Join Log in
Score:1
Eyal Solomon avatar Server

Linux ping between 2 network namespaces

gb flag
Eyal Solomon

Quiet new to Linux networking and couldn't find an answer for it on similar questions

Trying to create 2 namespaces and ping between them

ip netns add red;
ip netns add blue;

ip link add dev v-red type veth peer name v-blue;
ip link set dev v-red netns red;
ip link set dev v-blue netns blue;

ip netns exec red ip addr add 192.168.15.1 dev v-red;
ip netns exec blue ip addr add 192.168.15.2 dev v-blue;

ip netns exec red ip link set dev v-red up;
ip netns exec blue ip link set dev v-blue up;

ip netns exec red ping 192.168.15.2;
-> ping: connect: Network is unreachable

What I looked for when debugging

ip netns exec blue ifconfig
v-blue: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.15.2  netmask 255.255.255.255  broadcast 0.0.0.0

ip netns exec red ifconfig
v-red: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.15.1  netmask 255.255.255.255  broadcast 0.0.0.0
68
0 + 0
Score:2
Matthew Ife avatar Server
jo flag
Matthew Ife

The two devices sit in two different logical /32 networks and there is no route or routing table hinting at the manner by which to contact each host.

If you execute # ip netns exec red ip route get 192.168.15.2 it will answer with RTNETLINK answers: Network is unreachable. Because the routing table has no answer for how to send a packet to the 192.168.15.2/32 network.

If you add the routes in both directions however, this should act as hint that the two hosts are neighbours (more like directly connected peers technically) and the packets should send.

ip netns exec red ip route add 192.168.15.2/32 dev v-red
ip netns exec blue ip route add 192.168.15.1/32 dev v-blue

You can then print the routing table of one see how now a route is instructed.

ip netns exec blue ip route list
192.168.15.1 dev v-blue scope link

Be aware, its entirely valid to actually use a default route here instead (ip netns exec red ip route add default dev v-red) since that covers all hosts, not just the one you know exists on the other side, but for the sake of understanding what the problem is here I've added the specific hosts you were seeking to communicate with.

At this point, (firewalls permitting) pinging should work as expected.

0 + 0
Eyal Solomon avatar
gb flag
Eyal Solomon
Great explanation ! Very detailed and helped a lot
0
Reply
Score:1
avatar Server
pl flag
Brahim Gaabab

Every thing was explained by the above answer. I am trying to explain further by sketching your setup. You lack routing in each namespace, Just keep in mind that a namespace is a full instance of a TCP/IP routing stack (ARP, interfaces, routing, firewall rules, etc.).

Your setup

Hope this helps.

0 + 0
Eyal Solomon avatar
gb flag
Eyal Solomon
Thanks Brahim ! A detailed sketch is always helpful
0
Reply
Score:0
rakesh avatar Server
nr flag
rakesh

If your intention was to have red and blue namespaces in same network you might want to use following, which eliminates router.

ip netns exec red ip route add 192.168.15.2/24 dev v-red

ip netns exec blue ip route add 192.168.15.1/24 dev v-blue

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.