Previously we had talked about service-centric networking. Since then, we have now implemented a prototype experiment implementing the ideas from Serval that demonstrates ICMP ping migration involving the Linux iptables and Network Namespaces.
TCP/IP networking relies on IP addresses mapped to a machine to facilitate routing through the Border Gateway Protocol ( BGP). This mapping is usually done through the DNS, which maps human-readable names ("cats.com") to IP addresses. Service centric networks are an alternative/extension to DNS, where the host maintains their own table of mappings from service names to tuples of IP address and port number, but with additional capabilities to control the routing of data. This additional flexibility is usually referenced in the literature as separating the control plane and data plane. The key advantage provided by this is additional flexibility in dynamically modifying the service table compared to DNS. Our discussion of service centric networking is based on the Serval paper here.
The fundamental isolation technology supporting containers on Linux are Linux namespaces. Namespaces provide isolation of global resources in a way that is transparent to the processes within the namespace. There are currently 7 different namespaces that are supported: Cgroups, IPC, Network, Mount, PID, User, UTS. Today we will be looking at the network namespace.