Network Namespaces Basics Explained in 15 Minutes
Вставка
- Опубліковано 29 тра 2024
- 🆓Join our Slack Community for FREE: kode.wiki/JoinOurSlackCommunity
Get introduced to the basics of Network Namespaces in Linux.
Access full course here: kodekloud.com/p/certified-kub...
Network Namespaces are used by containerization technologies like Docker to isolate network between containers.
We’ll start with a simple host. As we know already containers are separated from the underlying host using namespaces. So what are namespaces?
When the container is created we create a network namespace for it that way it has no visibility to any network-related information on the host. Within its namespace the container can have its own virtual interfaces, routing and ARP tables. The container has an interface.
To create a new network namespace on a Linux host, run the ip nets add command. In this case we create two network namespaces read and blue. To list the network namespaces run the ip netns command.
To list the interfaces on my host, I run the ip link command. I see that my host has the loopback interface and the eth0 interface. Now, how do we view the same within the network namespace we created? How do we run the same command within the red or blue namespace? Pre-fix the command with the command ip netns exec followed by the namespace name which is red. Now the ip link command will be executed inside the red namespace. Another way to do it is to add the -n option to the original ip link command. Both of these are the same, the second one is simpler though. But remember this only works if you intend to run the ip command inside the namespace. As you can see it only lists the loopback interface. You cannot see the eth0 interface on the host. So with namespaces we have successfully prevented the container from seeing the hosts interface.
#NetworkNamespacesBasics #KodeKloud
Learning Kubernetes is essential for any DevOps professional. Learn, practice, and get certified on Kubernetes: kodekloud.com/p/certified-kubernetes-administrator-with-practice-tests
I rarely comment on any video.
But this amazing video forces me to comment.
Great explanation. Thanks!
This took me 1 month to learn by self and you visualized in 15 minutes. Believe me.. you covered everything. Good Work
brother please if you understand make me understand it because ididint understand any thing
Wow. Entire Namespace condensed to 15 min and explained well as well. This should be the go-to tutorial for networking with Namespaces
Welcome🙏. All our videos are simple and easy to understand. Please subscribe to our channel & help us create more such videos.
Great Work KodeKloud!
If the pings do not work - make sure you add ip addresses as 192.168.15.1/24 and 192.168.15.2/24 and for the bridge example make sure you also bring up the peer devices (veth-red-br and veth-blue-br) using following commands - sudo ip link set veth-red-br up and sudo ip link set veth-blue-br up before testing the pings.
Hi Nikhil, thanks for checking out our tutorial and for sharing the information. Do subscribe to our channel to stay posted on upcoming tutorials. Cheers!
Yeah, this helped me as well. The last thing that helped me was, the bridge traffic will traverse iptables by default… so either turn that off, or enable an “allow” policy for Forwarded traffic with “iptables -policy FORWARD ACCEPT”
this is what i was missing.
That helped me. Thanks :)
Awesome video, Love this guy helped me pass my kube certs. BTW on amazon linux 2, I had to use 192.168.15.1/24 and 192.168.15.2/24 for red and blue namespaced network, otherwise could not ping.
Same for me in Fedora , in other case I got Network is unreachable and cannot even ping own iface . Br, Michal
Thanks. This worked for me on Ubuntu :)
Hi thanks for the video ! When following along, I noticed that there are 2 important things not mentioned in this video in order for this to work:
1. We need to set up the interfaces that are mastered by the bridge network.
2. We need to enable ip forwarding for the machine, i.e.: sysctl -w net.ipv4.ip_forward=1
Fantastic video! So short, down to the point. Thank you! Subscribed.
oh wow i've been trying to learn this for years and u made it so clear.
This is the best explanation ever! Thank you so much.
Awesome explanation! Thanks for all the hard work. Appreciate your effort.
This is probably one of the best video that could explain this concept
That is completely perfect! Thank you vary much.
It looks like that it's worth enough following this channel.
Awesome video with so much details compressed yet very much clear and precise explanation. Analogy was simply superb which I could not find in any videos and articles till now. Thank you :)
Excellent explanations. Super liked it... Thank you so much for this.
Great work ! This video deserves more thumb up! Thank you very much.
This is by FAR the best description of network namespaces I've ever seen! Thank you for putting this together!
WOW, in 15 mints you explained one of the most complicated subjects I didn't understand, simply by telling us the "why"
I hope I can make 1000 like, thank you
We are glad you found our video helpful. Like and share our video with your peers and also do not forget to subscribe to our channel for not missing video updates. We will be coming up with more such videos. Cheers!
Please do more in depth courses like these (cgroups, overlay networks). I'm currently interested in what are pods concretely. From what I understood until now, it's just a bunch of containers (i.e a bunch of uts+pid+network+ipc) that belongs to the same network namespace.
Simple and Amazing. God bless you
God level teaching....Im literally speechless.Was struggling with openstack ping issues.this saved my life.
best 15 minutes I've spent today! thanks!
Great explanation. Much appreciated!
more than good level. great. thanks for sharing this smartly and clearly summarized video to public.
Hello, thank you for watching our video. We are glad that you liked our video. Do subscribe and stay connected with us. Cheers :)
Very clear technical explanation , you can understand how networking is working within container, and between them! Really excellent, please continue...
Thanks for stopping by. Hope you saw our other videos on DevOps and other important tools.👍
again this video is such a master piece. Never saw any great video like this. Thanks from bottom of heart. This is what education should be. Figuring out from man pages it too much stressful
wow. Great explanation. thanks for putting this together.
This is just awesome. Docker kept rolling in my mind for the entire video and helped me understand the implementation.
Well, the first time, it went a little over my head because of less networking understanding. Watching it for many times to grasp everything. Thank you again, you're the best teacher!
WooHoo! We are so happy you love our videos. Please do keep checking back in. We put up new videos every week on all your favorite topics. Whenever you have the time, you must also check out website @kodekloud.com and tell us what you think. Have a good day!
Thanks ,wonderful explanation !!
Thnks for informative vedio, this clear lots of thing for me regarding namespaces
Watching this video for the second time and it is as helpful as it was before, thank you so much 😁
Thanks😊
We make sure all the concepts are clearly explained. We have experts in our team who make even complex things look very easy. Please subscribe to our channel & help us create more such videos.
very well explained, great job!
excellent explanation, I. would watch this video 100 times, thanks
Wow, thanks! Please subscribe to the channel and support us.
Amazing video. you basically answered all my questions!
Thank you for the appreciation. You can check our videos related to DevOps and subscribe to our channel to stay updated with all the latest tools.
This visualisation is just amazing. Thanks
Thanks for watching our video and sharing your thoughts. Do subscribe to our channel and stay tuned for more. Cheers!
Great tutorial. The title can also be how to create a virtual Linux router. It s basically what a router do, besides the iptables rules then it completed.
One of the best explanation in 15 mins
Great explanation!! Thanks.
Teaching is a talent and you are amazingly talented. Best explanation ever
Wow, thank you! 😊
This is the best video on namespaces I've come across thus far.
Comments like these motivate us to do more such videos. Thanks!
Please subscribe to our channel for more such videos 😊
@@KodeKloud By the way, I'm trying to run multiple VPNs simultaneously each within their own network namespace, then route subnets to their respective VPNs from the main system. You could do a video on how to do this if you want.
You are the Best Explainer Man... You truly make Difficult Topics understandable very easily...❤❤❤
Hey, thank you for appreciating our work. We are glad to have helped. Do check out our other tutorial videos and subscribe to us to stay connected. Cheers :)
Awesome explanation. Simply superb video
Hello, thank you for watching our video. We are glad that you liked our video. Do subscribe and stay connected with us. Cheers :)
Great content! Very useful in this moment for me. Thank you very much!
Glad it was helpful!
This is so damn good! Well explained and easy to follow.! Great source, thanks!
Thanks!😊😊😊
Amazing explanation, very clear, thank you
Glad it was helpful!
This is actually explained so well
Bro. This is awesome. You helped me tremendously to understand this
Glad it helped!
This was Outstanding! It helped me internalize the virtual networking I set up with my VM's and although I knew how to get things working, I now understand the fundamentals of why! Will be leveraging your services for sure!!!
Thank you for the appreciation. You can check our videos related to DevOps and subscribe to our channel to stay updated with all the latest tools.
I can't skip without commenting. It was great! I enjoyed watching. For some reason mine didn't work but overall I learned A LOT.
Glad you enjoyed it!
Check out our Early Black Friday offer to get upto 50% off on our Premium Courses: you can use our early Black Friday offer to enroll for our courses: b.link/wko6c6
Appreciated, very simple and effective...
Glad it helped. Please subscribe to our channel for more such videos 😊
Thank you for Awesome explanation!
You're very welcome!
Thanks for posting this.. Great job!! It gets very confusing without animation and color coded diagrams.
Glad it was helpful!
Hi Mumshad,
Thank soo much for video took me weeks to understand everything which you amazingly covered in just 15min.
If possible also touch CI/CD pipeline (Jenkins) auto deployment networks within containers
May Allah always bless you
Well done! It seems like a too simple, too basic tutorial, but actually it covers, in an extremely simple way, so many important facts (I would say everything for the basic communication between namespaces/host/internal/external networks).
Hello, thank you for watching our video. We are glad that you liked our video. Do subscribe and stay connected with us. Cheers :)
this is really awesome explaination
Fantastic video...thank you.
I don't understand the 6th downvotes, this video shed the light on so many things that other articles talk about and describe without saying what it actually is. All the articles I read say the fruit is round and may be green or red, while this video tells me directly that it is an apple.
Dammn Man, you are the Guy. thank you for this incredible lesson, I spent 1 week trying to understand these concepts, and now with your video, I understood everything in just 15 min.
Hello, thank you for watching our video. We are glad that you liked our video. Do subscribe and stay connected with us. Cheers :)
Nice explanation
wow, really high level content, tks a lot for this.
Glad you enjoyed it!
Excellent, that all I can say, THANK YOU
Glad you enjoyed it!
So well explained!!
Glad it was helpful!
Awesome video!!! Keep it up.
This is great great explanation!!
Thanks👍
Please subscribe and encourage us to provide more such quality content.
Wonderful explanation. If you do the same for other material it worth it spending the time to learn it
That intro is very smooth
Thanks a ton! Your support makes all the difference 💙
perfect explanation
Glad you liked it. Please subscribe to the channel and support us.
You are the best , bravo bravo🙏
Thanks a ton! Your support makes all the difference 💙
thanks for doing my coding assignment
You're welcome. Please subscribe to our channel and support us to do more such videos. Thanks 😊
Another great content
Fantastic Video
Thank you very much!
That's a pretty thorough rundown of the internal networking facilities of OS's. The only thing that might make it better is if you brought up the places in the Linux codebase where these things are effected.
Thank you so much : ) We are glad to be a part of your learning journey
excellent job
Should we execute the commands on two different terminals ? should the bridge be created outside of both blue and red namespaces?
Great visuals
Thanks a lot!
very good video
Wow, a helpful video!
excelente!
Amazing!
very good ! like it.
Amazing video
Thanks! Please subscribe to the channel and support us.
Hey! May I ask what kind of program are you using for creating these videos? I want to learn the trick to use the terminal command and its output display within my presentations! Thanks in advance!
Exellent job
Excellent tutorial. I had to explicitly bring up the `veth-*-br` devices -I don't see that in your video.
Great content tbh 👍🏾👍🏾👍🏾
Very Nice Video! Thx XD
So great
Hello Mumshad,
Awesome video as always, thank you.
Please let us know in few words how is network namespace different from using CNI like calico with namespace.
@@KodeKloud cool thank you for explanation.
In order to ping host itself one might need to bring loopback iface UP. Also to ping link host specify netmask /24 explicitly when you add your IP address, otherwise you might get "Network is unreachable" error.
And if you already have this error and want to delete the incorrect IP address: ip -n red addr del 192.168.15.1/32 dev veth-red
you are life saver man. Thanks
Thank you this fixed it for me :D
To be more exact, first, as Stani said, delete the address you added to the interface:
ip -n red addr del 192.168.15.1/32 dev veth-red
Then, rerun the command that was featured in the tutorial except that you explicitly add the /24 at the end of the IP:
ip -n red addr add 192.168.15.1/24 dev veth-red
you are the best!!!
Glad 🙂. Please subscribe and encourage us to provide more such quality content.
After ensuring the prefix was ip/netmask I also had to add an ip in the same range as the namespaces to the vswitch or "bridge" which was confusing since nothing is being routed.
sudo ip addr add / dev
You can also set this to n.n.n.0/
This man is a genious.
Thanks!😊😊😊 Please subscribe to our channel for more such amazing videos.
Many thanks for the great explanation, is it the same to link a Veth to a container than to a name space? Can you explain it using LXD please?
Like @Honey Bee below I had to add full CIDR address. Also make sure all network interfaces are up e.g. sudo ip link set veth-blue-br up etc. This is not shown in the video
At 6:01, why are the mac addresses different in the blue and red namespaces ? isn't the mac address the identifier of the nic (hardware) ?
Hi, It's an amazing summary! I was wondering if this method can be used to run separate programs in the separate namespaces and when I communicate with an outside API, will the API see separate IP addresses as well or will se the same since it's coming from the same Bridge and host?
Thanks!
If you create a new network namespace and run a process in it, the process will have its own network stack and IP address. If you use a network namespace with a shared network stack, then the namespace and the host will share the same network stack and IP address.
hats off !
Like * 1000000000 brilliant lesson
I needed to add /24 to the end of the ip's for this to work.
ip -n red addr add 192.168.15.2/24 dev veth-red
ip -n blue addr add 192.168.15.3/24 dev veth-blue
enlightening
Thanks!