Menu
Helo everyone, i am occasional linux user, but i have a project to do and i need some help with bridging :)
I have tried with google, but didn't solve the problem.
My task is to create network namespace, so it can be used to perform some other tasks from it.
Debian 8.2 is used in VMWare virtual machine on windows 7. I have also tried same things on Raspberry Pi 2, but same problems appear.
First, i have followed tutorial https://lwn.net/Articles/580893/ to create pair of virtual ethernet interfaces. So now i have veth0 in global namespace with ip address 10.1.1.2/24, and veth1 in netns1 namespace with ip address 10.1.1.1/24.
Next, i have followed tutorial http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge to bridge eth0 and veth0, so i can access internet from netns1 namespace.
First, i have deleted ip addresses for both eth0 and veth0 interfaces, and set them do DOWN state.
New bridge is created (br0) and both interfaces (eth0 and veth0) are added to it.
Then both interfaces are set to UP state, and i run "dhclient br0" to assign ip address to br0.
From global namespace now it is possible to run "ping google.com", but from netns1 namespace i get error "Network is unreachable". (I suppose there is problem with routes, i have tried with adding some default routes to netns1 namespace, but no luck. My network knowledge is modest, so i'm asking for help.)
$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether 00:0c:29:45:b6:1d brd ff:ff:ff:ff:ff:ff
4: veth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether 86:e4:6c:02:b6:79 brd ff:ff:ff:ff:ff:ff
inet6 fe80::84e4:6cff:fe02:b679/64 scope link
valid_lft forever preferred_lft forever
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 00:0c:29:45:b6:1d brd ff:ff:ff:ff:ff:ff
inet 192.168.178.135/24 brd 192.168.178.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe45:b61d/64 scope link
valid_lft forever preferred_lft forever
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.178.2 0.0.0.0 UG 0 0 0 br0
default 192.168.178.2 0.0.0.0 UG 1024 0 0 br0
192.168.178.0 * 255.255.255.0 U 0 0 0 br0
$ ip netns exec netns1 ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: veth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether ee:b8:f3:47:f7:0c brd ff:ff:ff:ff:ff:ff
inet 10.1.1.1/24 brd 10.1.1.255 scope global veth1
valid_lft forever preferred_lft forever
inet6 fe80::ecb8:f3ff:fe47:f70c/64 scope link
valid_lft forever preferred_lft forever
$ ip netns exec netns1 route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.1.1.0 * 255.255.255.0 U 0 0 0 veth1
$ brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000c2945b61d no eth0
veth0
Thanks in advance for help :)
237
A network namespace is a logical copy of the network stack from the host system. Network namespaces are useful for setting up containers or virtual environments. Each namespace has its own IP addresses, network interfaces, routing tables, and so forth.
A Linux bridge is a kernel module that behaves like a network switch, forwarding packets between interfaces that are connected to it. It's usually used for forwarding packets on routers, on gateways, or between VMs and network namespaces on a host.
“Namespaces are a feature of the Linux kernel that partitions kernel resources such that one set of processes sees one set of resources while another set of processes sees a different set of resources.” In other words, the key feature of namespaces is that they isolate processes from each other.
veth devices are always created in interconnected pairs. A pair can be created using the command: # ip link add <p1-name> type veth peer name <p2-name> In the above, p1-name and p2-name are the names assigned to the two connected end points.
The network namespace is only used for NAT and is where the veth IPs are set, the other end will act like a patch cable without an IP. The VMs are only connected into their respective bridge (e.g. virbr0) and can talk to the network namespace over the veth patch.
By adding those interfaces between bridges and/or namespaces, you create a link between them. The network namespace is only used for NAT and is where the veth IPs are set, the other end will act like a patch cable without an IP.
How to Bridge My Network Adapters 1 Use the Windows key + X to open the Power User menu and select Network Connections. 2 Select both, the network adapter that connects to the internet and the adapter you want to use in the bridge connection. 3 Right-click the selection and click Bridge Connections. See More....
The VMs are only connected into their respective bridge (e.g. virbr0) and can talk to the network namespace over the veth patch. We will use two pairs for each network namespace.
I have found solution.
Basically, ip forward was missing, along with 2 more steps (i have tried them before, but because of ip forward wasn't enabled, it wasn't working).
Here steps for future readers (after making bridge to work in global namespace ):
56
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
