Use named netns (net namespace) with systemd services!
This project enables you to:
- Create and delete named netns on the fly like systemd services
- Start named netns on boot
- Quickly set up bridging or NAT from netns to host
- Use named netns in systemd services
- Enables them to connect to the internet too
- And you can manually switch to its netns (since they are named)
Installation
Dependencies:
- Recent version of systemd (newer is better; tested down to v232)
- iproute2
- iptables (only if you use default NAT config)
/usr/bin/env
For installation, run make install
with root privilege.
You ran run make uninstall
to remove the systemd units, but the configs located in /etc/default
will not be removed.
Quickstart
systemctl start netns-nat@helloworld
chnetns helloworld ip address
Note: Network interface names are derived from the netns name, so do not create netns names longer than 12 characters.
NS Types
netns@.service
)
Basic (It creates a new netns. Use this if you want to customize everything by hand. All other types depend on this.
netns-nat@.service
)
NAT (It creates a new netns with NATed network access (like VMNet8). Use this if you want to get things quickly up and running without any network hassles.
Note:
- The default configuration will only work for the first
netns-nat
instance. You need to change the IP addresses if you want 2 or morenetns-nat
instances running at the same time. - This will setup packet forwarding on your Linux kernel, making your host a router (this might cause security problems if set incorrectly)
- If you want automatic iptables accept rules, set
NAT_ACCEPT_TRAFFIC=1
netns-tunnel@.service
)
Tunnel (It creates a new netns with a pseudo wire to the host (like VMNet1). Use this if you want to communicate with the program inside the netns but don't want them to have internet access, or if you want to assign routable IPs to a netns.
netns-bridge@.service
)
Bridge (It bridges the new netns to a Linux bridge. You need to set up the bridge first: see wiki if you are not sure what to do.
netns-mvbr@.service
)
MACVLAN Bridge (Alternative to NSType bridge. A MACVLAN Bridge allows you to create multiple interfaces with different Layer 2 (that is, Ethernet MAC) addresses on top of a single NIC. MACVLAN is a bridge without an explicit bridge device.
For netns-mvbr, ${MACVLAN_BRIDGE}
will be the bridge device (usually your physical NIC device).
Note that any MACVLAN devices in other netns's will be able to communicate each other and the outside world but NOT the bridge device. If you want to enable communication with the root netns, you can add a MACVLAN device in the root netns and use that instead of the MACVLAN bridge device.
Resources
- Create and Delete Netns
- Switch to some netns and run program
- Put a systemd unit(service) into a netns
- Configuration
- Use Cases
No comments:
Post a Comment