Skip to content

Instantly share code, notes, and snippets.

@yuvalif

yuvalif/namespace-bridging.md

Last active August 27, 2018 09:55
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save yuvalif/541259f12a9d8c6886a9cb1424a6a07b to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save yuvalif/541259f12a9d8c6886a9cb1424a6a07b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
namespace-bridging.md

This is based on this blog post

Initial Stage

Create two namespaces:

sudo ip netns add ns1
sudo ip netns add ns2

Use a veth Pair

Create veth pair and set each side in each namespace:

sudo ip link add tap1 type veth peer name tap2
sudo ip link set tap1 netns ns1
sudo ip link set tap2 netns ns2

Bring both sides up:

sudo ip netns exec ns1 ip link set dev tap1 up
sudo ip netns exec ns2 ip link set dev tap2 up

Give IP addresses to both sides:

sudo ip netns exec ns1 ip addr add 172.16.0.1/24 dev tap1
sudo ip netns exec ns2 ip addr add 172.16.0.2/24 dev tap2

In two separate terminals, run:

sudo ip netns exec ns1 ping 172.16.0.2
sudo ip netns exec ns2 tcpdump -i tap2

Use a Linux Bridge with 2 veth Pairs

Create the bridge and bring it up:

sudo ip link add test-br type bridge
sudo ip link set dev test-tap up

Create 1st veth pair and set one side in namespace 1:

sudo ip link add tap3 type veth peer name br-tap3
sudo ip link set tap3 netns ns1

Attache the other side to the bridge:

sudo ip link set br-tap3 master test-br

Bring both sides up:

sudo ip netns exec ns1 ip link set dev tap3 up
sudo ip link set dev br-tap3 up

Create 2nd veth pair and set one side in namespace 2:

sudo ip link add tap4 type veth peer name br-tap4
sudo ip link set tap4 netns ns2

Attache the other side to the bridge:

sudo ip link set br-tap4 master test-br

Bring both sides up:

sudo ip netns exec ns2 ip link set dev tap4 up
sudo ip link set dev br-tap4 up

Give IP addresses to both sides:

sudo ip netns exec ns1 ip addr add 172.17.0.1/24 dev tap3
sudo ip netns exec ns2 ip addr add 172.17.0.2/24 dev tap4

In two separate terminals, run:

sudo ip netns exec ns1 ping 172.17.0.2
sudo tcpdump -i test-br

Use an OVS Bridge

Create the OVS bridge:

sudo ovs-vsctl add-br ovs-test-br

With 2 veth Pairs

Create 1st veth pair and set one side in namespace 1:

sudo ip link add tap5 type veth peer name br-tap5
sudo ip link set tap5 netns ns1

Add a port to the OVS bridge attached to one side of the 1st veth:

sudo ovs-vsctl add-port ovs-test-br br-tap5

Bring both sides up:

sudo ip netns exec ns1 ip link set dev tap5 up
sudo ip link set dev br-tap5 up

Create 2nd veth pair and set one side in namespace 2:

sudo ip link add tap6 type veth peer name br-tap6
sudo ip link set tap6 netns ns2

Add another port to the OVS bridge attached to one side of the 2nd veth:

sudo ovs-vsctl add-port ovs-test-br br-tap6

Bring both sides up:

sudo ip netns exec ns2 ip link set dev tap6 up
sudo ip link set dev br-tap6 up

Give IP addresses to both sides:

sudo ip netns exec ns1 ip addr add 172.18.0.1/24 dev tap5
sudo ip netns exec ns2 ip addr add 172.18.0.2/24 dev tap6

Run:

sudo ip netns exec ns1 ping 172.18.0.2

With Direct Connection

Add a port to the OVS bridge with internal interface:

sudo ovs-vsctl add-port ovs-test-br tap7 -- set Interface tap7 type=internal

Set the interface inside namespace 1 and bring it up:

sudo ip link set tap7 netns ns1
sudo ip netns exec ns1 ip link set dev tap7 up

Add another port to the OVS bridge with internal interface:

sudo ovs-vsctl add-port ovs-test-br tap8 -- set Interface tap8 type=internal

Set the interface inside namespace 2 and bring it up:

sudo ip link set tap8 netns ns2
sudo ip netns exec ns2 ip link set dev tap8 up

Give IP addresses to both sides:

sudo ip netns exec ns1 ip addr add 172.19.0.1/24 dev tap7
sudo ip netns exec ns2 ip addr add 172.19.0.2/24 dev tap8

Run:

sudo ip netns exec ns1 ping 172.19.0.2

TODO: configure bridge to sent NetFlow data

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment