I cannot ping to the default network namespace from a KVM QEMU VM running in a separate network namespace.
Here is my setup:
ip netns add test-ns
# Creating veth
ip link add if-in-ns type veth peer name if-notin-ns
# Default namespace
ip link addr add 10.21.0.10/24 dev if-notin-ns
ip link set dev if-notin-ns up
# Test-ns namespace
ip link set dev if-in-ns netns test-ns
ip netns exec test-ns ip addr add 10.21.0.20/24 dev if-in-ns
ip netns exec test-ns ip link set dev if-in-ns up
# Creating a tap device in the namespace
ip netns exec test-ns ip tuntap add tap0 mode tap
ip netns exec test-ns ip addr add 10.0.2.2/24 dev tap0
ip netns exec test-ns ip link set dev tap0 up
# Create route to 10.0.2.0/24 if default namespace:
ip route add 10.0.2.0/24 dev if-notin-ns
# Run VM
ip netns exec test-ns qemu-system-x86_64 -drive file=img.qcow2,format=qcow2,media=disk -accel kvm -cpu host -m 2G -netdev tap,id=vm0,ifname=tap0,script=no,downscript=no -device virtio-net-pci,netdev=vm0,mac=52:54:77:6a:cc:02
And these are the results:
# In default namespace:
ping 10.21.0.20 # Works
ping 10.0.2.2 # Works
ping 10.0.2.3 # Doesn't work
# In test-ns namespace:
ping 10.21.0.10 # Works
ping 10.0.2.3 # Works
# Inside the image:
ping 10.0.2.2 # Works
ping 10.21.0.20 # Works
ping 10.21.0.10 # Doesn't work
So the VM can ping dev if-in-ns and dev if-in-ns can ping its peer if-notin-ns. I thought this means the VM should be able to ping dev if-notin-ns as well, but it can't. What am I misunderstanding?
Edit: Comment to Salim Aljayousi answer:
The namespace test-ns already has a route to reach the default namespace via the dev if-in-ns:
ip netns exec test-ns ip route
10.0.2.0/24 dev tap0 proto kernel scope link src 10.0.2.2
10.21.0.0/24 dev if-in-ns proto kernel scope link src 10.21.0.20
If I remove that one and add the one you suggest:
ip netns exec ns ip route del 10.21.0.0/24 dev if-in-ns
ip netns exec ns ip route add 10.21.0.0/24 dev tap0
Then within the VM I get:
ping 10.21.0.10
From 10.0.2.2 icmp_seq=1 Redirect Host(New nexthop: 10.21.0.10) ```
