If you have been working with container virtualization and orchestration software like Docker and Kubernetes, then you probably have heard of network namespace.

Recently, I started exploring the Linux [ip](https://linux.die.net/man/8/ip) command. In this post, I will show you how to use the command to connect processes in two different network namespaces, on different subnets, over a pair of [veth](https://man7.org/linux/man-pages/man4/veth.4.html) interfaces.

About Network Namespace

Container runtime uses the namespace kernel feature to partition system resources to achieve a form of process isolation, such that changes to the resources in one namespace do not affect that in other namespaces. Example of such resources include process IDs, hostnames, user IDs, file names, and network interfaces.

Network namespace, in particular, virtualizes the network stack. Each network namespace has its own set of resources like network interfaces, IP addresses, routing tables, tunnels, firewalls etc. For example, iptables rules added to a network namespace will only affect traffic entering and leaving that namespace.

#namespaces #network #containers #linux #ip