Need help with sending a ping from one network namespace to another as mentioned in Docker Engine - Networking section , chapter Networking Deep Dive : Namespaces

rohitschauhan · August 3, 2021, 2:08pm

I am following the lecture series for the Docker Certified Associate Exam Course. I am currently on chapter “Networking Deep Dive :Namespaces” of the “Docker Engine Networking” section.
As instructed in the lecture, I have created two network namespaces, i.e., red and blue on centos machine as follows:

[root@ip-xxx-xxx-xxx-xxx ~]# ip netns add red
[root@ip-xxx-xxx-xxx-xxx ~]# ip netns add blue

[root@ip-xxx-xxx-xxx-xxx ~]# ip netns
blue
red

I have created the virtual cable ‘veth-red’ and ‘veth-blue’ and then connected them using the following command:

[root@ip-xxx-xxx-xxx-xxx ~]# ip link add veth-red type veth peer name veth-blue

Then I attached the appropriate interface to each namespace as follows:

[root@ip-xxx-xxx-xxx-xxx ~]# ip link set veth-red netns red
[root@ip-xxx-xxx-xxx-xxx ~]# ip link set veth-blue netns blue

I then assigned IP addresses to each of these namespaces as follows:

[root@ip-xxx-xxx-xxx-xxx ~]# ip -n red addr add 192.168.15.1 dev veth-red

[root@ip-xxx-xxx-xxx-xxx ~]# ip -n blue addr add 192.168.15.2 dev veth-blue

I then bring up the interface using the IP link set up command for each device within the respective namespaces.

[root@ip-xxx-xxx-xxx-xxx ~]# ip -n red link set veth-red up
[root@ip-xxx-xxx-xxx-xxx ~]# ip -n blue link set veth-blue up

Then, when I check the interfaces inside each namespace, I get the ‘veth-red’ in ‘red’ namespace and ‘veth-blue’ in blue namespace as follows:

[root@ip-xxx-xxx-xxx-xxx ~]# ip -n red link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
17: veth-red@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 7e:9d:42:79:2d:2f brd ff:ff:ff:ff:ff:ff link-netnsid 1
[root@ip-xxx-xxx-xxx-xxx ~]# ip -n blue link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
16: veth-blue@if17: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 62:aa:79:55:46:56 brd ff:ff:ff:ff:ff:ff link-netnsid 0

My doubt arises when I try to send a ping from red to blue (IP address: 192.168.15.2) as follows:

[root@ip-xxx-xxx-xxx-xxx ~]# ip netns exec red ping 192.168.15.2
connect: Network is unreachable

Why am I getting ‘Network is unreachable’ when I did everything as instructed in the lecture video?
Please help

Ayman · August 8, 2021, 10:06am

Just add /24 to IP and it will work.
[root@ip-xxx-xxx-xxx-xxx ~]# ip -n red addr add 192.168.15.1/24 dev veth-red

[root@ip-xxx-xxx-xxx-xxx ~]# ip -n blue addr add 192.168.15.2/24 dev veth-blue

rarzenti · October 19, 2022, 9:10pm

@Ayman I just found this solution and it solved my problems.

Can you explain why you need to add the default subnet to the end here? I wasn’t able to find any documentation for this. Should it be best practice to always include the subnet when defining ip addresses?

Thanks!
Ryan

tsluyter · May 12, 2023, 11:11am

Yes. It’s not just “best practice”, it’s a requirement in any network.