# Virtual Networking

# Network Namespaces

Bare Metal -> Virtual Machines -> Containers

namespaces: what resources and naming of those resources a process sees (file descriptors, ip addresses)

cgroup: (control groups) groups processes and allocates resources (CPU, Memory) that the kernel enforces.

Processes inherent from a parent but can exist in their own namespace. Root namespace is where user interacts.

ip netns tool for process network namespace management

• create network namespace
• create veth pair
• attach veth devices to a namespace
• ip netns exec

then you can add ip addresses to each device and communicate between the two

Useful tools for setting up virtual networking in linux namespaces:

ip netns list
ip netns exec
ip route
ethtool
ip link
ping
tshark
tcpdump

# Docker

Docker includes a client (cli) that interacts with a host (daemon) that pulls images from the registry (web api).

A docker container is:

• a temporary filesystem
  • layered over an image
  • fully writable (copy on write)
  • disappears when End of Life
• A network stack
• A process group - one main process with possible subprocesses

Docker daemon doesn't create a reference of the network namespace file in the /var/run/netns directory.

docker0 is a default network bridge that all containers attach to (unless otherwise specified)