SlideShare uma empresa Scribd logo

Network namespaces

Marian Marinov
Marian Marinov

A brief introduction to the Linux Network Namespace

Engenharia
1 de 15
Baixar para ler offline
Network namespaceNetwork namespace Marian HackMan Marinov <mm@1h.com>
What it is?What it is? The most simple answer is: new network stack for your process
What it is?What it is? The most simple answer is: new network stack for your process Linux has one network stack... but with network namespaces it can spawn many instances of the same network code.
How it works?How it works? Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l eth0eth0 firewall:firewall: iptables -L -nviptables -L -nv
How it works?How it works? Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l eth0eth0 firewall:firewall: iptables -L -nviptables -L -nv Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l vlan1vlan1 firewall:firewall: iptables -L -nviptables -L -nv # ip netns add babylon5# ip netns add babylon5
How it works?How it works? Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l eth0eth0 firewall:firewall: iptables -L -nviptables -L -nv Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l eth0eth0 firewall:firewall: iptables -L -nviptables -L -nv Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l vlan3vlan3 firewall:firewall: iptables -L -nviptables -L -nv # ip netns add babylon5# ip netns add babylon5 # ip netns add stargate# ip netns add stargate
How it works?How it works? Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l eth0eth0 firewall:firewall: iptables -L -nviptables -L -nv Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l eth0eth0 firewall:firewall: iptables -L -nviptables -L -nv Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l vlan3vlan3 firewall:firewall: iptables -L -nviptables -L -nv # ip netns list# ip netns list babylon5babylon5 stargatestargate
How to enter in netns?How to enter in netns? Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l eth0eth0 firewall:firewall: iptables -L -nviptables -L -nv Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l eth0eth0 firewall:firewall: iptables -L -nviptables -L -nv Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l vlan3vlan3 firewall:firewall: iptables -L -nviptables -L -nv # ip netns exec stargate # ip netns exec stargate bashbash bash-4.3#bash-4.3# WhatWhat happened?happened?
How to enter in netns?How to enter in netns? root@terion:~# ip -0 a lroot@terion:~# ip -0 a l 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 655361: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: wwan0: <BROADCAST,MULTICAST> mtu 15002: wwan0: <BROADCAST,MULTICAST> mtu 1500 link/ether 02:80:37:ec:02:00 brd ff:ff:ff:ff:ff:fflink/ether 02:80:37:ec:02:00 brd ff:ff:ff:ff:ff:ff 3: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP>3: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500mtu 1500 link/ether f0:de:f1:81:0a:2a brd ff:ff:ff:ff:ff:fflink/ether f0:de:f1:81:0a:2a brd ff:ff:ff:ff:ff:ff 4: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP>4: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500mtu 1500 link/ether 08:11:96:03:b2:28 brd ff:ff:ff:ff:ff:fflink/ether 08:11:96:03:b2:28 brd ff:ff:ff:ff:ff:ff root@terion:~# ip netns exec stargate bashroot@terion:~# ip netns exec stargate bash bash-4.3# ip -0 a lbash-4.3# ip -0 a l 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
Moving devices?Moving devices? root@terion:~# ip link set dev eth0 netns stargateroot@terion:~# ip link set dev eth0 netns stargate root@terion:~# ip netns exec stargate bashroot@terion:~# ip netns exec stargate bash bash-4.3# ip -0 a lbash-4.3# ip -0 a l 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1group default qlen 1 link/loopback 00:00:00:00:00:00 brdlink/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:0000:00:00:00:00:00 3: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc3: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000noop state DOWN group default qlen 1000 link/ether f0:de:f1:81:0a:2a brd ff:ff:ff:ff:ff:fflink/ether f0:de:f1:81:0a:2a brd ff:ff:ff:ff:ff:ff
Connect themConnect them Create veth pair devices:Create veth pair devices: # ip link add veth0 type veth peer name veth1# ip link add veth0 type veth peer name veth1 Add veth1 to stargate network namespaceAdd veth1 to stargate network namespace # ip link set veth1 netns stargate# ip link set veth1 netns stargate Add veth0 to babylon5 network namespace AS eth0Add veth0 to babylon5 network namespace AS eth0 # ip link set veth0 netns babylon5# ip link set veth0 netns babylon5 name eth0name eth0
Connect themConnect them # ip netns exec stargate bash# ip netns exec stargate bash bash-4.3# ip lbash-4.3# ip l 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 11: veth1@if12: <BROADCAST,MULTICAST> mtu 150011: veth1@if12: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWNqdisc noop state DOWN link/ether f2:19:34:1d:e2:dd brd ff:ff:ff:ff:ff:fflink/ether f2:19:34:1d:e2:dd brd ff:ff:ff:ff:ff:ff
Connect themConnect them root@terion:~# ip netns exec babylon5 bashroot@terion:~# ip netns exec babylon5 bash bash-4.3# ip lbash-4.3# ip l 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 12: eth0@if11: <BROADCAST,MULTICAST> mtu 150012: eth0@if11: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWNqdisc noop state DOWN link/ether 6a:82:05:98:f2:c2 brd ff:ff:ff:ff:ff:fflink/ether 6a:82:05:98:f2:c2 brd ff:ff:ff:ff:ff:ff
Read the help :)Read the help :) root@terion:~# ip netns helproot@terion:~# ip netns help Usage: ip netns listUsage: ip netns list ip netns add NAMEip netns add NAME ip netns delete NAMEip netns delete NAME ip netns identify [PID]ip netns identify [PID] ip netns pids NAMEip netns pids NAME ip netns exec NAME cmd ...ip netns exec NAME cmd ... ip netns monitorip netns monitor
Thank YouThank You IRC: irc.freenode.net hackman ICQ: 7556201 Jabber: hackman@jabber.com E-Mail: mm@1h.com

Recomendados

Linux network namespaces
Linux network namespacesLinux network namespaces
Linux network namespaces
Mike Wilson
 
Reflink
ReflinkReflink
Reflink
The Linux Foundation
 
VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話
upaa
 
GlusterFS Update and OpenStack Integration
GlusterFS Update and OpenStack IntegrationGlusterFS Update and OpenStack Integration
GlusterFS Update and OpenStack Integration
Etsuji Nakai
 
Make container without_docker_7
Make container without_docker_7Make container without_docker_7
Make container without_docker_7
Sam Kim
 
Docker - A Ruby Introduction
Docker - A Ruby IntroductionDocker - A Ruby Introduction
Docker - A Ruby Introduction
Tyler Johnston
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan Drivers
Brent Salisbury
 
Inside Docker for Fedora20/RHEL7
Inside Docker for Fedora20/RHEL7Inside Docker for Fedora20/RHEL7
Inside Docker for Fedora20/RHEL7
Etsuji Nakai
 

Recomendados

Linux network namespaces
Linux network namespacesLinux network namespaces
Linux network namespaces
Mike Wilson
 
Reflink
ReflinkReflink
Reflink
The Linux Foundation
 
VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話
upaa
 
GlusterFS Update and OpenStack Integration
GlusterFS Update and OpenStack IntegrationGlusterFS Update and OpenStack Integration
GlusterFS Update and OpenStack Integration
Etsuji Nakai
 
Make container without_docker_7
Make container without_docker_7Make container without_docker_7
Make container without_docker_7
Sam Kim
 
Docker - A Ruby Introduction
Docker - A Ruby IntroductionDocker - A Ruby Introduction
Docker - A Ruby Introduction
Tyler Johnston
 
Docker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan DriversDocker Networking with New Ipvlan and Macvlan Drivers
Docker Networking with New Ipvlan and Macvlan Drivers
Brent Salisbury
 
Inside Docker for Fedora20/RHEL7
Inside Docker for Fedora20/RHEL7Inside Docker for Fedora20/RHEL7
Inside Docker for Fedora20/RHEL7
Etsuji Nakai
 
Meet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingMeet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracing
Viller Hsiao
 
Library Operating System for Linux #netdev01
Library Operating System for Linux #netdev01Library Operating System for Linux #netdev01
Library Operating System for Linux #netdev01
Hajime Tazaki
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containers
Kernel TLV
 
Linux Container Technology inside Docker with RHEL7
Linux Container Technology inside Docker with RHEL7Linux Container Technology inside Docker with RHEL7
Linux Container Technology inside Docker with RHEL7
Etsuji Nakai
 
Linux Containers From Scratch: Makfile MicroVPS
Linux Containers From Scratch: Makfile MicroVPSLinux Containers From Scratch: Makfile MicroVPS
Linux Containers From Scratch: Makfile MicroVPS
joshuasoundcloud
 
OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27
Kentaro Ebisawa
 
Small, Simple, and Secure: Alpine Linux under the Microscope
Small, Simple, and Secure: Alpine Linux under the MicroscopeSmall, Simple, and Secure: Alpine Linux under the Microscope
Small, Simple, and Secure: Alpine Linux under the Microscope
Docker, Inc.
 
Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015
Leonid Mirsky
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDP
lcplcp1
 
The Practice of Alluxio in Ctrip Bigdata Platform
The Practice of Alluxio in Ctrip Bigdata PlatformThe Practice of Alluxio in Ctrip Bigdata Platform
The Practice of Alluxio in Ctrip Bigdata Platform
Alluxio, Inc.
 
Fun with FUSE
Fun with FUSEFun with FUSE
Fun with FUSE
Kernel TLV
 
Fabric: A Capistrano Alternative
Fabric: A Capistrano AlternativeFabric: A Capistrano Alternative
Fabric: A Capistrano Alternative
Panoptic Development, Inc.
 
Building an inflight entertainment system controller in twisted
Building an inflight entertainment system controller in twistedBuilding an inflight entertainment system controller in twisted
Building an inflight entertainment system controller in twisted
David Novakovic
 
Server Locality Using Razor and LLDP - PuppetConf 2014
Server Locality Using Razor and LLDP - PuppetConf 2014Server Locality Using Razor and LLDP - PuppetConf 2014
Server Locality Using Razor and LLDP - PuppetConf 2014
Puppet
 
Docker network
Docker networkDocker network
Docker network
Mohammadreza Amini
 
Isolating an applications using LXC – Linux Containers
Isolating an applications using LXC – Linux ContainersIsolating an applications using LXC – Linux Containers
Isolating an applications using LXC – Linux Containers
Venkat Raman
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Michelle Antebi
 
Docker network Present in VietNam DockerDay 2015
Docker network Present in VietNam DockerDay 2015Docker network Present in VietNam DockerDay 2015
Docker network Present in VietNam DockerDay 2015
Van Phuc
 
Troubleshooting Tips from a Docker Support Engineer
Troubleshooting Tips from a Docker Support EngineerTroubleshooting Tips from a Docker Support Engineer
Troubleshooting Tips from a Docker Support Engineer
Jeff Anderson
 
Zfs replication overview
Zfs replication overviewZfs replication overview
Zfs replication overview
鵬 大
 
Why it is important to FAIL?
Why it is important to FAIL?Why it is important to FAIL?
Why it is important to FAIL?
Marian Marinov
 
Pulseaudio
PulseaudioPulseaudio
Pulseaudio
Marian Marinov
 

Mais conteúdo relacionado

Mais procurados

Linux Container Technology inside Docker with RHEL7
Linux Container Technology inside Docker with RHEL7Linux Container Technology inside Docker with RHEL7
Linux Container Technology inside Docker with RHEL7
Etsuji Nakai
 
Linux Containers From Scratch: Makfile MicroVPS
Linux Containers From Scratch: Makfile MicroVPSLinux Containers From Scratch: Makfile MicroVPS
Linux Containers From Scratch: Makfile MicroVPS
joshuasoundcloud
 
The Practice of Alluxio in Ctrip Bigdata Platform
The Practice of Alluxio in Ctrip Bigdata PlatformThe Practice of Alluxio in Ctrip Bigdata Platform
The Practice of Alluxio in Ctrip Bigdata Platform
Alluxio, Inc.
 
Docker network Present in VietNam DockerDay 2015
Docker network Present in VietNam DockerDay 2015Docker network Present in VietNam DockerDay 2015
Docker network Present in VietNam DockerDay 2015
Van Phuc
 

Mais procurados (20)

Meet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingMeet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracing
 
Library Operating System for Linux #netdev01
Library Operating System for Linux #netdev01Library Operating System for Linux #netdev01
Library Operating System for Linux #netdev01
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containers
 
Linux Container Technology inside Docker with RHEL7
Linux Container Technology inside Docker with RHEL7Linux Container Technology inside Docker with RHEL7
Linux Container Technology inside Docker with RHEL7
 
Linux Containers From Scratch: Makfile MicroVPS
Linux Containers From Scratch: Makfile MicroVPSLinux Containers From Scratch: Makfile MicroVPS
Linux Containers From Scratch: Makfile MicroVPS
 
OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27OVN 設定サンプル | OVN config example 2015/12/27
OVN 設定サンプル | OVN config example 2015/12/27
 
Small, Simple, and Secure: Alpine Linux under the Microscope
Small, Simple, and Secure: Alpine Linux under the MicroscopeSmall, Simple, and Secure: Alpine Linux under the Microscope
Small, Simple, and Secure: Alpine Linux under the Microscope
 
Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDP
 
The Practice of Alluxio in Ctrip Bigdata Platform
The Practice of Alluxio in Ctrip Bigdata PlatformThe Practice of Alluxio in Ctrip Bigdata Platform
The Practice of Alluxio in Ctrip Bigdata Platform
 
Fun with FUSE
Fun with FUSEFun with FUSE
Fun with FUSE
 
Fabric: A Capistrano Alternative
Fabric: A Capistrano AlternativeFabric: A Capistrano Alternative
Fabric: A Capistrano Alternative
 
Building an inflight entertainment system controller in twisted
Building an inflight entertainment system controller in twistedBuilding an inflight entertainment system controller in twisted
Building an inflight entertainment system controller in twisted
 
Server Locality Using Razor and LLDP - PuppetConf 2014
Server Locality Using Razor and LLDP - PuppetConf 2014Server Locality Using Razor and LLDP - PuppetConf 2014
Server Locality Using Razor and LLDP - PuppetConf 2014
 
Docker network
Docker networkDocker network
Docker network
 
Isolating an applications using LXC – Linux Containers
Isolating an applications using LXC – Linux ContainersIsolating an applications using LXC – Linux Containers
Isolating an applications using LXC – Linux Containers
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
 
Docker network Present in VietNam DockerDay 2015
Docker network Present in VietNam DockerDay 2015Docker network Present in VietNam DockerDay 2015
Docker network Present in VietNam DockerDay 2015
 
Troubleshooting Tips from a Docker Support Engineer
Troubleshooting Tips from a Docker Support EngineerTroubleshooting Tips from a Docker Support Engineer
Troubleshooting Tips from a Docker Support Engineer
 
Zfs replication overview
Zfs replication overviewZfs replication overview
Zfs replication overview
 

Destaque

Destaque (7)

Why it is important to FAIL?
Why it is important to FAIL?Why it is important to FAIL?
Why it is important to FAIL?
 
Pulseaudio
PulseaudioPulseaudio
Pulseaudio
 
Linux Containers
Linux ContainersLinux Containers
Linux Containers
 
Tools used for debugging
Tools used for debuggingTools used for debugging
Tools used for debugging
 
How penetration testing techniques can help you improve your qa skills
How penetration testing techniques can help you improve your qa skillsHow penetration testing techniques can help you improve your qa skills
How penetration testing techniques can help you improve your qa skills
 
LUG-BG - Kostadin Slavkov - PostgreSQL 10
LUG-BG - Kostadin Slavkov - PostgreSQL 10LUG-BG - Kostadin Slavkov - PostgreSQL 10
LUG-BG - Kostadin Slavkov - PostgreSQL 10
 
Protecting your home and office in the era of IoT
Protecting your home and office in the era of IoTProtecting your home and office in the era of IoT
Protecting your home and office in the era of IoT
 

Semelhante a Network namespaces

Semelhante a Network namespaces (20)

Power of linked list
Power of linked listPower of linked list
Power of linked list
 
Who pulls the strings?
Who pulls the strings?Who pulls the strings?
Who pulls the strings?
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting
 
Training open stack networking -neutron
Training open stack networking -neutronTraining open stack networking -neutron
Training open stack networking -neutron
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linux
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ng
 
Stupid iptables tricks
Stupid iptables tricksStupid iptables tricks
Stupid iptables tricks
 
Iptables presentation
Iptables presentationIptables presentation
Iptables presentation
 
Open stack advanced_part
Open stack advanced_partOpen stack advanced_part
Open stack advanced_part
 
Anatomy of neutron from the eagle eyes of troubelshoorters
Anatomy of neutron from the eagle eyes of troubelshoortersAnatomy of neutron from the eagle eyes of troubelshoorters
Anatomy of neutron from the eagle eyes of troubelshoorters
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
 
Nanog75, Network Device Property as Code
Nanog75, Network Device Property as CodeNanog75, Network Device Property as Code
Nanog75, Network Device Property as Code
 
IPv6 for Pentesters
IPv6 for PentestersIPv6 for Pentesters
IPv6 for Pentesters
 
IPv6 for Pentesters
IPv6 for PentestersIPv6 for Pentesters
IPv6 for Pentesters
 
Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1
 
Wuala, P2P Online Storage
Wuala, P2P Online StorageWuala, P2P Online Storage
Wuala, P2P Online Storage
 
TDC2016POA | Trilha Ruby - Stack Level too Deep e Tail Call Optimization: É u...
TDC2016POA | Trilha Ruby - Stack Level too Deep e Tail Call Optimization: É u...TDC2016POA | Trilha Ruby - Stack Level too Deep e Tail Call Optimization: É u...
TDC2016POA | Trilha Ruby - Stack Level too Deep e Tail Call Optimization: É u...
 
Netmcr 40 - Salt + Netbox + Vyos = Network Automation + Routing Security
Netmcr 40 - Salt + Netbox + Vyos = Network Automation + Routing SecurityNetmcr 40 - Salt + Netbox + Vyos = Network Automation + Routing Security
Netmcr 40 - Salt + Netbox + Vyos = Network Automation + Routing Security
 
Ansible 實戰:top down 觀點
Ansible 實戰:top down 觀點Ansible 實戰:top down 觀點
Ansible 實戰:top down 觀點
 
Islands: Puppet at Bulletproof Networks
Islands: Puppet at Bulletproof NetworksIslands: Puppet at Bulletproof Networks
Islands: Puppet at Bulletproof Networks
 

Mais de Marian Marinov

Mais de Marian Marinov (20)

Dev.bg DevOps March 2024 Monitoring & Logging
Dev.bg DevOps March 2024 Monitoring & LoggingDev.bg DevOps March 2024 Monitoring & Logging
Dev.bg DevOps March 2024 Monitoring & Logging
 
Basic presentation of cryptography mechanisms
Basic presentation of cryptography mechanismsBasic presentation of cryptography mechanisms
Basic presentation of cryptography mechanisms
 
Microservices: Benefits, drawbacks and are they for me?
Microservices: Benefits, drawbacks and are they for me?Microservices: Benefits, drawbacks and are they for me?
Microservices: Benefits, drawbacks and are they for me?
 
Introduction and replication to DragonflyDB
Introduction and replication to DragonflyDBIntroduction and replication to DragonflyDB
Introduction and replication to DragonflyDB
 
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQ
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQMessage Queuing - Gearman, Mosquitto, Kafka and RabbitMQ
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQ
 
How to successfully migrate to DevOps .pdf
How to successfully migrate to DevOps .pdfHow to successfully migrate to DevOps .pdf
How to successfully migrate to DevOps .pdf
 
How to survive in the work from home era
How to survive in the work from home eraHow to survive in the work from home era
How to survive in the work from home era
 
Managing sysadmins
Managing sysadminsManaging sysadmins
Managing sysadmins
 
Improve your storage with bcachefs
Improve your storage with bcachefsImprove your storage with bcachefs
Improve your storage with bcachefs
 
Control your service resources with systemd
Control your service resources with systemd Control your service resources with systemd
Control your service resources with systemd
 
Comparison of-foss-distributed-storage
Comparison of-foss-distributed-storageComparison of-foss-distributed-storage
Comparison of-foss-distributed-storage
 
Защо и как да обогатяваме знанията си?
Защо и как да обогатяваме знанията си?Защо и как да обогатяваме знанията си?
Защо и как да обогатяваме знанията си?
 
Securing your MySQL server
Securing your MySQL serverSecuring your MySQL server
Securing your MySQL server
 
Sysadmin vs. dev ops
Sysadmin vs. dev opsSysadmin vs. dev ops
Sysadmin vs. dev ops
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKDoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDK
 
Challenges with high density networks
Challenges with high density networksChallenges with high density networks
Challenges with high density networks
 
SiteGround building automation
SiteGround building automationSiteGround building automation
SiteGround building automation
 
Preventing cpu side channel attacks with kernel tracking
Preventing cpu side channel attacks with kernel trackingPreventing cpu side channel attacks with kernel tracking
Preventing cpu side channel attacks with kernel tracking
 
Managing a lot of servers
Managing a lot of serversManaging a lot of servers
Managing a lot of servers
 
Let's Encrypt failures
Let's Encrypt failuresLet's Encrypt failures
Let's Encrypt failures
 

Último

Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Call Girls in Nagpur High Profile
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Kandungan 087776558899
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssuser89054b
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
MsecMca
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 

Último (20)

Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
Intro To Electric Vehicles PDF Notes.pdf
Intro To Electric Vehicles PDF Notes.pdfIntro To Electric Vehicles PDF Notes.pdf
Intro To Electric Vehicles PDF Notes.pdf
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
 
NFPA 5000 2024 standard .
NFPA 5000 2024 standard .NFPA 5000 2024 standard .
NFPA 5000 2024 standard .
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
 

Network namespaces

  • 1. Network namespaceNetwork namespace Marian HackMan Marinov <mm@1h.com>
  • 2. What it is?What it is? The most simple answer is: new network stack for your process
  • 3. What it is?What it is? The most simple answer is: new network stack for your process Linux has one network stack... but with network namespaces it can spawn many instances of the same network code.
  • 4. How it works?How it works? Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l eth0eth0 firewall:firewall: iptables -L -nviptables -L -nv
  • 5. How it works?How it works? Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l eth0eth0 firewall:firewall: iptables -L -nviptables -L -nv Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l vlan1vlan1 firewall:firewall: iptables -L -nviptables -L -nv # ip netns add babylon5# ip netns add babylon5
  • 6. How it works?How it works? Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l eth0eth0 firewall:firewall: iptables -L -nviptables -L -nv Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l eth0eth0 firewall:firewall: iptables -L -nviptables -L -nv Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l vlan3vlan3 firewall:firewall: iptables -L -nviptables -L -nv # ip netns add babylon5# ip netns add babylon5 # ip netns add stargate# ip netns add stargate
  • 7. How it works?How it works? Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l eth0eth0 firewall:firewall: iptables -L -nviptables -L -nv Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l eth0eth0 firewall:firewall: iptables -L -nviptables -L -nv Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l vlan3vlan3 firewall:firewall: iptables -L -nviptables -L -nv # ip netns list# ip netns list babylon5babylon5 stargatestargate
  • 8. How to enter in netns?How to enter in netns? Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l eth0eth0 firewall:firewall: iptables -L -nviptables -L -nv Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l eth0eth0 firewall:firewall: iptables -L -nviptables -L -nv Linux Network StackLinux Network Stack devices:devices: routing:routing: lolo ip r lip r l vlan3vlan3 firewall:firewall: iptables -L -nviptables -L -nv # ip netns exec stargate # ip netns exec stargate bashbash bash-4.3#bash-4.3# WhatWhat happened?happened?
  • 9. How to enter in netns?How to enter in netns? root@terion:~# ip -0 a lroot@terion:~# ip -0 a l 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 655361: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: wwan0: <BROADCAST,MULTICAST> mtu 15002: wwan0: <BROADCAST,MULTICAST> mtu 1500 link/ether 02:80:37:ec:02:00 brd ff:ff:ff:ff:ff:fflink/ether 02:80:37:ec:02:00 brd ff:ff:ff:ff:ff:ff 3: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP>3: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500mtu 1500 link/ether f0:de:f1:81:0a:2a brd ff:ff:ff:ff:ff:fflink/ether f0:de:f1:81:0a:2a brd ff:ff:ff:ff:ff:ff 4: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP>4: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500mtu 1500 link/ether 08:11:96:03:b2:28 brd ff:ff:ff:ff:ff:fflink/ether 08:11:96:03:b2:28 brd ff:ff:ff:ff:ff:ff root@terion:~# ip netns exec stargate bashroot@terion:~# ip netns exec stargate bash bash-4.3# ip -0 a lbash-4.3# ip -0 a l 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  • 10. Moving devices?Moving devices? root@terion:~# ip link set dev eth0 netns stargateroot@terion:~# ip link set dev eth0 netns stargate root@terion:~# ip netns exec stargate bashroot@terion:~# ip netns exec stargate bash bash-4.3# ip -0 a lbash-4.3# ip -0 a l 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1group default qlen 1 link/loopback 00:00:00:00:00:00 brdlink/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:0000:00:00:00:00:00 3: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc3: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000noop state DOWN group default qlen 1000 link/ether f0:de:f1:81:0a:2a brd ff:ff:ff:ff:ff:fflink/ether f0:de:f1:81:0a:2a brd ff:ff:ff:ff:ff:ff
  • 11. Connect themConnect them Create veth pair devices:Create veth pair devices: # ip link add veth0 type veth peer name veth1# ip link add veth0 type veth peer name veth1 Add veth1 to stargate network namespaceAdd veth1 to stargate network namespace # ip link set veth1 netns stargate# ip link set veth1 netns stargate Add veth0 to babylon5 network namespace AS eth0Add veth0 to babylon5 network namespace AS eth0 # ip link set veth0 netns babylon5# ip link set veth0 netns babylon5 name eth0name eth0
  • 12. Connect themConnect them # ip netns exec stargate bash# ip netns exec stargate bash bash-4.3# ip lbash-4.3# ip l 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 11: veth1@if12: <BROADCAST,MULTICAST> mtu 150011: veth1@if12: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWNqdisc noop state DOWN link/ether f2:19:34:1d:e2:dd brd ff:ff:ff:ff:ff:fflink/ether f2:19:34:1d:e2:dd brd ff:ff:ff:ff:ff:ff
  • 13. Connect themConnect them root@terion:~# ip netns exec babylon5 bashroot@terion:~# ip netns exec babylon5 bash bash-4.3# ip lbash-4.3# ip l 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 12: eth0@if11: <BROADCAST,MULTICAST> mtu 150012: eth0@if11: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWNqdisc noop state DOWN link/ether 6a:82:05:98:f2:c2 brd ff:ff:ff:ff:ff:fflink/ether 6a:82:05:98:f2:c2 brd ff:ff:ff:ff:ff:ff
  • 14. Read the help :)Read the help :) root@terion:~# ip netns helproot@terion:~# ip netns help Usage: ip netns listUsage: ip netns list ip netns add NAMEip netns add NAME ip netns delete NAMEip netns delete NAME ip netns identify [PID]ip netns identify [PID] ip netns pids NAMEip netns pids NAME ip netns exec NAME cmd ...ip netns exec NAME cmd ... ip netns monitorip netns monitor
  • 15. Thank YouThank You IRC: irc.freenode.net hackman ICQ: 7556201 Jabber: hackman@jabber.com E-Mail: mm@1h.com