Documentation > Containers > Kubernetes > Networking

Networking

Networking with veth

Networking via veth and bridge

Allow ip_forward

echo 1 > /proc/sys/net/ipv4/ip_forward

Create namespace

We will create two network namespaces

ip netns add ns1
ip netns add ns2

Create veth pair

We will create two veth pairs(veth->vpeer).In main network namespaces we will have one end of veth(veth1/2) and on other end(network namespaces ns1/ns2) we will have vpeer end of veth connection.

ip link add veth1 type veth peer name vpeer1 netns ns1
ip link add veth2 type veth peer name vpeer2 netns ns2
ip link set veth1 up
ip link set veth2 up

Create bridge interface

Create bridge interface which will be used as main exit point for veth1 and veth2.All outbound traffic from network namespaces ns1/ns2 will use bridge interface.

ip link add br0 type bridge
ip link set veth1 master br0
ip link set veth2 master br0
ip addr add 172.20.0.1/16 dev br0
ip link set br0 up

Configure veth end inside network namespaces

We will add IP address to vpeer1/vpeer2 inside related newtork namespaces.

Configure ns1 resources

ip netns exec ns1 bash

(ns1) ip addr add 172.20.0.2/16 dev vpeer1
(ns1) ip link set vpeer1 up
(ns1) ip link set lo up
(ns1) ip route delete default
(ns1) ip route add default dev vpeer1 via 172.20.0.1 # we need to specify next hop as br0 interface

Configure ns2 resources

ip netns exec ns2 bash
(ns2) ip addr add 172.20.0.3/16 dev vpeer2
(ns2) ip link set vpeer2 up
(ns2) ip link set lo up
(ns2) ip route delete default
(ns2) ip route add default dev vpeer2 via 172.20.0.1 # we need to specify next hop as br0 interface

Configure iptables masquerading

To allow outgoing traffic from network namespaces toward internet we need to configure iptables POSTROUTING over main network interaface(eth0 in this case)

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :

bridge_script = <<-SHELL
    sudo -i
    echo "Setting ip_forward..."
    echo 1 > /proc/sys/net/ipv4/ip_forward
    echo "Creaging ns..."
    ip netns add ns1
    ip netns add ns2
    echo "Creating veth pairs..."
    ip link add veth1 type veth peer name vpeer1 netns ns1
    ip link add veth2 type veth peer name vpeer2 netns ns2
    ip link set veth1 up
    ip link set veth2 up
    echo "Creating bridge interface..."
    ip link add br0 type bridge
    ip link set veth1 master br0
    ip link set veth2 master br0
    ip addr add 172.20.0.1/16 dev br0
    ip link set br0 up
    echo "Configuring ns1 network namespace..."
    ip netns exec ns1 ip addr add 172.20.0.2/16 dev vpeer1
    ip netns exec ns1 ip link set vpeer1 up
    ip netns exec ns1 ip link set lo up
    ip netns exec ns1 ip route add default dev vpeer1 via 172.20.0.1
    echo "Configuring ns2 network namespace..."
    ip netns exec ns2 ip addr add 172.20.0.3/16 dev vpeer2
    ip netns exec ns2 ip link set vpeer2 up
    ip netns exec ns2 ip link set lo up
    ip netns exec ns2 ip route add default dev vpeer2 via 172.20.0.1
    echo "Configuring iptables masquerading..."
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    SHELL

Vagrant.configure("2") do |config|
  config.vm.box = "bento/ubuntu-20.04"
  config.vm.provider "virtualbox" do |vb|
    vb.memory = "2048"
    vb.cpus = "2"
  end
  config.vm.hostname = "ubuntu"
  config.vm.provision "shell", inline: bridge_script

end