Network namespaces provide isolated network environments within a Linux system. Each namespace has its own network interfaces, routing tables, firewall rules, and network resources. This isolation enables containers, VMs, and network virtualization.

Key Concepts

• Network Namespace: Isolated network stack instance
• Virtual Ethernet (veth): Paired network interfaces
• Bridge: Virtual switch connecting namespaces
• Default Namespace: Initial namespace where system starts
• Loopback Interface: Separate lo interface per namespace

Command Syntax

ip netns [COMMAND] [OPTIONS]

• Manage network namespace operations
• Create, delete, execute commands in namespaces
• List and configure namespace networking

Common Options

add NAME - Create new network namespace delete NAME - Remove network namespace list - Show all network namespaces exec NAME COMMAND - Run command in namespace identify PID - Show namespace of process

Practical Examples

Example 1: Create and list namespaces

1
2
3

sudo ip netns add red
sudo ip netns add blue
ip netns list

Creates two isolated network environments

Example 2: Execute commands in namespace

1
2

sudo ip netns exec red ip addr
sudo ip netns exec red ping 127.0.0.1

Shows interfaces and tests connectivity within namespace

Example 3: Create veth pair connection

1
2
3

sudo ip link add veth-red type veth peer name veth-blue
sudo ip link set veth-red netns red
sudo ip link set veth-blue netns blue

Connects two namespaces with virtual cable

Example 4: Configure namespace networking

1
2
3
4

sudo ip netns exec red ip addr add 10.1.1.1/24 dev veth-red
sudo ip netns exec red ip link set veth-red up
sudo ip netns exec blue ip addr add 10.1.1.2/24 dev veth-blue
sudo ip netns exec blue ip link set veth-blue up

Assigns IPs and enables interfaces

Example 5: Test connectivity

1
2

sudo ip netns exec red ping 10.1.1.2
sudo ip netns exec blue ping 10.1.1.1

Verifies communication between namespaces

Use Cases

• Container Networking: Docker/Podman isolation
• Network Testing: Simulate network topologies
• Security Isolation: Separate application networks
• VPN Solutions: Isolate VPN traffic
• Network Development: Test routing protocols

Related Commands

ip link - Manage network interfaces ip addr - Configure IP addresses
ip route - Manage routing tables bridge - Configure bridge devices nsenter - Enter namespace of existing process

Tips & Troubleshooting

Common Issues

• No connectivity: Check if interfaces are UP
• Permission denied: Use sudo for namespace operations
• Namespace not found: Verify namespace exists with ip netns list

Best Practices

• Always bring up loopback in new namespaces:

  1	sudo ip netns exec NAME ip link set lo up

• Clean up unused namespaces to save resources
• Use descriptive namespace names for clarity

Debugging

1
2
3
4
5
6
7
8

# Check namespace interfaces
sudo ip netns exec NAME ip link show

# Verify routing
sudo ip netns exec NAME ip route show

# Monitor namespace processes
sudo lsns -t net

Performance Notes

• Each namespace consumes kernel memory
• Limit namespaces based on system resources
• Use bridges for connecting multiple namespaces efficiently