Move network device between Linux network namespaces












1















In Linux, set up 2 network namespaces, ns1 and ns2. ip netns list can view the 2 network namespaces.



If I move one network device from Linux root namespace to ns1 then from ns1 to ns2, then delete ns2, I expect that the network device can move back to ns1.



The actual result is that eth1 is back to Linux root network namespace. I'm not sure whether it's as expected.



Here is the detail test scenario:





  1. ip netns add ns1

  2. ip netns add ns2

  3. ip link set eth1 netns ns1

  4. ip netns exec ns1 ip link set eth1 netns ns2

  5. ip netns del ns2


Expected result: eth1 will be in ns1



Actual result: eth1 is back in Linux root namespace 1



Question: is there any method to realize such scenario to make sure device can be back to ns1 not Linux root network namespace 1?






linux network-namespaces







share|improve this question

























  • Make ns2 a child of ns1.

    – Patrick
    Jun 15 '18 at 12:28











  • To overcome this limitation, you could have an event loop running (on the output of) ip monitor link to detect the reapparition of the device on the initial net namespace, and immediately cast it to ns1. Interface's name could be different from the former in some cases of renaming or naming conflict.

    – A.B
    Jan 7 at 18:45


















1















In Linux, set up 2 network namespaces, ns1 and ns2. ip netns list can view the 2 network namespaces.



If I move one network device from Linux root namespace to ns1 then from ns1 to ns2, then delete ns2, I expect that the network device can move back to ns1.



The actual result is that eth1 is back to Linux root network namespace. I'm not sure whether it's as expected.



Here is the detail test scenario:





  1. ip netns add ns1

  2. ip netns add ns2

  3. ip link set eth1 netns ns1

  4. ip netns exec ns1 ip link set eth1 netns ns2

  5. ip netns del ns2


Expected result: eth1 will be in ns1



Actual result: eth1 is back in Linux root namespace 1



Question: is there any method to realize such scenario to make sure device can be back to ns1 not Linux root network namespace 1?






linux network-namespaces







share|improve this question

























  • Make ns2 a child of ns1.

    – Patrick
    Jun 15 '18 at 12:28











  • To overcome this limitation, you could have an event loop running (on the output of) ip monitor link to detect the reapparition of the device on the initial net namespace, and immediately cast it to ns1. Interface's name could be different from the former in some cases of renaming or naming conflict.

    – A.B
    Jan 7 at 18:45
















1












1








1


0






In Linux, set up 2 network namespaces, ns1 and ns2. ip netns list can view the 2 network namespaces.



If I move one network device from Linux root namespace to ns1 then from ns1 to ns2, then delete ns2, I expect that the network device can move back to ns1.



The actual result is that eth1 is back to Linux root network namespace. I'm not sure whether it's as expected.



Here is the detail test scenario:





  1. ip netns add ns1

  2. ip netns add ns2

  3. ip link set eth1 netns ns1

  4. ip netns exec ns1 ip link set eth1 netns ns2

  5. ip netns del ns2


Expected result: eth1 will be in ns1



Actual result: eth1 is back in Linux root namespace 1



Question: is there any method to realize such scenario to make sure device can be back to ns1 not Linux root network namespace 1?






linux network-namespaces







share|improve this question
















In Linux, set up 2 network namespaces, ns1 and ns2. ip netns list can view the 2 network namespaces.



If I move one network device from Linux root namespace to ns1 then from ns1 to ns2, then delete ns2, I expect that the network device can move back to ns1.



The actual result is that eth1 is back to Linux root network namespace. I'm not sure whether it's as expected.



Here is the detail test scenario:





  1. ip netns add ns1

  2. ip netns add ns2

  3. ip link set eth1 netns ns1

  4. ip netns exec ns1 ip link set eth1 netns ns2

  5. ip netns del ns2


Expected result: eth1 will be in ns1



Actual result: eth1 is back in Linux root namespace 1



Question: is there any method to realize such scenario to make sure device can be back to ns1 not Linux root network namespace 1?






linux network-namespaces




linux network-namespaces






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Feb 1 at 23:54









guntbert

1,06111017




1,06111017










asked Jun 15 '18 at 7:52









Pamela MeiPamela Mei

61




61













  • Make ns2 a child of ns1.

    – Patrick
    Jun 15 '18 at 12:28











  • To overcome this limitation, you could have an event loop running (on the output of) ip monitor link to detect the reapparition of the device on the initial net namespace, and immediately cast it to ns1. Interface's name could be different from the former in some cases of renaming or naming conflict.

    – A.B
    Jan 7 at 18:45





















  • Make ns2 a child of ns1.

    – Patrick
    Jun 15 '18 at 12:28











  • To overcome this limitation, you could have an event loop running (on the output of) ip monitor link to detect the reapparition of the device on the initial net namespace, and immediately cast it to ns1. Interface's name could be different from the former in some cases of renaming or naming conflict.

    – A.B
    Jan 7 at 18:45



















Make ns2 a child of ns1.

– Patrick
Jun 15 '18 at 12:28





Make ns2 a child of ns1.

– Patrick
Jun 15 '18 at 12:28













To overcome this limitation, you could have an event loop running (on the output of) ip monitor link to detect the reapparition of the device on the initial net namespace, and immediately cast it to ns1. Interface's name could be different from the former in some cases of renaming or naming conflict.

– A.B
Jan 7 at 18:45







To overcome this limitation, you could have an event loop running (on the output of) ip monitor link to detect the reapparition of the device on the initial net namespace, and immediately cast it to ns1. Interface's name could be different from the former in some cases of renaming or naming conflict.

– A.B
Jan 7 at 18:45












1 Answer
1






active

oldest

votes


















0














As far as I know, there is no way to enforce "physical" network interfaces return to a different network namespace than the root network namespace. Contrary to Patrick's comment, the Linux kernel considers network namespace to be flat (see ioctl_ns - ioctl() operations for Linux namespaces, which explicitly mentions only PID and user namespaces to be hierarchical).



Because there is no hierarchy for network namespaces defined (which would be difficult to apply to IP stacks, addresses, and route tables), Linux has the return-to-home rule which moves network interfaces back into the network namespace joined/created by init(1).



All ip netns add ... does is create a new network namespace by calling unshare() and then bind-mounts it into /run/netns/ns1 to keep it floating alive. The next ip nets add ... starts anew, mount-binding another network namespace into /run/netns/ns2. Two completely unrelated network namespaces.






share|improve this answer

























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "106"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f449948%2fmove-network-device-between-linux-network-namespaces%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    As far as I know, there is no way to enforce "physical" network interfaces return to a different network namespace than the root network namespace. Contrary to Patrick's comment, the Linux kernel considers network namespace to be flat (see ioctl_ns - ioctl() operations for Linux namespaces, which explicitly mentions only PID and user namespaces to be hierarchical).



    Because there is no hierarchy for network namespaces defined (which would be difficult to apply to IP stacks, addresses, and route tables), Linux has the return-to-home rule which moves network interfaces back into the network namespace joined/created by init(1).



    All ip netns add ... does is create a new network namespace by calling unshare() and then bind-mounts it into /run/netns/ns1 to keep it floating alive. The next ip nets add ... starts anew, mount-binding another network namespace into /run/netns/ns2. Two completely unrelated network namespaces.






    share|improve this answer






























      0














      As far as I know, there is no way to enforce "physical" network interfaces return to a different network namespace than the root network namespace. Contrary to Patrick's comment, the Linux kernel considers network namespace to be flat (see ioctl_ns - ioctl() operations for Linux namespaces, which explicitly mentions only PID and user namespaces to be hierarchical).



      Because there is no hierarchy for network namespaces defined (which would be difficult to apply to IP stacks, addresses, and route tables), Linux has the return-to-home rule which moves network interfaces back into the network namespace joined/created by init(1).



      All ip netns add ... does is create a new network namespace by calling unshare() and then bind-mounts it into /run/netns/ns1 to keep it floating alive. The next ip nets add ... starts anew, mount-binding another network namespace into /run/netns/ns2. Two completely unrelated network namespaces.






      share|improve this answer




























        0












        0








        0







        As far as I know, there is no way to enforce "physical" network interfaces return to a different network namespace than the root network namespace. Contrary to Patrick's comment, the Linux kernel considers network namespace to be flat (see ioctl_ns - ioctl() operations for Linux namespaces, which explicitly mentions only PID and user namespaces to be hierarchical).



        Because there is no hierarchy for network namespaces defined (which would be difficult to apply to IP stacks, addresses, and route tables), Linux has the return-to-home rule which moves network interfaces back into the network namespace joined/created by init(1).



        All ip netns add ... does is create a new network namespace by calling unshare() and then bind-mounts it into /run/netns/ns1 to keep it floating alive. The next ip nets add ... starts anew, mount-binding another network namespace into /run/netns/ns2. Two completely unrelated network namespaces.






        share|improve this answer















        As far as I know, there is no way to enforce "physical" network interfaces return to a different network namespace than the root network namespace. Contrary to Patrick's comment, the Linux kernel considers network namespace to be flat (see ioctl_ns - ioctl() operations for Linux namespaces, which explicitly mentions only PID and user namespaces to be hierarchical).



        Because there is no hierarchy for network namespaces defined (which would be difficult to apply to IP stacks, addresses, and route tables), Linux has the return-to-home rule which moves network interfaces back into the network namespace joined/created by init(1).



        All ip netns add ... does is create a new network namespace by calling unshare() and then bind-mounts it into /run/netns/ns1 to keep it floating alive. The next ip nets add ... starts anew, mount-binding another network namespace into /run/netns/ns2. Two completely unrelated network namespaces.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Jun 26 '18 at 17:38

























        answered Jun 25 '18 at 21:08









        TheDiveOTheDiveO

        25811




        25811






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f449948%2fmove-network-device-between-linux-network-namespaces%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            How to reconfigure Docker Trusted Registry 2.x.x to use CEPH FS mount instead of NFS and other traditional...

            Image
            0 I am having trouble trying to reconfigure my DTR container to try and use a CEPH FS mount we created to act as a storage backend for our image repository. The Docs are very vague on this and nothing exactly explains on how to do it. Has anyone yet connected the dots? linux filesystems mount storage docker share | improve this question asked Feb 1 at 6:40 jRapp3r jRapp3r 1 1 add a comment  | 
            Read more

            is 'sed' thread safe

            Image
            2 If I have a shell/python script that uses sed to modify a file in place based on user inputs, and then two users run the same script at the same time or approx. same time, is 'sed' thread safe ? Or perhaps it is not an issue because the file_descripor that was opened by the first thread will be used to lock the file anyway ? thx linux sed python share | improve this question edited 7 hours ago Jeff Schaller 42.9k 11 59 137 asked 7 hours ago terreys terreys
            Read more

            How to make a Squid Proxy server?

            Image
            1 I want to set up squid proxy server for monitoring user activity in a network and Internet Web URL filtering for user. I also want to configure the user login, user log, user access group, and block unwanted web sites in my network. Please help me and guide me the full process to do this. server proxy squid share | improve this question edited Jul 31 '12 at 14:45 Jorge Castro 37.1k 107 422 617 asked Jul 31 '12 at 5:16 Goivind Tiwari Goivind Tiwari
            Read more