On 3/24/20 3:21 AM, Marco Gaiarin wrote:
Interesting... i've found: https://blog.scottlowe.org/2013/09/04/introducing-linux-network-namespac es/and i've not understood how can i 'link' phisical interfaces with vethX.
It depends what you mean by "link".
Using bond?
I would avoid using a bond with a vEth interface.
But after that, i need to use ebtales?
Did you mean "bridge"? ebtables, as in Ethernet Bridging Tables, is associated with bridges. Bonding is LACP / EtherChannel / etc.Yes, bridging would be a good choice to have L2 connectivity between the Network Namespace and the physical NIC.
You can also use traditional routing between the physical and the vEth NICs. You can even move the physical NIC into a Network Namespace. It *REALLY* depends on what you want to do.Network Namespaces are as powerful as the Linux kernel is. Meaning that you can do just about everything with the network in a network namespace that you can do outside of it. The benefit is that you can have multiple network namespaces on the same machine with minimal resources used.
Think about all the things that you can do with virtual machines acting as routers (or other servers), but with comparatively no resource utilization.
I think about network namespaces as if they are different sets of configuration data that the same kernel TCP/IP stack uses. So the resource over head is only what's necessary to hold the different network configuration. (I'm guessing single digit MBs at the most.)
I have had double digits of network namespaces on Raspberry Pis multiple times. No problem. Getting fat VMs on a Raspberry Pi is problematic b/c of resource constraint.
ifbX interfaces are very limited by not having connection tracking, having some 'real' interfaces would be a must!
vEth interfaces are very much so 'real' interfaces. As are MACVLAN & IPVLAN, other options that are frequently used. -- Grant. . . . unix || die
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
