Switching in software on Linux is one of the important parts when using virtualization technologies like KVM or LXC. Typical hosts do not provide one or more physical adapters for each NIC of a virtual machine in KVM or per container when using LXC. Something else must take the part to interconnect the virtual network interfaces.

The software switching classical tool is the linuxbridge, which is available in the Linux kernel for a long time. The frontend to manage the linuxbridge isbrctl. The newer tool is the Openvswitch (athttp://openvswitch.org/). The main frontend isovs-vsctl.

In this post I will show multiple solutions to interconnect Linux namespaces using a software based switch. A performance analysis of these solutions will be discussed in another article later. Starting with network namespaces helps to understand the more complex situations when using KVM or LXC.

tap interfaces

Linux tap interfaces created with ip tuntap cannot be used to attach network namespaces to linuxbridges or the openvswitch.

veth pair

The simple solution to connect two network namespaces is the usage of one veth pair. This has been discussed in a previous artice.

Connecting namespaces using a veth pair

The command sequence has been discussed in a previous article, but we show the commands here again

veth pair

# add the namespaces

ipnetnsaddns1

ipnetnsaddns2

# create the veth pair

iplinkaddtap1typevethpeernametap2

# move the interfaces to the namespaces

iplinksettap1netnsns1

iplinksettap2netnsns2

# bring up the links

ipnetnsexecns1iplinksetdevtap1up

ipnetnsexecns2iplinksetdevtap2up

# now assign the ip addresses

linux bridge and two veth pairs

When more than two network namespaces (or KVM or LXC instances) must be connected a switch should be used. Linux offers as one solution the well known linux bridge.

Connecting namespaces using a linux bridge and two veth pairs

We need for this setup one switch, and two connectors. In this setup we use a linuxbridge and two veth pairs.

The commands to create this setup are:

linuxbridge and two veth pairs

# add the namespaces

ipnetnsaddns1

ipnetnsaddns2

# create the switch

BRIDGE=br-test

brctladdbr$BRIDGE

brctlstp$BRIDGEoff

iplinksetdev$BRIDGEup

#

#### PORT 1

# create a port pair

iplinkaddtap1typevethpeernamebr-tap1

# attach one side to linuxbridge

brctladdifbr-testbr-tap1

# attach the other side to namespace

iplinksettap1netnsns1

# set the ports to up

ipnetnsexecns1iplinksetdevtap1up

iplinksetdevbr-tap1up

#

#### PORT 2

# create a port pair

iplinkaddtap2typevethpeernamebr-tap2

# attach one side to linuxbridge

brctladdifbr-testbr-tap2

# attach the other side to namespace

iplinksettap2netnsns2

# set the ports to up

ipnetnsexecns2iplinksetdevtap2up

iplinksetdevbr-tap2up

#

openvswitch and two veth pairs

Another solution is to use the openvswitch instead of the „old“ linuxbrige. The configuration is nearly the same as for the linuxbridge.

Connecting namespaces using the openvswitch and two veth pairs

We need for this setup one switch, and two connectors. In this setup we use an openvswitch and two veth pairs.

The commands to create this setup are:

openvswitch and two veth pairs

# add the namespaces

ipnetnsaddns1

ipnetnsaddns2

# create the switch

BRIDGE=ovs-test

ovs-vsctladd-br$BRIDGE

#

#### PORT 1

# create a port pair

iplinkaddtap1typevethpeernameovs-tap1

# attach one side to ovs

ovs-vsctladd-port$BRIDGEovs-tap1

# attach the other side to namespace

iplinksettap1netnsns1

# set the ports to up

ipnetnsexecns1iplinksetdevtap1up

iplinksetdevovs-tap1up

#

#### PORT 2

# create a port pair

iplinkaddtap2typevethpeernameovs-tap2

# attach one side to ovs

ovs-vsctladd-port$BRIDGEovs-tap2

# attach the other side to namespace

iplinksettap2netnsns2

# set the ports to up

ipnetnsexecns2iplinksetdevtap2up

iplinksetdevovs-tap2up

#

openvswitch and two openvswitch ports

Another solution is to use the openvswitch and make use of the openvswitch internal ports. This avoids the usage of the veth pairs, which must be used in all other solutions.

Connecting namespaces using the openvswitch and two openvswitch ports

We need for this setup one switch, and two connectors. In this setup we use an openvswitch and two openvswitch ports.

The commands to create this setup are:

openvswitch and two openvswitch internal ports

# add the namespaces

ipnetnsaddns1

ipnetnsaddns2

# create the switch

BRIDGE=ovs-test

ovs-vsctladd-br$BRIDGE

#

#### PORT 1

# create an internal ovs port

ovs-vsctladd-port$BRIDGEtap1--setInterfacetap1type=internal

# attach it to namespace

iplinksettap1netnsns1

# set the ports to up

ipnetnsexecns1iplinksetdevtap1up

#

#### PORT 2

# create an internal ovs port

ovs-vsctladd-port$BRIDGEtap2--setInterfacetap2type=internal

# attach it to namespace

iplinksettap2netnsns2

# set the ports to up

ipnetnsexecns2iplinksetdevtap2up

Performance

In another article I will show some performance numbers for the four presented solutions. There are noticeable differences with respect to throughput and CPU usage.