Linux Network Namespaces

The Linux Network Namespace (netns) is a feature within the 2.6.27+ Linux kernel. Normally a Linux process will run within a network namespace. By default this is inherited from its parent process. Network namespaces allow for the process to run within a different network namespace. This allows  for virtual instances of the Linux network stack each with its own routes, firewall rules and network devices.

A great example of network namespaces in use can be seen within OpenStack Neutron.  Neutron, the networking component of OpenStack uses network namespaces  to provide network isolation between tenants.

LIST NameSpaces

First of all to list the current namespaces the ip netns list command is used.

[email protected]:~# ip netns list
qrouter-e945b6b1-54be-49ef-95ed-5d524d2f3616
qdhcp-dae14f7d-c7f9-4dbc-9635-603f0fbc3f09

EXEC Namespace

To execute a command within the namespace the command ip netns <namespace_id> <command>.

[email protected]:~# ip netns exec qrouter-e945b6b1-54be-49ef-95ed-5d524d2f3616 ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

qg-e5b9712e-b0 Link encap:Ethernet  HWaddr fa:16:3e:a7:8a:df
          inet addr:172.16.100.30  Bcast:172.16.100.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fea7:8adf/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:384847 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:62660634 (62.6 MB)  TX bytes:1200 (1.2 KB)

qr-76de6d23-a8 Link encap:Ethernet  HWaddr fa:16:3e:32:78:9d
          inet addr:10.1.1.1  Bcast:10.1.1.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe32:789d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:266390 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:51963537 (51.9 MB)  TX bytes:864 (864.0 B)

Some typical Linux network commands that can be used are,

• ip route list – display routes
• ip addr list – display ip addresses
• ifconfig – display ip addresses (different format to the above)
• iptables -vnL – display the stats and chains for your running iptables

Additional Commands

This example touches only on the listing and exec of the network namespaces. There are other commands available such as creating and removing namespaces. Further details on these commands can be found here.

Usage: ip netns list
       ip netns add NAME
       ip netns delete NAME
       ip netns identify PID
       ip netns pids NAME
       ip netns exec NAME cmd ...
       ip netns monitor

Additional Links

• http://www.opencloudblog.com/?p=42
• https://lwn.net/Articles/580893/
• http://man7.org/linux/man-pages/man8/ip-netns.8.html

• Author
• Recent Posts

Rick Donato

Rick Donato is a Network Automation Architect/Evangelist and the founder of Packet Coders.

Latest posts by Rick Donato (see all)

• How to Configure a BIND Server on Ubuntu - March 15, 2018
• What is a BGP Confederation? - March 6, 2018
• Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018

Want to become a Linux expert?

Here is our hand-picked selection of the best courses you can find online:
Linux Mastery course
Linux Administration Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial