Secure Execution Environments

Network namespace

Network namespaces provide isolation of the system resources associated with networking: network devices, IPV* protocol stacks, IP routing tables, firewall rules, port numbers, etc.

A physical network device can live in exactly one network namespace. When a network namespace is freed, its physical network devices are moved back to the initial network namespace.

A virtual network (veth) device pair provides a pipe-like abstraction that can be used to create tunnels between network namespaces and can be used to create a bridge to a physical network device in another namespace. When a namespace is freed, its veth devices are destroyed.

Linux network interfaces include.

  • Physical interfaces (ETH, Wi-Fi, etc.)

  • Virtual interfaces (loopback, etc.)

A network namespace is a separate set of network interfaces.

  • All virtual

  • Including loopback

PreviousProcess NamespaceNextMount namespace

Last updated