Add docs/tech_docs/linux/namespaces.md

docs/tech_docs/linux/namespaces.md

@@ -0,0 +1,71 @@
+Using network namespaces in Linux provides a powerful way to segment and manage network traffic within isolated environments on a single host. This feature is particularly useful in advanced network setups where multiple isolated networks are required, such as in development environments, testing different network configurations, or managing container networking. Here, we’ll walk through setting up network namespaces, configuring bridges within those namespaces, and linking these namespaces using virtual Ethernet (veth) pairs.
+
+### Step-by-Step Guide to Using Network Namespaces with Bridges
+
+#### **Step 1: Install Necessary Tools**
+Ensure your system has the tools needed to manage network namespaces and bridges. These tools are typically available in the `iproute2` package.
+
+```bash
+sudo apt-get update
+sudo apt-get install iproute2 bridge-utils
+```
+
+#### **Step 2: Create Network Namespaces**
+Network namespaces provide isolated networking environments. Here, we'll create two namespaces named `ns1` and `ns2`.
+
+```bash
+sudo ip netns add ns1
+sudo ip netns add ns2
+```
+
+#### **Step 3: Create Virtual Ethernet (veth) Pairs**
+Veth pairs are virtual network interfaces that act as tunnels between network namespaces. Each pair consists of two endpoints. Create a pair and assign each end to a different namespace.
+
+```bash
+sudo ip link add veth1 type veth peer name veth2
+sudo ip link set veth1 netns ns1
+sudo ip link set veth2 netns ns2
+```
+
+#### **Step 4: Configure Bridges within Each Namespace**
+Now, create a bridge in each namespace and add the respective veth interface to each bridge.
+
+```bash
+# Configuring the bridge in ns1
+sudo ip netns exec ns1 ip link add name br1 type bridge
+sudo ip netns exec ns1 ip link set br1 up
+sudo ip netns exec ns1 ip link set veth1 up
+sudo ip netns exec ns1 ip link set veth1 master br1
+
+# Configuring the bridge in ns2
+sudo ip netns exec ns2 ip link add name br2 type bridge
+sudo ip netns exec ns2 ip link set br2 up
+sudo ip netns exec ns2 ip link set veth2 up
+sudo ip netns exec ns2 ip link set veth2 master br2
+```
+
+#### **Step 5: Assign IP Addresses to Bridges (Optional)**
+For testing connectivity or for specific configurations, you might assign IP addresses to each bridge within the namespaces.
+
+```bash
+sudo ip netns exec ns1 ip addr add 192.168.1.1/24 dev br1
+sudo ip netns exec ns2 ip addr add 192.168.2.1/24 dev br2
+```
+
+#### **Step 6: Test Connectivity**
+To ensure that everything is set up correctly, you can ping from one namespace to another using the IP addresses assigned to the bridges.
+
+```bash
+sudo ip netns exec ns1 ping 192.168.2.1
+```
+
+### Advanced Considerations
+
+- **Network Security**: Since network namespaces provide isolation, they are useful for testing network security policies and firewall rules.
+- **Integration with Containers**: Many container runtimes use network namespaces to isolate the network of different containers. Understanding how to manually configure and manage these can help in custom container setups.
+- **Performance Monitoring**: Tools like `ip netns exec` can be combined with network monitoring tools to assess performance issues across different namespaces.
+- **Automation**: For environments where network namespaces are frequently created and destroyed, consider scripting the setup and teardown processes to ensure configurations are consistent and repeatable.
+
+### Conclusion
+
+Network namespaces with bridged connections offer a robust mechanism for managing complex network architectures on a single Linux host. They are invaluable for developers and system administrators looking to create reproducible network environments for testing or deployment purposes. This setup enables precise control over traffic flow and network topology within a host, catering to advanced network management and isolation needs.