_lft forever preferred_lft forever
10: lo: <LOOPBACK> mtu 16436 qdisc noop state DOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

root@vHost2:~# ip netns exec BRANCHD ip route
default via 192.7.1.1 dev vlan971
192.7.1.0/24 dev vlan971 proto kernel scope link src 192.7.1.3
root@vHost2:~# ip netns exec BRANCHD ping 192.7.1.1 -c 5
PING 192.7.1.1 (192.7.1.1) 56(84) bytes of data.
64 bytes from 192.7.1.1: icmp_req=1 ttl=64 time=2.45 ms
64 bytes from 192.7.1.1: icmp_req=2 ttl=64 time=0.632 ms
64 bytes from 192.7.1.1: icmp_req=3 ttl=64 time=1.36 ms
64 bytes from 192.7.1.1: icmp_req=4 ttl=64 time=4.55 ms
64 bytes from 192.7.1.1: icmp_req=5 ttl=64 time=2.65 ms
Now our routing instance device is ready! For any changes, you can use the “ip netns exec” command. It gives you enourmous flexibility actually. For example in addition to routing you have also a separate netfilter i.e you can use separate iptables rules for your new instance. In the past I was firing up a new virtual machine to do some operations but after name space, I can simulate dozens of nodes with different services in a couple of minutes with just a few linux commands. Why I am so enthusiastic about this? I think I consider this like a swiss knife for networking. It made a lot of time consuming stuff so easier now. If you do any fancy stuff with namespaces, please do share here.