Virtual Networking
Network Namespaces
Bare Metal -> Virtual Machines -> Containers
namespaces: what resources and naming of those resources a process sees (file descriptors, ip addresses)
cgroup: (control groups) groups processes and allocates resources (CPU, Memory) that the kernel enforces.
Processes inherent from a parent but can exist in their own namespace. Root namespace is where user interacts.
ip netns tool for process network namespace management
- create network namespace
- create veth pair
- attach veth devices to a namespace
- ip netns exec
then you can add ip addresses to each device and communicate between the two
Useful tools for setting up virtual networking in linux namespaces:
ip netns list
ip netns exec
ip route
ethtool
ip link
ping
tshark
tcpdump
Docker
Docker includes a client (cli) that interacts with a host (daemon) that pulls images from the registry (web api).
A docker container is:
- a temporary filesystem
- layered over an image
- fully writable (copy on write)
- disappears when End of Life
- A network stack
- A process group - one main process with possible subprocesses
Docker daemon doesn't create a reference of the network namespace file in the
/var/run/netns directory.
docker0 is a default network bridge that all containers attach to (unless
otherwise specified)