In this article, we will be looking into setting up networking on a linux box from scratch.
We will be creating a fresh new VM using Lima on macOS. You can create a new VM using VirtualBox, Vagrant, or even create a VM on OCI for free.
Isolation based on Network Namespace
The common thing that constitutes a network stack includes the:
- Network Devices
- Routing Rules
- Netfilter Hooks
We can create a non-comprehensive inspect-net-stack script.
#!/usr/bin/env bash
After the execution of the inspect script on my machine produces the following input:
> Network
> Route
> Iptables
We want to make sure that each of the containers we are going to create soon will get a separate network stack.
Linux namespaces used for container isolation are called network namespaces. We won't be creating the fully isolated container, rather restrict the scope to only the network stack. One of the ways to create a network stack is by using the ip tool, part of iproute2
We have a new network namespace but to start using the network namespace, We can use a command called nsenter. It enters one or more of the specified namespaces and then executes the given program:
# This is create a new bash process under netns0 namespace
> Network
> Route
> Iptables
As you can see from the above output, the bash process running inside the netns0 namespace sees a different network stack. There are no routing rules and no custom iptables chain. Only one loopback device (lo).
Beware: The nsenter command from above started a nested bash session in the netns0 network namespace. Don't forget to exit from it.
In the upcoming posts, I will discuss connecting the host with this namespace. Interconnecting various network switches, Just like patching the physical switch with a LAN cable.