force_local_traffic_through_external_ethernet_cable_by_using_ip_namespaces

force local traffic through external ethernet cable by using ip namespaces

lets say you want to run some performance benchmarks between two local network interfaces on a linux machine. if you assign an ip address to each of them and then run your benchmarks, your traffic will not go ghrough the cable but will be routed locally. It does not help to specify a listening interface or anything, you can also play with routes etc. you traffic will still be routed locally.

earlyer on the only solution was a rather complex setup with iptables and nat and then keeping both your interfaces in a different subnet in order to force traffic through the cable. however, now that we have the ip command we can do this using namespaces.

once a namespace is assigned to a network interface, your regular tools won't see it anymore. ifconfig or ip link will not list it anymore, it is only accessible if you prefix your command with ip netns exec <namespace> <command>. so ip netns exec mynamespace ip link will show your interfaces in mynamepsace which are otherwise not visible.

so let's use this to our advantage to run our benchmark. Our two netowrk interfaces are eth1 and eth5 they are connected throught a direct link between them:

first we create the namespace: 

ip netns add ns_server
ip netns add ns_client

now we assign each interface to its namespace 

ip link set eth1 netns ns_server
ip link set eth5 netns ns_client

now it's time to assign an ip to each interface. the two IP's should be in the same subnet. 

ip netns exec ns_server ip addr add dev eth1 10.0.0.1/24
ip netns exec ns_server ip link set dev eth1 up
ip netns exec ns_client ip addr add dev eth5 10.0.0.2/24
ip netns exec ns_client ip link set dev eth5 up

you will now see that eth1 and eth5 disappeared from your system. they can only be used via the ip namespace command. so let create some traffic and see if the traffic really goes across the network:

in one terminal start: 

ip netns exec ns_server nc -l 1234 > /dev/null

in the second start: 

ip netns exec ns_client nc 10.0.0.1 1234 < /dev/zero

in a third terminal, use some tool like ethtool -S or in my case iftop to see if traffic is going across our interface. 

ip netns exec ns_server iftop

you should see your full bandwidth being used by the one netcat process in iftop

or you can run iperf if thats available to you to stress-test your network card with parallel transfers etc.: 

ip netns exec ns_server iperf -s

and for the client: 

ip netns exec ns_client iperf -c 10.0.0.1 -d -P 20 -t 99999

-d uses bidirectional transfers, -P 20 runs 20 processes in parallel and -t 99999 runs for 99999 seconds

cleaning up

once you are done, simply run 

ip netns del ns_server
ip netns del ns_client

and all your settings including the ip addresses etc. are gone. your interfaces will be back in the default namespace

  • force_local_traffic_through_external_ethernet_cable_by_using_ip_namespaces.txt
  • Last modified: 10.02.2018 10:47
  • by Pascal Suter