|Network namespaces in the Linux kernel|
|By Thom Holwerda on 2016-04-13 23:09:54|
Namespaces and cgroups are two of the main kernel technologies most of the new trend on software containerization (think Docker) rides on. To put it simple, cgroups are a metering and limiting mechanism, they control how much of a system resource (CPU, memory) you can use. On the other hand, namespaces limit what you can see. Thanks to namespaces processes have their own view of the system's resources.
The Linux kernel provides 6 types of namespaces: pid, net, mnt, uts, ipc and user. For instance, a process inside a pid namespace only sees processes in the same namespace. Thanks to the mnt namespace, it's possible to attach a process to its own filesystem (like chroot). In this article I focus only in network namespaces.
If you have grasped the concept of namespaces you may have at this point an intuitive idea of what a network namespace might offer. Network namespaces provide a brand-new network stack for all the processes within the namespace. That includes network interfaces, routing tables and iptables rules.
- A broad overview of how modern Linux systems boot - 2018-06-18
- C gfx library for the Linux framebuffer with parallelism support - 2018-06-18
- The real power of Linux executables - 2018-05-31
- There's real reasons for Linux to replace ifconfig, netstat, et al. - 2018-05-25
- More related articles