Creating VLANs between network namespaces [closed]

by

I want to implement the topology shown in the figure below using network namespaces (ns1 to ns4).

                      topology to implement

I can implement the above topology without splitting the network into two different VLANs using the following commands (based on this article, titled: Introducing Linux Network Namespaces):

sudo ip netns add ns1
sudo ip netns add ns2
sudo ip netns add ns3
sudo ip netns add ns4

sudo ip link add veth1 type veth peer name veth11
sudo ip link add veth2 type veth peer name veth12
sudo ip link add veth3 type veth peer name veth13
sudo ip link add veth4 type veth peer name veth14

sudo ip link set veth11 netns ns1
sudo ip link set veth12 netns ns2
sudo ip link set veth13 netns ns3
sudo ip link set veth14 netns ns4

sudo ip netns exec ns1  ifconfig lo up
sudo ip netns exec ns2  ifconfig lo up
sudo ip netns exec ns3  ifconfig lo up
sudo ip netns exec ns4  ifconfig lo up

sudo ifconfig veth1 10.1.11.1/24 up
sudo ifconfig veth2 10.1.12.1/24 up
sudo ifconfig veth3 10.1.13.1/24 up
sudo ifconfig veth4 10.1.14.1/24 up

sudo ip netns exec ns1 ifconfig veth11 10.1.11.2/24 up
sudo ip netns exec ns2 ifconfig veth12 10.1.12.2/24 up
sudo ip netns exec ns3 ifconfig veth13 10.1.13.2/24 up
sudo ip netns exec ns4 ifconfig veth14 10.1.14.2/24 up

sudo ip netns exec ns1 route add default gw 10.1.11.1 veth11
sudo ip netns exec ns2 route add default gw 10.1.12.1 veth12
sudo ip netns exec ns3 route add default gw 10.1.13.1 veth13
sudo ip netns exec ns4 route add default gw 10.1.14.1 veth14

Based on the above setup everyone can ping everyone else. Now I want to isolate ns1 and ns3 in one VLAN, and ns2 and ns4 in another. To implement the VLAN’s I’m trying to use something like the following:

sudo vconfig add veth1 11
sudo vconfig add veth3 11
sudo vconfig add veth11 12
sudo vconfig add veth13 12

However still everyone can ping everyone else meaning that the network isn’t divided into two different LANS. How can I achieve what I’m trying? Is there a different method for VLAN tagging for virtual interfaces?

Answer

veth[1,2,3,4] are still in the global namespace, and thus routed by the kernel.

Your vconfig commands are adding vlan interface to the respective veth, which is not what you want. (ip link show should show a veth1.11, etc. (depending on how name_type is set))

I’m not sure what you’re trying to accomplish with VLANs. If you want to isolate n1+n3, and ns2+ns4, then move the other end of the veth to different namespaces:

ip netns add blue
ip link set netns veth1 blue
ip link set netns veth3 blue
ip netns add yellow
ip link set netns veth2 yellow
ip link set netns veth4 yellow

Attribution
Source : Link , Question Author : Vasilis , Answer Author : Ricky

Leave a Comment