| .TH IP\-NETNS 8 "16 Jan 2013" "iproute2" "Linux" |
| .SH NAME |
| ip-netns \- process network namespace management |
| .SH SYNOPSIS |
| .sp |
| .ad l |
| .in +8 |
| .ti -8 |
| .B ip |
| .RI "[ " OPTIONS " ]" |
| .B netns |
| .RI " { " COMMAND " | " |
| .BR help " }" |
| .sp |
| .ti -8 |
| .BR "ip netns" " { " list " } " |
| |
| .ti -8 |
| .B ip netns add |
| .I NETNSNAME |
| |
| .ti -8 |
| .B ip [-all] netns del |
| .RI "[ " NETNSNAME " ]" |
| |
| .ti -8 |
| .BR "ip netns" " { " set " } " |
| .I NETNSNAME NETNSID |
| |
| .ti -8 |
| .BR "ip netns identify" |
| .RI "[ " PID " ]" |
| |
| .ti -8 |
| .BR "ip netns pids" |
| .I NETNSNAME |
| |
| .ti -8 |
| .BR "ip [-all] netns exec " |
| .RI "[ " NETNSNAME " ] " command ... |
| |
| .ti -8 |
| .BR "ip netns monitor" |
| |
| .ti -8 |
| .BR "ip netns list-id" |
| |
| .SH DESCRIPTION |
| A network namespace is logically another copy of the network stack, |
| with its own routes, firewall rules, and network devices. |
| |
| By default a process inherits its network namespace from its parent. Initially all |
| the processes share the same default network namespace from the init process. |
| |
| By convention a named network namespace is an object at |
| .BR "/var/run/netns/" NAME |
| that can be opened. The file descriptor resulting from opening |
| .BR "/var/run/netns/" NAME |
| refers to the specified network namespace. Holding that file |
| descriptor open keeps the network namespace alive. The file |
| descriptor can be used with the |
| .B setns(2) |
| system call to change the network namespace associated with a task. |
| |
| For applications that are aware of network namespaces, the convention |
| is to look for global network configuration files first in |
| .BR "/etc/netns/" NAME "/" |
| then in |
| .BR "/etc/". |
| For example, if you want a different version of |
| .BR /etc/resolv.conf |
| for a network namespace used to isolate your vpn you would name it |
| .BR /etc/netns/myvpn/resolv.conf. |
| |
| .B ip netns exec |
| automates handling of this configuration, file convention for network |
| namespace unaware applications, by creating a mount namespace and |
| bind mounting all of the per network namespace configure files into |
| their traditional location in /etc. |
| |
| .TP |
| .B ip netns list - show all of the named network namespaces |
| .sp |
| This command displays all of the network namespaces in /var/run/netns |
| |
| .TP |
| .B ip netns add NAME - create a new named network namespace |
| .sp |
| If NAME is available in /var/run/netns/ this command creates a new |
| network namespace and assigns NAME. |
| |
| .TP |
| .B ip [-all] netns delete [ NAME ] - delete the name of a network namespace(s) |
| .sp |
| If NAME is present in /var/run/netns it is umounted and the mount |
| point is removed. If this is the last user of the network namespace the |
| network namespace will be freed and all physical devices will be moved to the |
| default one, otherwise the network namespace persists until it has no more |
| users. ip netns delete may fail if the mount point is in use in another mount |
| namespace. |
| |
| If |
| .B -all |
| option was specified then all the network namespace names will be removed. |
| |
| It is possible to lose the physical device when it was moved to netns and |
| then this netns was deleted with a running process: |
| |
| .RS 10 |
| $ ip netns add net0 |
| .RE |
| .RS 10 |
| $ ip link set dev eth0 netns net0 |
| .RE |
| .RS 10 |
| $ ip netns exec net0 SOME_PROCESS_IN_BACKGROUND |
| .RE |
| .RS 10 |
| $ ip netns del net0 |
| .RE |
| |
| .RS |
| and eth0 will appear in the default netns only after SOME_PROCESS_IN_BACKGROUND |
| will exit or will be killed. To prevent this the processes running in net0 |
| should be killed before deleting the netns: |
| |
| .RE |
| .RS 10 |
| $ ip netns pids net0 | xargs kill |
| .RE |
| .RS 10 |
| $ ip netns del net0 |
| .RE |
| |
| .TP |
| .B ip netns set NAME NETNSID - assign an id to a peer network namespace |
| .sp |
| This command assigns a id to a peer network namespace. This id is valid |
| only in the current network namespace. |
| This id will be used by the kernel in some netlink messages. If no id is |
| assigned when the kernel needs it, it will be automatically assigned by |
| the kernel. |
| Once it is assigned, it's not possible to change it. |
| |
| .TP |
| .B ip netns identify [PID] - Report network namespaces names for process |
| .sp |
| This command walks through /var/run/netns and finds all the network |
| namespace names for network namespace of the specified process, if PID is |
| not specified then the current process will be used. |
| |
| .TP |
| .B ip netns pids NAME - Report processes in the named network namespace |
| .sp |
| This command walks through proc and finds all of the process who have |
| the named network namespace as their primary network namespace. |
| |
| .TP |
| .B ip [-all] netns exec [ NAME ] cmd ... - Run cmd in the named network namespace |
| .sp |
| This command allows applications that are network namespace unaware |
| to be run in something other than the default network namespace with |
| all of the configuration for the specified network namespace appearing |
| in the customary global locations. A network namespace and bind mounts |
| are used to move files from their network namespace specific location |
| to their default locations without affecting other processes. |
| |
| If |
| .B -all |
| option was specified then |
| .B cmd |
| will be executed synchronously on the each named network namespace even if |
| .B cmd |
| fails on some of them. Network namespace name is printed on each |
| .B cmd |
| executing. |
| |
| .TP |
| .B ip netns monitor - Report as network namespace names are added and deleted |
| .sp |
| This command watches network namespace name addition and deletion events |
| and prints a line for each event it sees. |
| |
| .TP |
| .B ip netns list-id - list network namespace ids (nsid) |
| .sp |
| Network namespace ids are used to identify a peer network namespace. This |
| command displays nsid of the current network namespace and provides the |
| corresponding iproute2 netns name (from /var/run/netns) if any. |
| |
| .SH EXAMPLES |
| .PP |
| ip netns list |
| .RS |
| Shows the list of current named network namespaces |
| .RE |
| .PP |
| ip netns add vpn |
| .RS |
| Creates a network namespace and names it vpn |
| .RE |
| .PP |
| ip netns exec vpn ip link set lo up |
| .RS |
| Bring up the loopback interface in the vpn network namespace. |
| .RE |
| |
| .SH SEE ALSO |
| .br |
| .BR ip (8) |
| |
| .SH AUTHOR |
| Original Manpage by Eric W. Biederman |