network_namespaces - overview of Linux network namespaces

          Network namespaces provide isolation of the system resources
          associated with networking: network devices, IPv4 and IPv6
          protocol stacks, IP routing tables, firewall rules, the
          /proc/net directory (which is a symbolic link to
          /proc/PID/net), the /sys/class/net directory, various files
          under /proc/sys/net, port numbers (sockets), and so on.  In
          addition, network namespaces isolate the UNIX domain
          abstract socket namespace (see unix(7)).

          A physical network device can live in exactly one network
          namespace.  When a network namespace is freed (i.e., when
          the last process in the namespace terminates), its physical
          network devices are moved back to the initial network names-
          pace (not to the parent of the process).

          A virtual network (veth(4)) device pair provides a pipe-like
          abstraction that can be used to create tunnels between net-
          work namespaces, and can be used to create a bridge to a
          physical network device in another namespace.  When a names-
          pace is freed, the veth(4) devices that it contains are

          Use of network namespaces requires a kernel that is config-
          ured with the CONFIG_NET_NS option.

          nsenter(1), unshare(1), clone(2), veth(4), proc(5),
          sysfs(5), namespaces(7), user_namespaces(7), brctl(8),
          ip(8), ip-address(8), ip-link(8), ip-netns(8), iptables(8),

          This page is part of release 5.10 of the Linux man-pages
          project.  A description of the project, information about
          reporting bugs, and the latest version of this page, can be
          found at

     Page 1                        Linux             (printed 5/22/22)