Introduction to Linux Network Namespaces

Video is ready, Click Here to View ×

An introduction to Linux network namespaces.
Twitter: @davidmahler

This video is lab style in that you can follow along on your own system or just watch. I walk through 2 examples mimicking how Mininet emulates hosts and how OpenStack provides DHCP services (they both use network namespaces)

My Intro to OVS video –
My Intro to Mininet video -…


  1. For assigning dynamic ip addresses to 2 clients (red and green) you created two DHCP processes in isolated namespaces, my question is why didn't you created two DHCP processes inside each of isolated client? why you created outside the clients?

  2. Thank you for your video. could you please help with this question: I encountered with a problem with the simplest lab: I created three cirros instance​s in openstack and through CLI I created 2 namespaces Red and Green. I chosen ovs's qvo interfaces of two cirros VM and apply them to RED namespace (I found them using Nova interface-list instance_id). I applied IP address and .2 respectively on those VMs, but they cannot ping each other. I see only ARP request without ARP reply. How do you think what's the problem in such behavior? Why two instances being in the same namespace cannot reach each other?

  3. Great video David. Very impressed with all your content so far, keep up the good work 🙂

    Workaround for tap interface problem on later versions of OVS

    Like others I've had issues with the tap interface in a later version of OVS. Simply adding the tap interface manually doesn't seem to connect it to the vswitch when you make it an internal interface, and the tap interface never comes up (NO_CARRIER) after being fully configured and moved into the dhcp-r namespace.

    I have a workaround, but its a little odd. Either there's a bug somewhere, or my understanding of OVS/tap interfaces is even more limited than I thought… Anyway, this works for some reason:

    1) In the root namespace "ip tuntap add mode tap tap-r" (creates a tap interface)
    2) ovs-vsctl add-port OVS1 tap-r (adds it to the vswitch)
    3) ip link set tap-r netns dhcp-r (move the tap interface to the dhcp-r namespace, but *before changing the interface type / port tag*)

    Now things get weird…

    4) ovs-vsctl set interface tap-r type=internal (sets the tap-r interface to internal but actually creates a new tap-r interface in the root namespace. Since there's a "tap-r" already listed OVS doesn't generate an error. However, this tap-r is actually connected and can be brought up later)
    5) ovs-vsctl set port tap-r tag=100
    6) ip netns exec dhcp-r ip tuntap del mode tap tap-r (delete the original tap interface that we moved to dhcp-r)
    7) ip link set tap-r netns dhcp-r (move the new, connected tap-r to the dhcp-r namespace)
    8) continue with the rest of the config (ie bringing the interfaces up, dnsmasq config and enabling the red namespace dhclient)

    The process can be repeated for the tap-g interface and dhcp-g namespace.

    Not sure what's going on here really, particularly why a new tap interface is created when you set the interface type to internal after moving it to a different namespace… but after a lot of trial and error this is the only way I got the tap interface to come up with OVS version 2.5.2 and Ubuntu 16.04.02.

  4. Great video, Dave. But what I dont understand is where does one go to learn all these commands? And do admins really spend countless hours with all this tedious stuff? Manipulating CLI like this, although impressive, seems absolutely primitive and overbearing. How is it really done in the "real world," where hundreds of tenants exist, with thousands of OVS instances and workloads??

  5. on running this command:
    ovs-vsctl add-port ovs1 tap-r

    i get the following error:
    ovs-vsctl: Error detected while setting up 'tap-r'. See ovs-vswitchd log for details.

    Also somehow its still creating tap-r in the namespace but while running command:
    ip link set tap-r netns dhcp-g

    it shows following error:
    RTNETLINK answers: Invalid argument

    – i still see tap-r and tap-g in my root namespace
    WHY???? Please Help!

  6. Thank you very much for this difficult subject to explain in such lucid way with practical details.
    I have installed ovs 2.6 on centos 7.2. Everything worked except last step to get dhcp ip address on second nameapce green. I had to kill dhclient process.

    #ip netns exec green dhclient eth0-g
    dhclient(39343) is already running – exiting.

    #ip netns exec green ip a

    8: eth0-g: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether ea:47:00:0a:af:de brd ff:ff:ff:ff:ff:ff

    #ip netns exec green bash
    #dhclient eth0-g
    dhclient(39343) is already running – exiting.
    #kill 39343
    #dhclient eth0-g
    8: eth0-g: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether ea:47:00:0a:af:de brd ff:ff:ff:ff:ff:ff
    inet brd scope global dynamic eth0-g

  7. Beautiful! Thanks! Probably, I am not the first one, who is asking about your output highlighting trick. How do you turn some output in SecureCRT to red and other lines to green? I know, SecureCRT can highlight, but you are doing this on click (like in PowerPoint). How?? 🙂

  8. @sandeep Thanks for the detailed feedback! Really helps to hear what works.

    Just to show there is more than one way really. Also IIRC, that is how OpenStack does it (away from my lab atm, have to double check 😉 )

Leave a Reply

Your email address will not be published.