👉 Overview
👀 What ?
The Linux Network Namespace is a feature of the Linux kernel that isolates network resources for a collection of processes. It is essentially a virtual network stack that includes its own routes, firewall rules, and network devices.
🧐 Why ?
Network namespaces are extremely important for providing process-level network isolation, which is a key aspect of containerization. It allows processes within the namespace to have their own private network stack, separate from other namespaces. This means that applications can run in a completely isolated network environment, without being able to interfere with each other. This is also crucial for security, as it restricts the network access of processes, reducing the attack surface.
⛏️ How ?
To create a new network namespace, you use the 'ip netns' command. For example, 'ip netns add mynamespace' creates a new namespace called 'mynamespace'. You can then run processes within this namespace by using the 'ip netns exec' command. For example, 'ip netns exec mynamespace somecommand' runs 'somecommand' in the 'mynamespace' network namespace.
⏳ When ?
Network namespaces were introduced in Linux kernel 2.6.24, which was released in 2008. They have since become a fundamental part of Linux container technologies like Docker and Kubernetes.
⚙️ Technical Explanations
Under the hood, a network namespace is represented by a 'struct net' in the kernel. When a process is created, it is associated with a namespace, and all network operations performed by that process are done in the context of that namespace. The namespace includes its own network devices, routing tables, and firewall rules. By changing the namespace of a process, you can control its network environment. This is done using the setns() system call, which changes the network namespace of the calling process.