Linux network namespaces - Command Output
Below is the output from when I copied and pasted the commands from my Linux network namespaces article, verbatim, without modification.
grant@dotFiles:~$ alias ip='sudo ip' # ip alias created for dotFiles readers convenience grant@dotFiles:~$ alias vrf1='ip netns exec vrf1' # Create the vrf# aliases because I'm too layz to grant@dotFiles:~$ alias vrf2='ip netns exec vrf2' # type 'ip netns exec vrf#' all the time. grant@dotFiles:~$ alias vrf3='ip netns exec vrf3' # grant@dotFiles:~$ ip netns add vrf1 # Create three new network namespaces grant@dotFiles:~$ ip netns add vrf2 # grant@dotFiles:~$ ip netns add vrf3 # grant@dotFiles:~$ vrf1 ip link add vrf2 type veth peer name vrf1 # Create a pair of virtual ethernet interfaces in the vrf1 NetNS. grant@dotFiles:~$ vrf1 ip link set vrf1 netns vrf2 # Move the vrf1 interface into the vrf2 NetNS. grant@dotFiles:~$ vrf2 ip link add vrf3 type veth peer name vrf2 # grant@dotFiles:~$ vrf2 ip link set vrf2 netns vrf3 # grant@dotFiles:~$ vrf1 ip link set lo up # Bring up the interfaces in the vrf1 NetNS. grant@dotFiles:~$ vrf1 ip link set vrf2 up # grant@dotFiles:~$ vrf2 ip link set lo up # vrf2 ... grant@dotFiles:~$ vrf2 ip link set vrf1 up # grant@dotFiles:~$ vrf2 ip link set vrf3 up # grant@dotFiles:~$ vrf3 ip link set lo up # vrf3 ... grant@dotFiles:~$ vrf3 ip link set vrf2 up # grant@dotFiles:~$ vrf1 ip addr add dev vrf2 10.0.0.1/24 # Assing some IP addresses to interfaces. grant@dotFiles:~$ vrf2 ip addr add dev vrf1 10.0.0.2/24 # grant@dotFiles:~$ vrf2 ip addr add dev vrf3 10.0.1.2/24 # grant@dotFiles:~$ vrf3 ip addr add dev vrf2 10.0.1.3/24 # grant@dotFiles:~$ vrf1 ip route add default via 10.0.0.2 # Set the default gateway in vrf1 & vrf3 to be vrf2. grant@dotFiles:~$ vrf3 ip route add default via 10.0.1.2 # grant@dotFiles:~$ echo "1" | vrf2 tee /proc/sys/net/ipv4/ip_forward # Make sure that IP forwarding is enabled in vrf2. 1 grant@dotFiles:~$ vrf1 ping -c 1 10.0.0.2 # Make sure that vrf1 can ping vrf2 - direct PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.057 ms --- 10.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.057/0.057/0.057/0.000 ms grant@dotFiles:~$ vrf2 ping -c 1 10.0.0.1 # Make sure that vrf2 can ping vrf1 - direct PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.041 ms --- 10.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.041/0.041/0.041/0.000 ms grant@dotFiles:~$ vrf2 ping -c 1 10.0.1.3 # Make sure that vrf2 can ping vrf3 - direct PING 10.0.1.3 (10.0.1.3) 56(84) bytes of data. 64 bytes from 10.0.1.3: icmp_seq=1 ttl=64 time=0.058 ms --- 10.0.1.3 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.058/0.058/0.058/0.000 ms grant@dotFiles:~$ vrf3 ping -c 1 10.0.1.2 # Make sure that vrf3 can ping vrf2 - direct PING 10.0.1.2 (10.0.1.2) 56(84) bytes of data. 64 bytes from 10.0.1.2: icmp_seq=1 ttl=64 time=0.043 ms --- 10.0.1.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.043/0.043/0.043/0.000 ms grant@dotFiles:~$ vrf1 ping -c 1 10.0.1.3 # Make sure that vrf1 can ping vrf3 - routed PING 10.0.1.3 (10.0.1.3) 56(84) bytes of data. 64 bytes from 10.0.1.3: icmp_seq=1 ttl=63 time=0.053 ms --- 10.0.1.3 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.053/0.053/0.053/0.000 ms grant@dotFiles:~$ vrf3 ping -c 1 10.0.0.1 # Make sure that vrf3 can ping vrf1 - routed PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1: icmp_seq=1 ttl=63 time=0.049 ms --- 10.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.049/0.049/0.049/0.000 ms grant@dotFiles:~$ vrf3 ip addr add dev vrf2 10.0.2.3/24 # Add the new IP address to vrf3 grant@dotFiles:~$ vrf3 ip route add 10.0.2.0/24 dev vrf2 src 10.0.2.3 table test # Populate the test routing table grant@dotFiles:~$ vrf3 ip route add default via 10.0.2.2 table test # grant@dotFiles:~$ vrf3 ip rule add from 10.0.2.3 table test # Tell the kernel to use the test table for 10.0.2.3. grant@dotFiles:~$ vrf1 ping -c 4 10.0.2.3 # This should fail. PING 10.0.2.3 (10.0.2.3) 56(84) bytes of data. From 10.0.0.2 icmp_seq=1 Destination Net Unreachable From 10.0.0.2 icmp_seq=2 Destination Net Unreachable From 10.0.0.2 icmp_seq=3 Destination Net Unreachable From 10.0.0.2 icmp_seq=4 Destination Net Unreachable --- 10.0.2.3 ping statistics --- 4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 2998ms grant@dotFiles:~$ vrf2 ip addr add 10.0.2.2/24 dev vrf3 # Add the new IP address to vrf2 grant@dotFiles:~$ vrf1 ping -c 4 10.0.2.3 # This should succeed. PING 10.0.2.3 (10.0.2.3) 56(84) bytes of data. 64 bytes from 10.0.2.3: icmp_seq=1 ttl=63 time=0.097 ms 64 bytes from 10.0.2.3: icmp_seq=2 ttl=63 time=0.054 ms 64 bytes from 10.0.2.3: icmp_seq=3 ttl=63 time=0.055 ms 64 bytes from 10.0.2.3: icmp_seq=4 ttl=63 time=0.058 ms --- 10.0.2.3 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2998ms rtt min/avg/max/mdev = 0.054/0.066/0.097/0.017 ms grant@dotFiles:~$ ip netns del vrf1 # Delete the network namespaces. grant@dotFiles:~$ ip netns del vrf2 # grant@dotFiles:~$ ip netns del vrf3 #