I am half in the video and I already like the visualization of how everything works in order, very easy to understand, I really like these kind of videos where you learn by watching how things move. Bravo
Great Work KodeKloud! If the pings do not work - make sure you add ip addresses as 192.168.15.1/24 and 192.168.15.2/24 and for the bridge example make sure you also bring up the peer devices (veth-red-br and veth-blue-br) using following commands - sudo ip link set veth-red-br up and sudo ip link set veth-blue-br up before testing the pings.
Hi Nikhil, thanks for checking out our tutorial and for sharing the information. Do subscribe to our channel to stay posted on upcoming tutorials. Cheers!
Yeah, this helped me as well. The last thing that helped me was, the bridge traffic will traverse iptables by default… so either turn that off, or enable an “allow” policy for Forwarded traffic with “iptables -policy FORWARD ACCEPT”
Wow wow wow...just wow. Man, you just broken entire confusion in my mind on network namespaces, docker bridge networks, kubernetes networks. Thanks a thousand man.
Awesome video, Love this guy helped me pass my kube certs. BTW on amazon linux 2, I had to use 192.168.15.1/24 and 192.168.15.2/24 for red and blue namespaced network, otherwise could not ping.
Yes same for me! I looked into this and apparently it's because the default subnet mask when creating the IP addresses for each namespace is 32 bits. This means that the namespaces act as single hosts that don't belong to a network. This prevents the Address Resolution Porotcol from finding the host that the IP address belongs to because it relies on a broadcast message and you can not broadcast on a network of one device. To fix this without changing the subnet mask on the IP's to be '/24' (24 bit) instead, i had to manually enter the IP address and corresponding interface into the routing table of each namespace. Like so: sudo ip netns exec red ip route add 192.168.15.2/32 dev veth-red sudo ip netns exec blue ip route add 192.168.15.1/32 dev veth-blue This allowed me to ping the namespaces successfully Also, I believe changing the subnet masks are also a completely valid way to achieve the same goal. I just wanted to give an alternative solution 😃
WOW, in 15 mints you explained one of the most complicated subjects I didn't understand, simply by telling us the "why" I hope I can make 1000 like, thank you
We are glad you found our video helpful. Like and share our video with your peers and also do not forget to subscribe to our channel for not missing video updates. We will be coming up with more such videos. Cheers!
Hi thanks for the video ! When following along, I noticed that there are 2 important things not mentioned in this video in order for this to work: 1. We need to set up the interfaces that are mastered by the bridge network. 2. We need to enable ip forwarding for the machine, i.e.: sysctl -w net.ipv4.ip_forward=1
This is just awesome. Docker kept rolling in my mind for the entire video and helped me understand the implementation. Well, the first time, it went a little over my head because of less networking understanding. Watching it for many times to grasp everything. Thank you again, you're the best teacher!
WooHoo! We are so happy you love our videos. Please do keep checking back in. We put up new videos every week on all your favorite topics. Whenever you have the time, you must also check out website @kodekloud.com and tell us what you think. Have a good day!
Hey, thank you for appreciating our work. We are glad to have helped. Do check out our other tutorial videos and subscribe to us to stay connected. Cheers :)
@@KodeKloud By the way, I'm trying to run multiple VPNs simultaneously each within their own network namespace, then route subnets to their respective VPNs from the main system. You could do a video on how to do this if you want.
Very clear technical explanation , you can understand how networking is working within container, and between them! Really excellent, please continue...
again this video is such a master piece. Never saw any great video like this. Thanks from bottom of heart. This is what education should be. Figuring out from man pages it too much stressful
Glad you enjoyed it! Check out our Early Black Friday offer to get upto 50% off on our Premium Courses: you can use our early Black Friday offer to enroll for our courses: b.link/wko6c6
That's a pretty thorough rundown of the internal networking facilities of OS's. The only thing that might make it better is if you brought up the places in the Linux codebase where these things are effected.
Awesome video with so much details compressed yet very much clear and precise explanation. Analogy was simply superb which I could not find in any videos and articles till now. Thank you :)
I don't understand the 6th downvotes, this video shed the light on so many things that other articles talk about and describe without saying what it actually is. All the articles I read say the fruit is round and may be green or red, while this video tells me directly that it is an apple.
Great tutorial. The title can also be how to create a virtual Linux router. It s basically what a router do, besides the iptables rules then it completed.
This was Outstanding! It helped me internalize the virtual networking I set up with my VM's and although I knew how to get things working, I now understand the fundamentals of why! Will be leveraging your services for sure!!!
Please do more in depth courses like these (cgroups, overlay networks). I'm currently interested in what are pods concretely. From what I understood until now, it's just a bunch of containers (i.e a bunch of uts+pid+network+ipc) that belongs to the same network namespace.
Dammn Man, you are the Guy. thank you for this incredible lesson, I spent 1 week trying to understand these concepts, and now with your video, I understood everything in just 15 min.
Thanks😊 We make sure all the concepts are clearly explained. We have experts in our team who make even complex things look very easy. Please subscribe to our channel & help us create more such videos.
In order to ping host itself one might need to bring loopback iface UP. Also to ping link host specify netmask /24 explicitly when you add your IP address, otherwise you might get "Network is unreachable" error.
Thank you this fixed it for me :D To be more exact, first, as Stani said, delete the address you added to the interface: ip -n red addr del 192.168.15.1/32 dev veth-red Then, rerun the command that was featured in the tutorial except that you explicitly add the /24 at the end of the IP: ip -n red addr add 192.168.15.1/24 dev veth-red
After ensuring the prefix was ip/netmask I also had to add an ip in the same range as the namespaces to the vswitch or "bridge" which was confusing since nothing is being routed. sudo ip addr add / dev You can also set this to n.n.n.0/
I was trying to execute below and stuck at 13:12 sudo iptables -t nat -A POSTROUTING -s 192.168.15.0/24 -j MASQUERADE sudo ip netns exec blue ping 192.168.0.3 --> still no response back. Any suggestions as to why? Thanks for the excellent video.
Well done! It seems like a too simple, too basic tutorial, but actually it covers, in an extremely simple way, so many important facts (I would say everything for the basic communication between namespaces/host/internal/external networks).
Like @Honey Bee below I had to add full CIDR address. Also make sure all network interfaces are up e.g. sudo ip link set veth-blue-br up etc. This is not shown in the video
Hi Mumshad, Thank soo much for video took me weeks to understand everything which you amazingly covered in just 15min. If possible also touch CI/CD pipeline (Jenkins) auto deployment networks within containers May Allah always bless you
If you can't ping after the iptables rule (at 13:20), then it is probably because you have to enable IP forwarding. You can easily do it with this command: sysctl -w net.ipv4.ip_forward=1
Hey Bozhan, thank you for watching our video and for the honest feedback. We will definitely look into this. Do subscribe, like and share to stay connected with us. Cheers :)
Hi, It's an amazing summary! I was wondering if this method can be used to run separate programs in the separate namespaces and when I communicate with an outside API, will the API see separate IP addresses as well or will se the same since it's coming from the same Bridge and host? Thanks!
If you create a new network namespace and run a process in it, the process will have its own network stack and IP address. If you use a network namespace with a shared network stack, then the namespace and the host will share the same network stack and IP address.
I got some error when applying the PORT Forwarding rules and resolved it by changing `iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.15.2:80`.
I needed to add /24 to the end of the ip's for this to work. ip -n red addr add 192.168.15.2/24 dev veth-red ip -n blue addr add 192.168.15.3/24 dev veth-blue
Pinging from one namespace (via bridge) to another doesn't work for me, if I have docker installed in my system. Do the docker's iptable rules interfere here? arp though shows the peers' entries in respective namespaces
Make sure veth-red-br and veth-blue-br are up (in my case I had to manualy turn them on (ip link set dev veth-red-br up, ip link set dev veth-blue-br up).
🚀Explore Our Top Courses & Special Offers: kode.wiki/40SkWyU
This took me 1 month to learn by self and you visualized in 15 minutes. Believe me.. you covered everything. Good Work
brother please if you understand make me understand it because ididint understand any thing
I am half in the video and I already like the visualization of how everything works in order, very easy to understand, I really like these kind of videos where you learn by watching how things move. Bravo
Wow. Entire Namespace condensed to 15 min and explained well as well. This should be the go-to tutorial for networking with Namespaces
Welcome🙏. All our videos are simple and easy to understand. Please subscribe to our channel & help us create more such videos.
Great Work KodeKloud!
If the pings do not work - make sure you add ip addresses as 192.168.15.1/24 and 192.168.15.2/24 and for the bridge example make sure you also bring up the peer devices (veth-red-br and veth-blue-br) using following commands - sudo ip link set veth-red-br up and sudo ip link set veth-blue-br up before testing the pings.
Hi Nikhil, thanks for checking out our tutorial and for sharing the information. Do subscribe to our channel to stay posted on upcoming tutorials. Cheers!
Yeah, this helped me as well. The last thing that helped me was, the bridge traffic will traverse iptables by default… so either turn that off, or enable an “allow” policy for Forwarded traffic with “iptables -policy FORWARD ACCEPT”
this is what i was missing.
That helped me. Thanks :)
Wow wow wow...just wow. Man, you just broken entire confusion in my mind on network namespaces, docker bridge networks, kubernetes networks. Thanks a thousand man.
Thanks for watching! It’s great to hear you’re finding it helpful.
Awesome video, Love this guy helped me pass my kube certs. BTW on amazon linux 2, I had to use 192.168.15.1/24 and 192.168.15.2/24 for red and blue namespaced network, otherwise could not ping.
Thanks. This worked for me on Ubuntu :)
Yes same for me! I looked into this and apparently it's because the default subnet mask when creating the IP addresses for each namespace is 32 bits. This means that the namespaces act as single hosts that don't belong to a network. This prevents the Address Resolution Porotcol from finding the host that the IP address belongs to because it relies on a broadcast message and you can not broadcast on a network of one device.
To fix this without changing the subnet mask on the IP's to be '/24' (24 bit) instead, i had to manually enter the IP address and corresponding interface into the routing table of each namespace. Like so:
sudo ip netns exec red ip route add 192.168.15.2/32 dev veth-red
sudo ip netns exec blue ip route add 192.168.15.1/32 dev veth-blue
This allowed me to ping the namespaces successfully
Also, I believe changing the subnet masks are also a completely valid way to achieve the same goal. I just wanted to give an alternative solution 😃
WOW, in 15 mints you explained one of the most complicated subjects I didn't understand, simply by telling us the "why"
I hope I can make 1000 like, thank you
We are glad you found our video helpful. Like and share our video with your peers and also do not forget to subscribe to our channel for not missing video updates. We will be coming up with more such videos. Cheers!
This is by FAR the best description of network namespaces I've ever seen! Thank you for putting this together!
I rarely comment on any video.
But this amazing video forces me to comment.
Great explanation. Thanks!
God level teaching....Im literally speechless.Was struggling with openstack ping issues.this saved my life.
Hi thanks for the video ! When following along, I noticed that there are 2 important things not mentioned in this video in order for this to work:
1. We need to set up the interfaces that are mastered by the bridge network.
2. We need to enable ip forwarding for the machine, i.e.: sysctl -w net.ipv4.ip_forward=1
Thanks yoavklein, by default it was disabled on my host.
This is the best explanation ever! Thank you so much.
This is just awesome. Docker kept rolling in my mind for the entire video and helped me understand the implementation.
Well, the first time, it went a little over my head because of less networking understanding. Watching it for many times to grasp everything. Thank you again, you're the best teacher!
WooHoo! We are so happy you love our videos. Please do keep checking back in. We put up new videos every week on all your favorite topics. Whenever you have the time, you must also check out website @kodekloud.com and tell us what you think. Have a good day!
Teaching is a talent and you are amazingly talented. Best explanation ever
Wow, thank you! 😊
You are the Best Explainer Man... You truly make Difficult Topics understandable very easily...❤❤❤
Hey, thank you for appreciating our work. We are glad to have helped. Do check out our other tutorial videos and subscribe to us to stay connected. Cheers :)
That intro is very smooth
Thanks a ton! Your support makes all the difference 💙
This visualisation is just amazing. Thanks
Thanks for watching our video and sharing your thoughts. Do subscribe to our channel and stay tuned for more. Cheers!
This is the best video on namespaces I've come across thus far.
Comments like these motivate us to do more such videos. Thanks!
Please subscribe to our channel for more such videos 😊
@@KodeKloud By the way, I'm trying to run multiple VPNs simultaneously each within their own network namespace, then route subnets to their respective VPNs from the main system. You could do a video on how to do this if you want.
This is probably one of the best video that could explain this concept
Very clear technical explanation , you can understand how networking is working within container, and between them! Really excellent, please continue...
Thanks for stopping by. Hope you saw our other videos on DevOps and other important tools.👍
excellent explanation, I. would watch this video 100 times, thanks
Wow, thanks! Please subscribe to the channel and support us.
again this video is such a master piece. Never saw any great video like this. Thanks from bottom of heart. This is what education should be. Figuring out from man pages it too much stressful
I can't skip without commenting. It was great! I enjoyed watching. For some reason mine didn't work but overall I learned A LOT.
Glad you enjoyed it!
Check out our Early Black Friday offer to get upto 50% off on our Premium Courses: you can use our early Black Friday offer to enroll for our courses: b.link/wko6c6
That's a pretty thorough rundown of the internal networking facilities of OS's. The only thing that might make it better is if you brought up the places in the Linux codebase where these things are effected.
Thank you so much : ) We are glad to be a part of your learning journey
more than good level. great. thanks for sharing this smartly and clearly summarized video to public.
Hello, thank you for watching our video. We are glad that you liked our video. Do subscribe and stay connected with us. Cheers :)
Awesome explanation. Simply superb video
Hello, thank you for watching our video. We are glad that you liked our video. Do subscribe and stay connected with us. Cheers :)
Excellent tutorial. I had to explicitly bring up the `veth-*-br` devices -I don't see that in your video.
Should we execute the commands on two different terminals ? should the bridge be created outside of both blue and red namespaces?
Bro. This is awesome. You helped me tremendously to understand this
Glad it helped!
Awesome video with so much details compressed yet very much clear and precise explanation. Analogy was simply superb which I could not find in any videos and articles till now. Thank you :)
I don't understand the 6th downvotes, this video shed the light on so many things that other articles talk about and describe without saying what it actually is. All the articles I read say the fruit is round and may be green or red, while this video tells me directly that it is an apple.
One of the best explanation in 15 mins
Simple and Amazing. God bless you
Thanks for posting this.. Great job!! It gets very confusing without animation and color coded diagrams.
Glad it was helpful!
Amazing explanation, very clear, thank you
Glad it was helpful!
Wonderful explanation. If you do the same for other material it worth it spending the time to learn it
Great tutorial. The title can also be how to create a virtual Linux router. It s basically what a router do, besides the iptables rules then it completed.
This was Outstanding! It helped me internalize the virtual networking I set up with my VM's and although I knew how to get things working, I now understand the fundamentals of why! Will be leveraging your services for sure!!!
Thank you for the appreciation. You can check our videos related to DevOps and subscribe to our channel to stay updated with all the latest tools.
Please do more in depth courses like these (cgroups, overlay networks). I'm currently interested in what are pods concretely. From what I understood until now, it's just a bunch of containers (i.e a bunch of uts+pid+network+ipc) that belongs to the same network namespace.
Thank you for Awesome explanation!
You're very welcome!
Dammn Man, you are the Guy. thank you for this incredible lesson, I spent 1 week trying to understand these concepts, and now with your video, I understood everything in just 15 min.
Hello, thank you for watching our video. We are glad that you liked our video. Do subscribe and stay connected with us. Cheers :)
Watching this video for the second time and it is as helpful as it was before, thank you so much 😁
Thanks😊
We make sure all the concepts are clearly explained. We have experts in our team who make even complex things look very easy. Please subscribe to our channel & help us create more such videos.
thanks for doing my coding assignment
You're welcome. Please subscribe to our channel and support us to do more such videos. Thanks 😊
oh wow i've been trying to learn this for years and u made it so clear.
So well explained!!
Glad it was helpful!
Great content! Very useful in this moment for me. Thank you very much!
Glad it was helpful!
perfect explanation
Glad you liked it. Please subscribe to the channel and support us.
At 6:01, why are the mac addresses different in the blue and red namespaces ? isn't the mac address the identifier of the nic (hardware) ?
You are the best , bravo bravo🙏
Thanks a ton! Your support makes all the difference 💙
Amazing video. you basically answered all my questions!
Thank you for the appreciation. You can check our videos related to DevOps and subscribe to our channel to stay updated with all the latest tools.
In order to ping host itself one might need to bring loopback iface UP. Also to ping link host specify netmask /24 explicitly when you add your IP address, otherwise you might get "Network is unreachable" error.
And if you already have this error and want to delete the incorrect IP address: ip -n red addr del 192.168.15.1/32 dev veth-red
you are life saver man. Thanks
Thank you this fixed it for me :D
To be more exact, first, as Stani said, delete the address you added to the interface:
ip -n red addr del 192.168.15.1/32 dev veth-red
Then, rerun the command that was featured in the tutorial except that you explicitly add the /24 at the end of the IP:
ip -n red addr add 192.168.15.1/24 dev veth-red
wow, really high level content, tks a lot for this.
Glad you enjoyed it!
Appreciated, very simple and effective...
Glad it helped. Please subscribe to our channel for more such videos 😊
Great Explanation !!
This is great great explanation!!
Thanks👍
Please subscribe and encourage us to provide more such quality content.
Excellent, that all I can say, THANK YOU
Glad you enjoyed it!
After ensuring the prefix was ip/netmask I also had to add an ip in the same range as the namespaces to the vswitch or "bridge" which was confusing since nothing is being routed.
sudo ip addr add / dev
You can also set this to n.n.n.0/
This is actually explained so well
I was trying to execute below and stuck at 13:12
sudo iptables -t nat -A POSTROUTING -s 192.168.15.0/24 -j MASQUERADE
sudo ip netns exec blue ping 192.168.0.3 --> still no response back. Any suggestions as to why? Thanks for the excellent video.
Fantastic Video
Thank you very much!
best 15 minutes I've spent today! thanks!
Awesome video!!! Keep it up.
Thnks for informative vedio, this clear lots of thing for me regarding namespaces
Nice explanation
Great visuals
Thanks a lot!
Great work ! This video deserves more thumb up! Thank you very much.
This is so damn good! Well explained and easy to follow.! Great source, thanks!
Thanks!😊😊😊
Thank you for explaining this.
I feel I have a much greater understanding of this topic as a result of this video.
This man is a genious.
Thanks!😊😊😊 Please subscribe to our channel for more such amazing videos.
this is really awesome explaination
Well done! It seems like a too simple, too basic tutorial, but actually it covers, in an extremely simple way, so many important facts (I would say everything for the basic communication between namespaces/host/internal/external networks).
Hello, thank you for watching our video. We are glad that you liked our video. Do subscribe and stay connected with us. Cheers :)
Like @Honey Bee below I had to add full CIDR address. Also make sure all network interfaces are up e.g. sudo ip link set veth-blue-br up etc. This is not shown in the video
Amazing video
Thanks! Please subscribe to the channel and support us.
Fantastic video! So short, down to the point. Thank you! Subscribed.
Hi Mumshad,
Thank soo much for video took me weeks to understand everything which you amazingly covered in just 15min.
If possible also touch CI/CD pipeline (Jenkins) auto deployment networks within containers
May Allah always bless you
Excellent explanations. Super liked it... Thank you so much for this.
it is amazing🎉🎉🎉 thank you very much
Awesome explanation! Thanks for all the hard work. Appreciate your effort.
If you can't ping after the iptables rule (at 13:20), then it is probably because you have to enable IP forwarding. You can easily do it with this command:
sysctl -w net.ipv4.ip_forward=1
For your reference: kubernetes.io/docs/setup/production-environment/container-runtimes/#forwarding-ipv4-and-letting-iptables-see-bridged-traffic
That is completely perfect! Thank you vary much.
It looks like that it's worth enough following this channel.
Please update your video with proper commands for creating second interface and bridging two namespaces as well , Thanks!
Hey Bozhan, thank you for watching our video and for the honest feedback. We will definitely look into this. Do subscribe, like and share to stay connected with us. Cheers :)
is it possible to create the bridge network in a namespace instead?
so does this work for unprivileged container as well?
"Please refer this link:
subscription.packtpub.com/book/cloud-&-networking/9781785888243/6/ch06lvl1sec44/unprivileged-versus-privileged-containers"
Hi, It's an amazing summary! I was wondering if this method can be used to run separate programs in the separate namespaces and when I communicate with an outside API, will the API see separate IP addresses as well or will se the same since it's coming from the same Bridge and host?
Thanks!
If you create a new network namespace and run a process in it, the process will have its own network stack and IP address. If you use a network namespace with a shared network stack, then the namespace and the host will share the same network stack and IP address.
Thanks ,wonderful explanation !!
wow. Great explanation. thanks for putting this together.
I got some error when applying the PORT Forwarding rules and resolved it by changing `iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.15.2:80`.
Many thanks for the great explanation, is it the same to link a Veth to a container than to a name space? Can you explain it using LXD please?
Fantastic video...thank you.
Great content tbh 👍🏾👍🏾👍🏾
Great explanation. Much appreciated!
you are the best!!!
Glad 🙂. Please subscribe and encourage us to provide more such quality content.
very well explained, great job!
very good video
I needed to add /24 to the end of the ip's for this to work.
ip -n red addr add 192.168.15.2/24 dev veth-red
ip -n blue addr add 192.168.15.3/24 dev veth-blue
excellent job
Pinging from one namespace (via bridge) to another doesn't work for me, if I have docker installed in my system. Do the docker's iptable rules interfere here? arp though shows the peers' entries in respective namespaces
I have exact the same issue. Are you able to solve the issue?
Make sure veth-red-br and veth-blue-br are up (in my case I had to manualy turn them on (ip link set dev veth-red-br up, ip link set dev veth-blue-br up).
Great explanation!! Thanks.
How can you make ns persistent across reboots.