NETWORK_NAMESPACES(7) (2020-06-09) NETWORK_NAMESPACES(7)
NAME
network_namespaces - overview of Linux network namespaces
DESCRIPTION
Network namespaces provide isolation of the system resources
associated with networking: network devices, IPv4 and IPv6
protocol stacks, IP routing tables, firewall rules, the
/proc/net directory (which is a symbolic link to
/proc/PID/net), the /sys/class/net directory, various files
under /proc/sys/net, port numbers (sockets), and so on. In
addition, network namespaces isolate the UNIX domain
abstract socket namespace (see unix(7)).
A physical network device can live in exactly one network
namespace. When a network namespace is freed (i.e., when
the last process in the namespace terminates), its physical
network devices are moved back to the initial network names-
pace (not to the parent of the process).
A virtual network (veth(4)) device pair provides a pipe-like
abstraction that can be used to create tunnels between net-
work namespaces, and can be used to create a bridge to a
physical network device in another namespace. When a names-
pace is freed, the veth(4) devices that it contains are
destroyed.
Use of network namespaces requires a kernel that is config-
ured with the CONFIG_NET_NS option.
SEE ALSO
nsenter(1), unshare(1), clone(2), veth(4), proc(5),
sysfs(5), namespaces(7), user_namespaces(7), brctl(8),
ip(8), ip-address(8), ip-link(8), ip-netns(8), iptables(8),
ovs-vsctl(8)
COLOPHON
This page is part of release 5.10 of the Linux man-pages
project. A description of the project, information about
reporting bugs, and the latest version of this page, can be
found at https://www.kernel.org/doc/man-pages/.
Page 1 Linux (printed 5/22/22)