2

I'm trying to create an isolated lab using network namespaces. It works correctly, that is, only the machines in the network namespace can talk. But now I want reach the machines by localhost using v-net-0 like a router.

Here what i do:

ip netns add red
ip netns add blue
ip link add v-net-0 type bridge
ip link set dev v-net-0 up
ip link add veth-red type veth peer name veth-red-br
ip link add veth-blue type veth peer name veth-blue-br
ip link set veth-red netns red
ip link set veth-blue netns blue
ip link set veth-red-br master v-net-0
ip link set veth-blue-br master v-net-0
ip -n red addr add 192.168.15.2/24 dev veth-red
ip -n blue addr add 192.168.15.3/24 dev veth-blue
ip -n red link set veth-red up
ip -n blue link set veth-blue up

Here everything is ok, the two virtual interfaces can communicate with each other in a totally isolated way

But now from the localhost I want to be able to reach the two virtual interfaces using the v-net-0 to make this i assign at the v-net-0 an ip.

ip addr add 192.168.15.5/24 dev v-net-0

So the localhost can ping the v-net-0 but red and blue are unreachable. What i can do?

Fabio
  • 133
  • 4

2 Answers2

0

Use ‘ipvlan’ you’ll have 192.168.15.x in default/red/blue ns.

user1602017
  • 101
  • 1
0

You can use Linux bridge (brctl) or openvswitch to connect multiple ns in the same VLAN.

See also:

Mircea Vutcovici
  • 16,706
  • 4
  • 52
  • 80
  • I just connect multiple ns in the same VLAN, the problem is that i can reach the master from the localhost but the master doesn't route the traffic to the other namespace. – Fabio Nov 24 '19 at 15:34
  • 1
    The NS are connected between themselves, but not with the host. You need to add a connection as you already did with veth for ns. – Mircea Vutcovici Nov 24 '19 at 15:46