isolation

The fundamental isolation technology supporting containers on Linux are Linux namespaces. Namespaces provide isolation of global resources in a way that is transparent to the processes within the namespace. There are currently 7 different namespaces that are supported: Cgroups, IPC, Network, Mount, PID, User, UTS. Today we will be looking at the network namespace. The network namespace can be thought of as a copy of the network stack. It provides isolation in network interfaces, routes, and firewall rules. In this article we will be using the tools from iproute2 to demonstrate. First let's create a new network namespace to play…