Linux virtual network device---Veth pair detailed explanation

Veth is the abbreviation of Virtual Ethernet Device, which is a pair of Linux virtual network interface devices. Its most commonly used function is to connect different Linux network namespaces to allow communication between the two namespaces. We can simply understand a veth pair as using a network cable to connect two computers (two namespaces) to the main connection. In this way, we can easily understand that if any end of the veth pair is down, the other end will also be down.

Below we take a Linux host to create two namespaces and use a pair of veth-pairs to connect the two namespaces with an IP network as an example to illustrate how to use veth.

1. We can use the following command to create a veth pair: veth0----veth1

Create a virtual Ethernet device pair of veth0-veth1.

sudo ip link add veth0 type veth peer name veth1

2. After creating two namespaces namespaces, you can use the following commands to move the two veth devices into the two namespaces ns0 and ns1 respectively, and connect them.

Create two namespaces, ns0 and ns1, and set veth0 as the network card of ns0, and set veth1 as the network card of ns1.

sudo ip netns add ns0
sudo ip netns add ns1
sudo ip link set veth0 netns ns0
sudo ip link set veth1 netns ns1

1+2, or use the following command to directly create veth0 and veth2 in the two namespaces after creating the namespaces, and directly connect the two namespaces

This step is equivalent to the above two steps, directly create ns0 and ns1 namespaces and veth0-veth1 virtual Ethernet device pair, and set veth0 as the network card of ns0, and set veth1 as the network card of ns1.

sudo ip netns add ns0
sudo ip netns add ns1
sudo ip link add veth0 netns ns0 type veth peer veth1 netns ns1

3. Enable veth0 and veth1

Enable the veth0-veth1 virtual Ethernet device pair, pay attention to enable both sides (equivalent to plugging in the network cable)

sudo ip netns exec ns0 ip link set veth0 up
sudo ip netns exec ns1 ip link set veth1 up

4. View the veth in the two namespaces ns0 and ns1

Use the form of ip netns exec ns0 + the command to be executed to execute the specified command in ns0. The following is to execute the ip link show command to view the network link status in ns0.

sudo ip netns exec ns0 ip link show
sudo ip netns exec ns1 ip link show

5. Configure the network of ns0 and ns1

Use the form of ip netns exec ns0 + the command to be executed to execute the specified command in ns0. The following is to execute the ip addr add command to configure the IP address for veth0 in ns0. At the same time, operate ns1 accordingly. After the configuration is complete, default routes will be generated automatically under ns0 and ns1.

sudo ip netns exec ns0 ip addr add 192.168.0.2/24 dev veth0
sudo ip netns exec ns1 ip addr add 192.168.0.3/24 dev veth1

6. View the ip addresses and routes of ns0 and ns1

We can see that the ip address of the veth0 network card in ns0 is 192.168.0.2, the ip address of the veth1 network card in ns1 is 192.168.0.3, and default routes are generated in both ns0 and ns1 namespaces.

sudo ip netns exec ns0 ip addr show
sudo ip netns exec ns1 ip addr show
sudo ip netns exec ns0 ip route show
sudo ip netns exec ns1 ip route show

7. Verify the network connectivity before ns0 and ns1

Use the form of ip netns exec ns0 + the command to be executed to execute the specified command in ns0. The following is to execute the ping command to check the connectivity of the ip network between ns0 and ns1.

xxx@xx-PC:~$ sudo ip netns exec ns0 ping 192.168.0.3
PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data.
64 bytes from 192.168.0.3: icmp_seq=1 ttl=64 time=0.024 ms
64 bytes from 192.168.0.3: icmp_seq=2 ttl=64 time=0.030 ms
64 bytes from 192.168.0.3: icmp_seq=3 ttl=64 time=0.050 ms