Rescue is done by Linux bridge which can tap these network namespaces to the bridge to get connectivity. The same concept applied to the Docker where it sets up networking between containers running on the same host.<\/p>\n\n\n\n
What is Linux network bridge ?<\/h2>\n\n\n\n
A bridge works at Layer 2 of OSI model ie data link layer and it functions similar to a network switch. It allows multiple network interfaces to communicate with each other based on MAC addresses, which is essential for virtual networking, required for environments using containers or virtual machines.<\/p>\n\n\n\n
Demo<\/h2>\n\n\n\n
We will demo the linux bridge in a single system whose hostname is \u201chost1\u201d. Below is setup diagram which we will create using commands.<\/p>\n\n\n\n Here, you can observe that the state is \u201cLOWERLAYERDOWN\u201d, its because the other end veth is yet not connected, once we connect it to bridge the state will be \u201cUP\u201d.<\/p>\n\n\n\n Example, we will try to ping NS2\u2019s ip from NS2 namespace<\/p>\n\n\n\n We see that its 100% packet loss, its happening because we don\u2019t have loopback interface. Enabled. Lets enable the loopback interface and see if its self pinging.<\/p>\n\n\n\n \u2018Network is unreachable\u2019 , this behaviour is expected because there is no route configured in the newly created namespaces. Lets set the default route in the network namespace<\/p>\n\n\n\n We will be following same steps in HOST2 similar to HOST1.<\/p>\n\n\n\n Lets ping from HOST1->NS1 to HOST2->NS1<\/p>\n\n\n\n We can see that there is 100 % packet loss. We need route on HOST1 to reach the network namespace of HOST2. Also we have enable IP forwarding on each node.<\/p>\n\n\n\n HOST1:<\/p>\n\n\n\n HOST2:<\/p>\n\n\n\n PING test:<\/p>\n\n\n\n Here, we have reached the end of our linux network bridge demo.We have covered basic connectivity between network namespaces using linux bridges. Also, all the scenarios were based on network resources residing in same subnet. When communication between network constructs is within same subnet then docker or Kubernetes uses native routing.<\/p>\n\n\n\n However, when nodes and interfaces belong to different subnets, the concept of overlay networks comes into picture.<\/p>\n\n\n\n An overlay network is a virtual network that sits on top of an existing network infrastructure. It allows devices in different subnets or even different physical locations to communicate as if they were on the same Layer 2 or Layer 3 network.<\/p>\n\n\n\n In Kubernetes, all modern day CNI (Container Network Interface) plugin implement overlay networks to ensure seamless communication across different nodes residing on different subnet.<\/p>\n\n\n\n <\/p>\n\n\n\n We will go over the Container Network Interface in the next chapter.<\/p>\n\n\n\n Good Bye for now.<\/p>\n\n\n\n <\/p>\n\n\n\n https:\/\/man7.org\/linux\/man-pages\/man8\/bridge.8.html<\/a><\/p>\n\n\n\n https:\/\/en.wikipedia.org\/wiki\/Network_bridge<\/a><\/p>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" In the last article, we have learned about linux network namespace (https:\/\/aiinfrahub.com\/linux-network-namespace\/), Also, we understood that there is a serious scalability issue when connecting namespaces. As the no of namespaces increases we will face tremendous challenge in creating veth pair and connecting the namespaces. Rescue is done by Linux bridge which can tap these network namespaces to … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":74,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,4],"tags":[],"class_list":["post-73","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kubernetes","category-networking"],"_links":{"self":[{"href":"https:\/\/aiinfrahub.com\/about-us\/wp-json\/wp\/v2\/posts\/73","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aiinfrahub.com\/about-us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aiinfrahub.com\/about-us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aiinfrahub.com\/about-us\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aiinfrahub.com\/about-us\/wp-json\/wp\/v2\/comments?post=73"}],"version-history":[{"count":5,"href":"https:\/\/aiinfrahub.com\/about-us\/wp-json\/wp\/v2\/posts\/73\/revisions"}],"predecessor-version":[{"id":104,"href":"https:\/\/aiinfrahub.com\/about-us\/wp-json\/wp\/v2\/posts\/73\/revisions\/104"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aiinfrahub.com\/about-us\/wp-json\/wp\/v2\/media\/74"}],"wp:attachment":[{"href":"https:\/\/aiinfrahub.com\/about-us\/wp-json\/wp\/v2\/media?parent=73"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aiinfrahub.com\/about-us\/wp-json\/wp\/v2\/categories?post=73"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aiinfrahub.com\/about-us\/wp-json\/wp\/v2\/tags?post=73"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"https:\/\/aiinfrahub.com\/wp-content\/uploads\/2025\/03\/image-1.png\")
<\/figure>\n\n\n\n# Define some macros for host1\nNS1=\"NS1\"\nNS2=\"NS2\"\nBRIDGE_SUBNET=\"10.0.0.0\/24\"\nBRIDGE_IP=\"10.0.0.1\"\nIP1=\"10.0.0.2\"\nIP2=\"10.0.0.3\"<\/code><\/pre>\n\n\n\n\n
# Create the namespaces\nsudo ip netns add $NS1\nsudo ip netns add $NS2\nhost1$ ip netns show\nNS1\nNS2<\/code><\/pre>\n\n\n\n\n
# Create the veth pairs\nhost1$sudo ip link add vethNS1 type veth peer name vethNS1-br\nhost1$sudo ip link add vethNS2 type veth peer name vethNS2-br\nhost1$ip link show | grep veth\n22: vethNS1-br@vethNS1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000\n23: vethNS1@vethNS1-br: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000\n24: vethNS2-br@vethNS2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000\n25: vethNS2@vethNS2-br: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000<\/code><\/pre>\n\n\n\n\n
# Adding the veth pairs to the namespaces\nhost1$sudo ip link set vethNS1 netns $NS1\nhost1$sudo ip link set vethNS2 netns $NS2\nhost1$sudo ip netns exec NS1 ip addr\n1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000\n link\/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n23: vethNS1@if22: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000\n link\/ether 9a:ab:15:34:22:f1 brd ff:ff:ff:ff:ff:ff link-netnsid 0<\/code><\/pre>\n\n\n\n\n
# Configure the veth interfaces in the network namespace with ip address\n\nhost1$sudo ip netns exec $NS1 ip addr add $IP1\/24 dev vethNS1\n\nhost1$sudo ip netns exec $NS2 ip addr add $IP2\/24 dev vethNS2\n\nhost1$sudo ip netns exec NS1 ip addr\n\n1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000\n\n link\/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n\n23: vethNS1@if22: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000\n\n link\/ether 9a:ab:15:34:22:f1 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n\n inet 10.0.0.2\/24 scope global vethNS1\n\n valid_lft forever preferred_lft forever<\/code><\/pre>\n\n\n\n\n
# Enable the interfaces in the network namespace\nhost1$sudo ip netns exec $NS1 ip link set dev vethNS1 up\nhost1$sudo ip netns exec $NS2 ip link set dev vethNS2 up\nhost1$sudo ip netns exec NS1 ip addr\n1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000\n link\/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n23: vethNS1@if22: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000\n link\/ether 9a:ab:15:34:22:f1 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 10.0.0.2\/24 scope global vethNS1\n valid_lft forever preferred_lft forever<\/code><\/pre>\n\n\n\n\n
# Create the bridge\nhost1$sudo ip link add br0 type bridge\nhost1$ip link show type bridge\n26: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000\n link\/ether 16:d3:08:5d:a7:55 brd ff:ff:ff:ff:ff:ff<\/code><\/pre>\n\n\n\n\n
# Adding the network namespaces interfaces to the bridge\nhost1$sudo ip link set dev vethNS1-br master br0\nhost1$sudo ip link set dev vethNS2-br master br0\n\n# Assign IP address to the bridge\nhost1$sudo ip addr add $BRIDGE_IP\/24 dev br0\n\n# Enable the bridge\nhost1$sudo ip link set dev br0 up<\/code><\/pre>\n\n\n\n\n
# Enable the interfaces connected to the bridge\"\nhost1$sudo ip link set dev vethNS1-br up\nhost1$sudo ip link set dev vethNS2-br up\nhost1$sudo ip netns exec NS1 ip addr\n1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000\n link\/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n23: vethNS1@if22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000\n link\/ether 9a:ab:15:34:22:f1 brd ff:ff:ff:ff:ff:ff link-netnsid 0\n inet 10.0.0.2\/24 scope global vethNS1\n valid_lft forever preferred_lft forever\n inet6 fe80::98ab:15ff:fe34:22f1\/64 scope link\n valid_lft forever preferred_lft forever<\/code><\/pre>\n\n\n\nPING Test<\/h2>\n\n\n\n
\n
host1$sudo ip netns exec NS1 ping 10.0.0.3 -c 2\nPING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.\n64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=0.154 ms\n64 bytes from 10.0.0.3: icmp_seq=2 ttl=64 time=0.056 ms<\/code><\/pre>\n\n\n\n\n
host1$sudo ip netns exec NS2 ping 10.0.0.3 -c 2\nPING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.\n\n--- 10.0.0.3 ping statistics ---\n2 packets transmitted, 0 received, 100% packet loss, time 1028ms<\/code><\/pre>\n\n\n\n#Setting the loopback interfaces in the network namespaces\nhost1$sudo ip netns exec $NS1 ip link set lo up\nhost1$sudo ip netns exec $NS2 ip link set lo up\n\nhost1$sudo ip netns exec NS2 ping 10.0.0.3 -c 2\nPING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.\n64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=0.026 ms\n64 bytes from 10.0.0.3: icmp_seq=2 ttl=64 time=0.103 ms\n\n--- 10.0.0.3 ping statistics ---\n2 packets transmitted, 2 received, 0% packet loss, time 1065ms\nrtt min\/avg\/max\/mdev = 0.026\/0.064\/0.103\/0.038 ms<\/code><\/pre>\n\n\n\n\n
host1$sudo ip netns exec NS2 ping 10.20.2.4 -c 2\nping: connect: Network is unreachable<\/code><\/pre>\n\n\n\n# Setting the default route in the network namespace\nhost1$sudo ip netns exec $NS1 ip route add default via $BRIDGE_IP dev vethNS1\nhost1$sudo ip netns exec $NS2 ip route add default via $BRIDGE_IP dev vethNS2\n\nhost1$sudo ip netns exec NS2 ping 10.20.2.4 -c 2\nPING 10.20.2.4 (10.20.2.4) 56(84) bytes of data.\n64 bytes from 10.20.2.4: icmp_seq=1 ttl=64 time=0.167 ms\n64 bytes from 10.20.2.4: icmp_seq=2 ttl=64 time=0.108 ms\n\n--- 10.20.2.4 ping statistics ---\n2 packets transmitted, 2 received, 0% packet loss, time 1056ms\nrtt min\/avg\/max\/mdev = 0.108\/0.137\/0.167\/0.029 ms<\/code><\/pre>\n\n\n\n\n
Basically, we want to ping from HOST1->NS1 to HOST2->NS1<\/li>\n<\/ul>\n\n\n\n![\"\"](\"https:\/\/aiinfrahub.com\/wp-content\/uploads\/2025\/03\/image-2.png\")
<\/figure>\n\n\n\nNS1=\"NS1\"\nNS2=\"NS2\"\nBRIDGE_SUBNET=\"10.0.0.0\/24\"\nBRIDGE_IP=\"10.0.1.1\"\nIP1=\"10.0.1.2\"\nIP2=\"10.0.1.3\"\n\nsudo ip netns add $NS1\nsudo ip netns add $NS2\n\nsudo ip link add vethNS1 type veth peer name vethNS1-br\nsudo ip link add vethNS2 type veth peer name vethNS2-br\n\nsudo ip link set vethNS1 netns $NS1\nsudo ip link set vethNS2 netns $NS2\n\nsudo ip netns exec $NS1 ip addr add $IP1\/24 dev vethNS1 \nsudo ip netns exec $NS2 ip addr add $IP2\/24 dev vethNS2 \n\nsudo ip netns exec $NS1 ip link set dev vethNS1 up\nsudo ip netns exec $NS2 ip link set dev vethNS2 up\n\nsudo ip link add br0 type bridge\nsudo ip link set dev vethNS1-br master br0\nsudo ip link set dev vethNS2-br master br0\n\nsudo ip addr add $BRIDGE_IP\/24 dev br0\n\nsudo ip link set dev br0 up\n\nsudo ip link set dev vethNS1-br up\nsudo ip link set dev vethNS2-br up\n\nsudo ip netns exec $NS1 ip route add default via $BRIDGE_IP dev vethNS1<\/code><\/pre>\n\n\n\nhost1$sudo ip netns exec NS1 ping 10.0.1.2 -c 2\nPING 10.0.1.2 (10.0.1.2) 56(84) bytes of data.\n\n--- 10.0.1.2 ping statistics ---\n2 packets transmitted, 0 received, 100% packet loss, time 1061ms<\/code><\/pre>\n\n\n\nhost1$#sudo ip route add 10.0.1.0\/24 via 10.20.2.5 dev enp0s3\nhost1$#sudo sysctl -w net.ipv4.ip_forward=1<\/code><\/pre>\n\n\n\nhost2$#sudo ip route add 10.0.0.0\/24 via 10.20.2.4 dev enp0s3\nhost2$#sudo sysctl -w net.ipv4.ip_forward=1<\/code><\/pre>\n\n\n\nhost1$sudo ip netns exec NS1 ping 10.0.1.2 -c 2\nPING 10.0.1.2 (10.0.1.2) 56(84) bytes of data.\n64 bytes from 10.0.1.2: icmp_seq=1 ttl=62 time=0.596 ms\n64 bytes from 10.0.1.2: icmp_seq=2 ttl=62 time=0.976 ms\n\n--- 10.0.1.2 ping statistics ---\n2 packets transmitted, 2 received, 0% packet loss, time 1036ms\nrtt min\/avg\/max\/mdev = 0.596\/0.786\/0.976\/0.190 ms<\/code><\/pre>\n\n\n\nConclusion<\/h2>\n\n\n\n
References<\/h2>\n\n\n\n