This tutorial is so fantastic. I've spent weeks reading netowrking books but could not implement any of their examples. This video put it all in a cleaver and comprehensive example. Million thanks for the amazing very clear step by step explanations. I watched and implement it step by step. Will continue the other parts.
Really Great Work. So grateful I watched this on. Cleared everything for me. All my confusion and doubt's are gone related to networking. Thank you so much 🙏 I would recommend my peers to watch this.
Excellent video, excellent demo, excellent way to present the whole video. Appreciate your time and efforts for creating this series. This video is unmatachable. Amazing work sir. ❤👏👏👏
Just halfway through the first video and i can say the type of presentation and knowledge in here is very easy to understand and covers every basic concept. Thanks so much for making this video ❤
Very nice presentation, that should be done in University classes! Your explanations made everything clear in the networking domain, these lectures are TOP!!! Keep up the good work!
great work and videos brother. i have watched kubeproxy iptables and ipvs earlier, and now i will go through every video you have uploaded. Such in depth information i was looking for and you have it all. I will become a K8S pro soon. Keep creating such content.
@NABEEL NASIR , many thanks for the kind words and glad you found it helpful! Please consider subscribing as I am working on new materials related to Kubernetes control plane and services that you may also find useful. Thanks again!
@@TheLearningChannel-Tech I have subscribed to your channel. I will share your channel with all my friends. Will you be making series on kubernetes for beginners from scratch?
1 question here. You setup both bridges in ubuntu1 and ubuntu2 to have different ips here. But since the bridges are in different vms they could have had same ip. In that case when we ping from namespace1 how will it be able to reach namespace2's bridge ?
@TheLearningChannel-Tech : Thanks for your wonderful session, But I tried on my Virtual box VM's, I'm unable to ping from NS1 to NS2 itself using bridge.. Would you please help me here?
Hi, I like your video, it´s informative. I tried a lot today to implement this scenario but unfortunately i could not. I can ping in ubuntu1 machine but i cannot ping from one to another. i am describing what i did so you can understand my problem, i have created two vm machine in virtual box and i created same script in 2 machines but i have changed the ip address of ubuntu2 to 172.168.1.0. my question is, i have seen you run the command in one machine and you still can communicate both, did you skip ubuntu2 machine configuration?
This is an excellent video and the series will clear all the doubts the begineers have, could you please pass the link of the commands you executred in the demo mate, Thanks in advance !
Very good explanation. Thank you so much for putting in the effort to prepare this video. I have a dumb question. In VM1 setup, you never really connected bridge to eth0 of VM1. Is connectivity from bridge to eth0 is due to ip forwarding being enabled here or something else?
@vipinchawria , thanks for your kind words! When a bridge is created, it is automatically connected to the default Ethernet adaptor (eth0 in this case), you won't need to run any script. Hope this helps. Thanks again.
At 38:16, note that in Ubuntu 22.04.5 LTS, the "via" option is not available. Instead execute the command as `sudo ip route add $TO_BRIDGE_SUBNET $TO_NODE_IP dev eth0`
Sir, i am very new to all these concepts , but your videos are very easy to understand. I have a question (It may be a stupid question) , bridge is layer 2 device , and layer 2 devices use MAC addresses, so why we assign an IP address to it ?
Hi, IP is still needed for a variety of reasons such as routing out or in calls to/in from other networks. Also, layer 2 doesn't have a concept of lookup like DNS in layer 3. When a device wants to send a message to another device, it will have to send out an ARP request to find the other device's MAC address.
@TheLearningChannel-Tech -- Question: At 24:40, Why is the eth0 IP 192.168.0.10, shouldn't it be 192.168.0.11, as per the Ubuntu VM2 IP mentioned in the slide before this?
Well explained view of how networking components are put together. One question where can the scripts be found to try this out for myself and experiment with? Thanks
Great job!! Thanks a ton. This video expose all underlying communication between vm to vm as well as container to container. By the way would you please share the script which is used for readiness of your lab environment?
Thank you for your feedback! You can find the scripts here: github.com/gary-RR/myRUclips_video_container_networking. You'll need two Linux VMs to run these. I used Ubuntu, please read the "README.md" file for more info. Thanks again for watching an your kind words.
@vj gaur, hello and thanks for your feedback. I'm guessing you are asking about the container use cases? If so, no they are not tied to the cloud Kubernetes or even Docker for that matter. Namespaces and containers are Linux kernel constructs. Docker and by extension Kubernetes provide environments to host and manage containers. Kubernetes can be hosted internally or on a public cloud, however, for this course you won't need any cloud or Docker/Kubernetes access. The examples can be run on Linux VM(s). Hope this helps.
Hi. thanks for all your efforts in making complicated topics easily digestable for beginners like me. Is there a way I can get the links to the commands that you've used in this video? I want to experiment them myself. EDIT: got the Github link from another recent reply. It would really help others, if you could please add it the video description, or you can add a comment and pin it.
Hi, great video, learned a ton from it! one question, why do we need a udp tunnel when the vm's ip's are on a different subnet? why a router isn't enough? thanks!
Hi, great question, remember that containers (think Kubernetes PODs) are created at scale and although the container hosts are connected on L3 networks, adjusting routes manually to guide packets from one container on one host to containers on other hosts is not practical. L4 tunnels are an important tool to automate container connectivity in those scenarios. This technique is used in VXLAN.
@@TheLearningChannel-Tech Thanks for the answer! so basically, if there are more than 2 nodes, there will be a "mesh" of tunnels between all nodes bridges?
@@shinemet Hi Ben, in practice such as VXLAN tunnels, these tunnels are temporarily established and torn down once the POD to POD connection and request/response have been completed. So they are not permanent to participate in any mesh.
@@TheLearningChannel-Tech Thanks :), one last question I have. I saw your video about Flannel, basically when you are saying that L4 tunnels are automating containers connectivity, this connectivity is between containers on different nodes, right? and I saw a virtual interface called "flannel" this creature is responsible for this l4 tunneling automation?
@@shinemet Hi Ben, Correct, only the POD communication that crosses VMs will go through the UPD tunnel. The technology that Flannel uses is called VXLAN. On each node, an adaptor called VXLAN Tunnel Endpoint (VTEP for short) is installed, the "flannel" adaptor you referred to. When a POD calls another POD, the traffic is intercepted by the VTEP and additional ethernet and VXLAN header is added to send the traffic to other side. The VTEP on the destination VM intercepts the packet and routes it to the destination POD. If you want to know more about how VXLAN works, you can watch my VXLAN video: ruclips.net/video/WMLSD2y2Ig4/видео.html . Hope this helps!
@TheLearningChannel-Tech, I have quick question, is it possible to host a routing OS like OpenWRT or other inside VM or container to provide networking and traffic routing to other containers and/or VM's running on same hardware, knowing that the hardware is intel x86 based mini PC router with 6 LAN ports and 2 WLAN interfaces, reason is that I want to get utmost of this hardware to run app's as well as acting as router, if this is doable, which is best network fabric here? is a bridge or macvlan is better?
I haven't really used OpenWRT but I believe it is meant for embedded devices. For containers you really don't need that. Containers are usually hosted on Kubernetes and CNI provides such as Calico and Cilium provide all the necessary plumbing for containers to talk to each other regardless of location (same node or other nodes). Check out my other videos on Kubernetes. This video is just an intro to container networking to learn some basic ideas. In practice the CNI providers take care of all the details.
@@TheLearningChannel-Tech I guess you're right, the need for routing at layer 1 & 2 can be done without additional software, using k8 CNI at NIC level, but maybe Macvlan is needed to capture traffic from all NIC's, not sure if am right
I just downloaded the shell script from your github repository, and tried it, but the ping only works for the namespace in the same node, failed to namespace of the other node I am confused a lot. I really appreciate if you can help.
Make sure you follow the instructions below and change the IP addresses to match your environment: # ------------------- Overlay setup --------------------- # To establish the udp tunnel (make sure to run these as root (sudo -i)): 1- On "ubuntu1" run: socat UDP:192.168.0.11:9000,bind=192.168.0.10:9000 TUN:172.16.0.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun & #***Note that I removed "iff-up" switch from command on "ubuntu1" because I was getting an error. 2- On "ubuntu2" run: socat UDP:192.168.0.10:9000,bind=192.168.0.11:9000 TUN:172.16.1.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun,iff-up & 3- Return to "ubuntu1" and run ip link set dev tundudp up #echo "Disables reverse path filtering" #sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter' #sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter' #sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/br0/rp_filter' #sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/tundudp/rp_filter
Great video!! Liked and subscribed. I have one question, for the container communication when the nodes are in different networks, what is the role of router and UDP tunnel? Shouldn't the router alone be capable to handle the cross-network communication? Thanks in advance! 🙏
Tunnels are used when two networks are in different subnets and don't have a direct line of communication. A good example is Kubernetes pods that are created on different nodes. The pods that are on the same node are on the same subnet and can freely communicate with each other, not so with pods on different nodes. In those situations, tunneling is one method of providing an L2 network bridges between pod networks, leveraging an underlaying L3 network.
@@TheLearningChannel-Tech Thank you for the response. Providing connectivity between different networks is job of router, right? So using the router only these servers can reach to each other, so what is the need of tunnel? Thanks again!
@@nagendersingh35 Yes, but you'll need to manually define routes for destinations. This is not an issue when there are a limited number of networks but in the case of containers (think Kubernetes), there may be thousands of nodes that host containers, manually creating these routes on routers are impractical. Thus, tunnels are set up, and the router knows how to deliver the message to the destination node. Once the message is delivered, a UDP tunnel is established between the two pod networks where pods can communicate.
Hello, Is there Any reason why we're assigning IP addresses only to 1 end of the veth cables that connects into the namespace (veth11,21) and not to the other end that is connecting to the bridge network (veth10,20)? I was of the opinion that both the ends need to be assigned with the IP addresses. Thanks
I haven't tried it on AWS per se but try the following(change IPs to reflect your scenario): To establish the udp tunnel (make sure to run these as root (sudo -i)): 1- On "ubuntu1" run: socat UDP:192.168.0.11:9000,bind=192.168.0.10:9000 TUN:172.16.0.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun & #***Note that I removed "iff-up" switch from command on "ubuntu1" because I was getting an error. 2- On "ubuntu2" run: socat UDP:192.168.0.10:9000,bind=192.168.0.11:9000 TUN:172.16.1.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun,iff-up & 3- Return to "ubuntu1" and run ip link set dev tundudp up
Hi man! Can you tell me what the problem is when I run socat command the test ip route command shows 172.16.1.2 via _my_home_gateway dev eth0 src 192.168.1.10 instead tundudp. I've noticed that the route to bridge subnet in the second part of your video is omitted. And also in my lab tundudp on both sides in down state. Should I insert missed routes on my home router? And clarify the exact IP addresses in your last part of video - 192.168.1.11 and 192.168.0.10? Because in first part IP addressess must be in one network.
@Johnny Russian, Hi Johny, After successfully establishing the UDP tunnel, the ip route should show something similar to this: ip route default via 192.168.0.1 dev eth0 proto static metric 100 169.254.0.0/16 dev eth0 scope link metric 1000 172.16.0.0/16 dev tundudp proto kernel scope link src 172.16.1.100 172.16.1.0/24 dev br0 proto kernel scope link src 172.16.1.1 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.11 metric 100 Also: ip link show type tun 8: tundudp: mtu 1500 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 500 link/none Here are my IP addresses and subnet mask on two ubuntu machines: ubuntu1: 192.168.0.10 (mask 255.255.255.0) ubuntu2: 192.168.0.11 (mask 255.255.255.0) Make sure both machines can ping each other and there are no network issues. To establish the udp tunnel (make sure to run these as root (sudo -i)): 1- On "ubuntu1" run: socat UDP:192.168.0.11:9000,bind=192.168.0.10:9000 TUN:172.16.0.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun & #***Note that I removed "iff-up" switch from command on "ubuntu1" because I was getting an error. 2- On "ubuntu2" run: socat UDP:192.168.0.10:9000,bind=192.168.0.11:9000 TUN:172.16.1.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun,iff-up & 3- Return to "ubuntu1" and run ip link set dev tundudp up There is an unfortunate typo on the slide, IPs should read 192.168.0.10 and 192.168.0.11. RUclips does not allow modifying the video once uploaded. Hope this helps!
HI. thank you so much for this lecture, may i ask please ask for the linux commands you used for this lecture? I would like to save it for a reference. thanks again!
Thank you, this is the most helpful content ive seen and it made me understand container networking better. ill be sharing this with my coworkers. thanks again!
Hi, under "File/Preferences", select "Keyboard Shortcuts" and then search for "Terminal: Run Selected Text In Active Terminal". In that window, you can associate any key like F8 with that shortcut and then when you highlight a code or a line and press F8, it will execute it in the active terminal.
The scripts are here: github.com/gary-RR/myRUclips_video_container_networking If after following the scripts still doesn't work then there might be something local on your machines that prevents. This. Good luck.
Thanks for the great video, I tried running same test on my local server (two Ubuntu VMs created). But I was unable to ping from one namespaces to another namespace on same VM (This issue even on another VM also). Can you please let me know what I am missing here.
Hi, Since I can't see your code, I'll provide the code that I used for the video below, go through it for your trouble shooting, good luck! #!bash NS1="NS1" NS2="NS2" NODE_IP="192.168.0.10" BRIDGE_SUBNET="172.16.0.0/24" BRIDGE_IP="172.16.0.1" IP1="172.16.0.2" IP2="172.16.0.3" TO_NODE_IP="192.168.0.11" TO_BRIDGE_SUBNET="172.16.1.0/24" TO_BRIDGE_IP="172.16.1.1" TO_IP1="172.16.1.2" TO_IP2="172.16.1.3" echo "Creating the namespaces" sudo ip netns add $NS1 sudo ip netns add $NS2 ip netns show echo "Creating the veth pairs" sudo ip link add veth10 type veth peer name veth11 sudo ip link add veth20 type veth peer name veth21 ip link show type veth #ip link show veth11 #ip link show veth20 echo "Adding the veth pairs to the namespaces" sudo ip link set veth11 netns $NS1 sudo ip link set veth21 netns $NS2 echo "Configuring the interfaces in the network namespaces with IP address" sudo ip netns exec $NS1 ip addr add $IP1/24 dev veth11 sudo ip netns exec $NS2 ip addr add $IP2/24 dev veth21 echo "Enabling the interfaces inside the network namespaces" sudo ip netns exec $NS1 ip link set dev veth11 up sudo ip netns exec $NS2 ip link set dev veth21 up echo "Creating the bridge" sudo ip link add br0 type bridge ip link show type bridge ip link show br0 #sudo ip link delete br0 echo "Adding the network namespaces interfaces to the bridge" sudo ip link set dev veth10 master br0 sudo ip link set dev veth20 master br0 echo "Assigning the IP address to the bridge" sudo ip addr add $BRIDGE_IP/24 dev br0 echo "Enabling the bridge" sudo ip link set dev br0 up echo "Enabling the interfaces connected to the bridge" sudo ip link set dev veth10 up sudo ip link set dev veth20 up echo "Setting the loopback interfaces in the network namespaces" sudo ip netns exec $NS1 ip link set lo up sudo ip netns exec $NS2 ip link set lo up sudo ip netns exec $NS1 ip a sudo ip netns exec $NS2 ip a echo "Setting the default route in the network namespaces" sudo ip netns exec $NS1 ip route add default via $BRIDGE_IP dev veth11 sudo ip netns exec $NS2 ip route add default via $BRIDGE_IP dev veth21
@@TheLearningChannel-Tech Thanks for your quick response. I was able to make progress now after disabling docker on my server. But I am still not clear how docker caused this issue . Any IP filtering is done at L2 bridge here ?
@@TheLearningChannel-Tech Yes, It worked when docker is down. Btw In the demo there two Ubuntu VMs (VM1 and VM2) are these VMs are on same host machine or is it two different physical servers.
Hi, In order for the one container on one machine to be able to communicate to another container on the other VM, you must set up a UDP tunnel as described below: First, I assume "eth0" on each VM is the interface that has with the one that an IP address is associated with it, you can run the following command to verify: ip addr Here are my IP addresses and subnet mask on two ubuntu machines: ubuntu1: 192.168.0.10 (mask 255.255.255.0) ubuntu2: 192.168.0.11 (mask 255.255.255.0) Make sure both machines can ping each other and there are no network issues. To establish the udp tunnel (make sure to run these as root (sudo -i)): 1- On "ubuntu1" run: socat UDP:192.168.0.11:9000,bind=192.168.0.10:9000 TUN:172.16.0.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun & #***Note that I removed "iff-up" switch from command on "ubuntu1" because I was getting an error. 2- On "ubuntu2" run: socat UDP:192.168.0.10:9000,bind=192.168.0.11:9000 TUN:172.16.1.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun,iff-up & 3- Return to "ubuntu1" and run ip link set dev tundudp up #echo "Disables reverse path filtering" #sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter' #sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter' #sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/br0/rp_filter' #sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/tundudp/rp_filter' #To verify that the tunnel is up, run: ip link show type tun 8: tundudp: mtu 1500 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 500 link/none Hope this helps.
The source code for demos are here: github.com/gary-RR/myRUclips_video_container_networking
Can you please share the presentation or the pdf?
this guys is distinguish level engineer and create free content, god bless you and your family
This series is criminally underrated.Good work here boss.
im cka certified. it is good to have kubernetes networking knowledge that they didnt go deep into. Very good and comprehensive content
With this introductory video, you have comforted a lot of DevOps engineers. This is amazing. Thank you!
Thank you and glad you found it helpful!
This tutorial is so fantastic. I've spent weeks reading netowrking books but could not implement any of their examples. This video put it all in a cleaver and comprehensive example.
Million thanks for the amazing very clear step by step explanations. I watched and implement it step by step. Will continue the other parts.
Finally Video with No quirky jokes instead just pure knowledge . Thank you
Simply the BEST video on the internet for understanding Docker Networking! Thank you, this must have taken a very long time to setup.
You're very welcome!
An excellent deep dive. Better than anything on Udemy or RUclips.
Thanks very much Mitch, much appreciated!
I searched the whole internet to found this type of basis to pro series thank you man...
This is an extremely informative and in-depth coverage of different elements in networking.
Kudos to you.
@Chetan Mishra, many thanks for your kind words! Glad you found it useful. Thanks again.
Really Great Work. So grateful I watched this on. Cleared everything for me. All my confusion and doubt's are gone related to networking.
Thank you so much 🙏
I would recommend my peers to watch this.
I'm very glad that this video helped clear up your confusion. Thank you for the recommendation!
This video helped me 1000%. Explanation is very clear, Thank you.
Most comprehensive tutorial I've ever see, thank you mate...
Glad you liked it!
@@TheLearningChannel-Tech If you are someone who really likes learning fundamentals of things, how you can't like it 😉
Thank God, finally found an interesting stuff to understand networking internals , thank you so much Sir for investing your time on this...
Excellent video, excellent demo, excellent way to present the whole video. Appreciate your time and efforts for creating this series. This video is unmatachable. Amazing work sir. ❤👏👏👏
Just halfway through the first video and i can say the type of presentation and knowledge in here is very easy to understand and covers every basic concept. Thanks so much for making this video ❤
Glad it was helpful!
This is the most informative you-tube instructional video ever! Thank you!!
Thank you very much, glad it was helpful!
Highly underrated channel. Awesome explanation.
This video is an incredible asset for learning microservices networking!!! Thank you!
This is the best video that explains the virtual networking concept
Very nice presentation, that should be done in University classes! Your explanations made everything clear in the networking domain, these lectures are TOP!!! Keep up the good work!
Thank you very much! Glad it was helpful!
Best thing found on internet.... Kudos to the efforts 😃
concise and clear contents even for non English speaker!
Glad to hear it, thank you!
Superb ! one of the best videos i have comes across networking on youtube , Thanks a Lot
great work and videos brother. i have watched kubeproxy iptables and ipvs earlier, and now i will go through every video you have uploaded.
Such in depth information i was looking for and you have it all. I will become a K8S pro soon.
Keep creating such content.
Thanks very much! Please subscribe to be notified of future videos and spread the word!
Amazing Explanation of the networking concepts. Great Job. Thank you !
Glad it was helpful!
Excellent series. I would recommend everyone to watch this. I have recommended my followers for your series as well.
Hi Mohit, thank you very much.
Very Great Job, thank's. Pedagogic, methodic and clear explanation. Thank you once again.
@Aboubacar Alain DIOUBATE , many thanks for your kind words, and glad you found it helpful! Thank you again.
This video series is good. Nice work! I hope that you can make more.
Excellent lesson with a relevant example scenario. Thank you very much.
Amazing video/ explanation Sir. Looking forward to go see all videos.
thanks for the detailed and clear explanation of networking
Great content, very helpful and gave me a good bit of clarity on some things.. some bits have still gone over my head but still great stuff.
Glad it was helpful!
Dude you have done an amazing job. I was looking for this for long time. Thank you
@NABEEL NASIR , many thanks for the kind words and glad you found it helpful! Please consider subscribing as I am working on new materials related to Kubernetes control plane and services that you may also find useful. Thanks again!
@@TheLearningChannel-Tech I have subscribed to your channel. I will share your channel with all my friends.
Will you be making series on kubernetes for beginners from scratch?
@@453nabeel Thank you! I'll put Kubernetes for beginners on my list of future videos. Thank you for your suggestions. Cheers!
@@TheLearningChannel-Tech if you don't mind can you please tell when will you upload kubernetes series. Thanks
@@453nabeel I'm currently in the middle of another video so I'd say it will be a month out.
Thanks a lot for so great teaching video! Networking has been fuzzy for developers and you make it clear and easy!!!
You are very welcome and thank for your kind feedback!
The illustration at minute 20:00 makes the virtual concepts very easy to assimilate
indeed
Perfect learning! It was useful as usual. Thank you so much!
This series is just brilliant!
Thank you very much. This was so informative and I learned a lot.
One of the best explanations, thanks a lot :)
Dude, you're great
fantastic, thanks for your sharing.
That diagram at like 20 minutes was really good
Thank you David, glad you liked it!. Thanks again for watching.
really helpful. Thank you for making such a wonderful video.
You're very welcome!
Amazing. I am a subscriber now.
Thanks, and welcome aboard!
Great video,
Thanks for such an elaborated video.
Glad you enjoyed it!
Thanks for sharing, very nice
1 question here. You setup both bridges in ubuntu1 and ubuntu2 to have different ips here. But since the bridges are in different vms they could have had same ip. In that case when we ping from namespace1 how will it be able to reach namespace2's bridge ?
Great video. Excellent explanation.
Thank you
Glad it was helpful!
Awesome sesion
Excellent explanation!!
Excellent explanation
This is great. Very educational.
Thank you!
great detailed videos, thanks a lot
for network engineers that want to skip the basics. the interesting part starts at linux networking namespaces 21:09
Fantastic content.
@TheLearningChannel-Tech : Thanks for your wonderful session, But I tried on my Virtual box VM's, I'm unable to ping from NS1 to NS2 itself using bridge.. Would you please help me here?
Amazing!
Thank you! Cheers!
Hi, I like your video, it´s informative. I tried a lot today to implement this scenario but unfortunately i could not. I can ping in ubuntu1 machine but i cannot ping from one to another. i am describing what i did so you can understand my problem, i have created two vm machine in virtual box and i created same script in 2 machines but i have changed the ip address of ubuntu2 to 172.168.1.0. my question is, i have seen you run the command in one machine and you still can communicate both, did you skip ubuntu2 machine configuration?
This is an excellent video and the series will clear all the doubts the begineers have, could you please pass the link of the commands you executred in the demo mate, Thanks in advance !
Hi, you can get them here: github.com/gary-RR/myRUclips_video_container_networking
Very good explanation. Thank you so much for putting in the effort to prepare this video. I have a dumb question. In VM1 setup, you never really connected bridge to eth0 of VM1. Is connectivity from bridge to eth0 is due to ip forwarding being enabled here or something else?
@vipinchawria , thanks for your kind words! When a bridge is created, it is automatically connected to the default Ethernet adaptor (eth0 in this case), you won't need to run any script. Hope this helps. Thanks again.
@@TheLearningChannel-Tech Thank you
Very very good explanation
Many thanks for kind words!
Hey! Great video. A quick question about the daigram at 20:40, is NAT part of the router if we everything is a physical device?
Hi, yes, the NAT translation is done within the physical router. I just showed it outside the router for clarity.
@@TheLearningChannel-Tech Thanks a lot for clarification.
At 38:16, note that in Ubuntu 22.04.5 LTS, the "via" option is not available. Instead execute the command as `sudo ip route add $TO_BRIDGE_SUBNET $TO_NODE_IP dev eth0`
Thanks for pointing out.
Thanks for the excellant content. The IP address for Ubuntu VM2's eth0 should be 192.168.0.11 in the diagram.
Thanks, yes that was a typo.
Sir, i am very new to all these concepts , but your videos are very easy to understand. I have a question (It may be a stupid question) , bridge is layer 2 device , and layer 2 devices use MAC addresses, so why we assign an IP address to it ?
Hi, IP is still needed for a variety of reasons such as routing out or in calls to/in from other networks. Also, layer 2 doesn't have a concept of lookup like DNS in layer 3. When a device wants to send a message to another device, it will have to send out an ARP request to find the other device's MAC address.
@@TheLearningChannel-Tech Thank you sir
very nice explanation
Thank you!
Great Job. Thanks.
Thank you!
thank you for you effort
Great work.
Thank you! Cheers!
Great video! Thank you!
Glad you liked it!
thanks you verry much for a great video
Thank you and glad you liked it!
top class thanks much
@TheLearningChannel-Tech -- Question: At 24:40, Why is the eth0 IP 192.168.0.10, shouldn't it be 192.168.0.11, as per the Ubuntu VM2 IP mentioned in the slide before this?
Hi, yes, that is a typo.
Well explained view of how networking components are put together. One question where can the scripts be found to try this out for myself and experiment with? Thanks
Hey Richard, thanks, you can get the scripts here: github.com/gary-RR/myRUclips_video_container_networking.
@@TheLearningChannel-Tech Many Thanks!
Awesome
great work!
Thank you! Cheers!
Good 👍
Thanks
Great job!! Thanks a ton. This video expose all underlying communication between vm to vm as well as container to container. By the way would you please share the script which is used for readiness of your lab environment?
Thank you for your feedback! You can find the scripts here: github.com/gary-RR/myRUclips_video_container_networking. You'll need two Linux VMs to run these. I used Ubuntu, please read the "README.md" file for more info.
Thanks again for watching an your kind words.
Thanks for your kind information
Nice 🙏 .I have one query if this is Usecases of cloud k8s or it beyond what cloud platform is using?
@vj gaur, hello and thanks for your feedback. I'm guessing you are asking about the container use cases? If so, no they are not tied to the cloud Kubernetes or even Docker for that matter. Namespaces and containers are Linux kernel constructs. Docker and by extension Kubernetes provide environments to host and manage containers. Kubernetes can be hosted internally or on a public cloud, however, for this course you won't need any cloud or Docker/Kubernetes access. The examples can be run on Linux VM(s). Hope this helps.
Hi. thanks for all your efforts in making complicated topics easily digestable for beginners like me. Is there a way I can get the links to the commands that you've used in this video? I want to experiment them myself.
EDIT: got the Github link from another recent reply. It would really help others, if you could please add it the video description, or you can add a comment and pin it.
Noted.
Hi, great video, learned a ton from it! one question, why do we need a udp tunnel when the vm's ip's are on a different subnet? why a router isn't enough? thanks!
Hi, great question, remember that containers (think Kubernetes PODs) are created at scale and although the container hosts are connected on L3 networks, adjusting routes manually to guide packets from one container on one host to containers on other hosts is not practical. L4 tunnels are an important tool to automate container connectivity in those scenarios. This technique is used in VXLAN.
@@TheLearningChannel-Tech Thanks for the answer! so basically, if there are more than 2 nodes, there will be a "mesh" of tunnels between all nodes bridges?
@@shinemet Hi Ben, in practice such as VXLAN tunnels, these tunnels are temporarily established and torn down once the POD to POD connection and request/response have been completed. So they are not permanent to participate in any mesh.
@@TheLearningChannel-Tech Thanks :), one last question I have. I saw your video about Flannel, basically when you are saying that L4 tunnels are automating containers connectivity, this connectivity is between containers on different nodes, right? and I saw a virtual interface called "flannel" this creature is responsible for this l4 tunneling automation?
@@shinemet Hi Ben,
Correct, only the POD communication that crosses VMs will go through the UPD tunnel. The technology that Flannel uses is called VXLAN. On each node, an adaptor called VXLAN Tunnel Endpoint (VTEP for short) is installed, the "flannel" adaptor you referred to. When a POD calls another POD, the traffic is intercepted by the VTEP and additional ethernet and VXLAN header is added to send the traffic to other side. The VTEP on the destination VM intercepts the packet and routes it to the destination POD. If you want to know more about how VXLAN works, you can watch my VXLAN video: ruclips.net/video/WMLSD2y2Ig4/видео.html . Hope this helps!
@TheLearningChannel-Tech, I have quick question, is it possible to host a routing OS like OpenWRT or other inside VM or container to provide networking and traffic routing to other containers and/or VM's running on same hardware, knowing that the hardware is intel x86 based mini PC router with 6 LAN ports and 2 WLAN interfaces, reason is that I want to get utmost of this hardware to run app's as well as acting as router, if this is doable, which is best network fabric here? is a bridge or macvlan is better?
I haven't really used OpenWRT but I believe it is meant for embedded devices. For containers you really don't need that. Containers are usually hosted on Kubernetes and CNI provides such as Calico and Cilium provide all the necessary plumbing for containers to talk to each other regardless of location (same node or other nodes). Check out my other videos on Kubernetes. This video is just an intro to container networking to learn some basic ideas. In practice the CNI providers take care of all the details.
@@TheLearningChannel-Tech I guess you're right, the need for routing at layer 1 & 2 can be done without additional software, using k8 CNI at NIC level, but maybe Macvlan is needed to capture traffic from all NIC's, not sure if am right
I just downloaded the shell script from your github repository, and tried it, but the ping only works for the namespace in the same node, failed to namespace of the other node
I am confused a lot. I really appreciate if you can help.
Make sure you follow the instructions below and change the IP addresses to match your environment:
# ------------------- Overlay setup --------------------- #
To establish the udp tunnel (make sure to run these as root (sudo -i)):
1- On "ubuntu1" run:
socat UDP:192.168.0.11:9000,bind=192.168.0.10:9000 TUN:172.16.0.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun &
#***Note that I removed "iff-up" switch from command on "ubuntu1" because I was getting an error.
2- On "ubuntu2" run:
socat UDP:192.168.0.10:9000,bind=192.168.0.11:9000 TUN:172.16.1.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun,iff-up &
3- Return to "ubuntu1" and run
ip link set dev tundudp up
#echo "Disables reverse path filtering"
#sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter'
#sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter'
#sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/br0/rp_filter'
#sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/tundudp/rp_filter
@@TheLearningChannel-Tech The ubuntu1 and ubuntu2 are on the same subnet, is it necessary to set up the UDP tunnel?
when the vms are on different subnet, can we not add a route on the router to establish routing?
If the VMs are on two different subnets, a router is required.
Great video!! Liked and subscribed.
I have one question, for the container communication when the nodes are in different networks, what is the role of router and UDP tunnel? Shouldn't the router alone be capable to handle the cross-network communication?
Thanks in advance! 🙏
Tunnels are used when two networks are in different subnets and don't have a direct line of communication. A good example is Kubernetes pods that are created on different nodes. The pods that are on the same node are on the same subnet and can freely communicate with each other, not so with pods on different nodes. In those situations, tunneling is one method of providing an L2 network bridges between pod networks, leveraging an underlaying L3 network.
@@TheLearningChannel-Tech Thank you for the response. Providing connectivity between different networks is job of router, right?
So using the router only these servers can reach to each other, so what is the need of tunnel?
Thanks again!
@@nagendersingh35 Yes, but you'll need to manually define routes for destinations. This is not an issue when there are a limited number of networks but in the case of containers (think Kubernetes), there may be thousands of nodes that host containers, manually creating these routes on routers are impractical. Thus, tunnels are set up, and the router knows how to deliver the message to the destination node. Once the message is delivered, a UDP tunnel is established between the two pod networks where pods can communicate.
@@TheLearningChannel-Tech Totally makes sense now.
Thank you so much! 🙌
Hello,
Is there Any reason why we're assigning IP addresses only to 1 end of the veth cables that connects into the namespace (veth11,21) and not to the other end that is connecting to the bridge network (veth10,20)? I was of the opinion that both the ends need to be assigned with the IP addresses. Thanks
Hi, there is no point in assigning an IP to the host side of veth. Its job is simply to connect the POD's ethernet interface to host, that's all.
@@TheLearningChannel-Tech perfect. Thank you so much.
I tried this setup on Aws with two linux vms inside same subnet. I m not able to ping from between network namespaces on different hosts.
I haven't tried it on AWS per se but try the following(change IPs to reflect your scenario):
To establish the udp tunnel (make sure to run these as root (sudo -i)):
1- On "ubuntu1" run:
socat UDP:192.168.0.11:9000,bind=192.168.0.10:9000 TUN:172.16.0.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun &
#***Note that I removed "iff-up" switch from command on "ubuntu1" because I was getting an error.
2- On "ubuntu2" run:
socat UDP:192.168.0.10:9000,bind=192.168.0.11:9000 TUN:172.16.1.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun,iff-up &
3- Return to "ubuntu1" and run
ip link set dev tundudp up
Thanks!
Hi man! Can you tell me what the problem is when I run socat command the test ip route command shows 172.16.1.2 via _my_home_gateway dev eth0 src 192.168.1.10 instead tundudp. I've noticed that the route to bridge subnet in the second part of your video is omitted. And also in my lab tundudp on both sides in down state. Should I insert missed routes on my home router? And clarify the exact IP addresses in your last part of video - 192.168.1.11 and 192.168.0.10? Because in first part IP addressess must be in one network.
@Johnny Russian, Hi Johny,
After successfully establishing the UDP tunnel, the ip route should show something similar to this:
ip route
default via 192.168.0.1 dev eth0 proto static metric 100
169.254.0.0/16 dev eth0 scope link metric 1000
172.16.0.0/16 dev tundudp proto kernel scope link src 172.16.1.100
172.16.1.0/24 dev br0 proto kernel scope link src 172.16.1.1
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.11 metric 100
Also:
ip link show type tun
8: tundudp: mtu 1500 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 500 link/none
Here are my IP addresses and subnet mask on two ubuntu machines:
ubuntu1: 192.168.0.10 (mask 255.255.255.0)
ubuntu2: 192.168.0.11 (mask 255.255.255.0)
Make sure both machines can ping each other and there are no network issues.
To establish the udp tunnel (make sure to run these as root (sudo -i)):
1- On "ubuntu1" run:
socat UDP:192.168.0.11:9000,bind=192.168.0.10:9000 TUN:172.16.0.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun &
#***Note that I removed "iff-up" switch from command on "ubuntu1" because I was getting an error.
2- On "ubuntu2" run:
socat UDP:192.168.0.10:9000,bind=192.168.0.11:9000 TUN:172.16.1.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun,iff-up &
3- Return to "ubuntu1" and run
ip link set dev tundudp up
There is an unfortunate typo on the slide, IPs should read 192.168.0.10 and 192.168.0.11. RUclips does not allow modifying the video once uploaded.
Hope this helps!
@@TheLearningChannel-Tech Thanks man! It helped a lot. You're doing a great job.
Glad you it helped.
HI. thank you so much for this lecture, may i ask please ask for the linux commands you used for this lecture? I would like to save it for a reference. thanks again!
Hi, you can find scripts here: github.com/gary-RR/myRUclips_video_container_networking
Thank you, this is the most helpful content ive seen and it made me understand container networking better. ill be sharing this with my coworkers. thanks again!
@@kernael711 Thank you and glad it was helpful!
hi. how do you higlight the line and run in the terminal in vscode?
Hi, under "File/Preferences", select "Keyboard Shortcuts" and then search for "Terminal: Run Selected Text In Active Terminal". In that window, you can associate any key like F8 with that shortcut and then when you highlight a code or a line and press F8, it will execute it in the active terminal.
Nice dude
Glad you like it
I am able to ping bridge from both NS1 AND NS2 but they are not able to communicate with each other.
The scripts are here: github.com/gary-RR/myRUclips_video_container_networking
If after following the scripts still doesn't work then there might be something local on your machines that prevents. This. Good luck.
Thanks
Welcome
Thanks for the great video, I tried running same test on my local server (two Ubuntu VMs created). But I was unable to ping from one namespaces to another namespace on same VM (This issue even on another VM also). Can you please let me know what I am missing here.
Hi,
Since I can't see your code, I'll provide the code that I used for the video below, go through it for your trouble shooting, good luck!
#!bash
NS1="NS1"
NS2="NS2"
NODE_IP="192.168.0.10"
BRIDGE_SUBNET="172.16.0.0/24"
BRIDGE_IP="172.16.0.1"
IP1="172.16.0.2"
IP2="172.16.0.3"
TO_NODE_IP="192.168.0.11"
TO_BRIDGE_SUBNET="172.16.1.0/24"
TO_BRIDGE_IP="172.16.1.1"
TO_IP1="172.16.1.2"
TO_IP2="172.16.1.3"
echo "Creating the namespaces"
sudo ip netns add $NS1
sudo ip netns add $NS2
ip netns show
echo "Creating the veth pairs"
sudo ip link add veth10 type veth peer name veth11
sudo ip link add veth20 type veth peer name veth21
ip link show type veth
#ip link show veth11
#ip link show veth20
echo "Adding the veth pairs to the namespaces"
sudo ip link set veth11 netns $NS1
sudo ip link set veth21 netns $NS2
echo "Configuring the interfaces in the network namespaces with IP address"
sudo ip netns exec $NS1 ip addr add $IP1/24 dev veth11
sudo ip netns exec $NS2 ip addr add $IP2/24 dev veth21
echo "Enabling the interfaces inside the network namespaces"
sudo ip netns exec $NS1 ip link set dev veth11 up
sudo ip netns exec $NS2 ip link set dev veth21 up
echo "Creating the bridge"
sudo ip link add br0 type bridge
ip link show type bridge
ip link show br0
#sudo ip link delete br0
echo "Adding the network namespaces interfaces to the bridge"
sudo ip link set dev veth10 master br0
sudo ip link set dev veth20 master br0
echo "Assigning the IP address to the bridge"
sudo ip addr add $BRIDGE_IP/24 dev br0
echo "Enabling the bridge"
sudo ip link set dev br0 up
echo "Enabling the interfaces connected to the bridge"
sudo ip link set dev veth10 up
sudo ip link set dev veth20 up
echo "Setting the loopback interfaces in the network namespaces"
sudo ip netns exec $NS1 ip link set lo up
sudo ip netns exec $NS2 ip link set lo up
sudo ip netns exec $NS1 ip a
sudo ip netns exec $NS2 ip a
echo "Setting the default route in the network namespaces"
sudo ip netns exec $NS1 ip route add default via $BRIDGE_IP dev veth11
sudo ip netns exec $NS2 ip route add default via $BRIDGE_IP dev veth21
@@TheLearningChannel-Tech Thanks for your quick response. I was able to make progress now after disabling docker on my server. But I am still not clear how docker caused this issue . Any IP filtering is done at L2 bridge here ?
@@jayashankaradm1942 Docker also uses a bridged network so it is possible that perhaps there was an IP conflict.
Did you get this squared away and the ping working?
@@TheLearningChannel-Tech Yes, It worked when docker is down. Btw In the demo there two Ubuntu VMs (VM1 and VM2) are these VMs are on same host machine or is it two different physical servers.
hi, I created two ec2 in aws and they are in same subnet. On vm1 ping vm2's br0 not working
Hi,
In order for the one container on one machine to be able to communicate to another container on the other VM, you must set up a UDP tunnel as described below:
First, I assume "eth0" on each VM is the interface that has with the one that an IP address is associated with it, you can run the following command to verify:
ip addr
Here are my IP addresses and subnet mask on two ubuntu machines:
ubuntu1: 192.168.0.10 (mask 255.255.255.0)
ubuntu2: 192.168.0.11 (mask 255.255.255.0)
Make sure both machines can ping each other and there are no network issues.
To establish the udp tunnel (make sure to run these as root (sudo -i)):
1- On "ubuntu1" run:
socat UDP:192.168.0.11:9000,bind=192.168.0.10:9000 TUN:172.16.0.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun &
#***Note that I removed "iff-up" switch from command on "ubuntu1" because I was getting an error.
2- On "ubuntu2" run:
socat UDP:192.168.0.10:9000,bind=192.168.0.11:9000 TUN:172.16.1.100/16,tun-name=tundudp,iff-no-pi,tun-type=tun,iff-up &
3- Return to "ubuntu1" and run
ip link set dev tundudp up
#echo "Disables reverse path filtering"
#sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter'
#sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter'
#sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/br0/rp_filter'
#sudo bash -c 'echo 0 > /proc/sys/net/ipv4/conf/tundudp/rp_filter'
#To verify that the tunnel is up, run:
ip link show type tun
8: tundudp: mtu 1500 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 500 link/none
Hope this helps.
Did you get this resolved?
typo on the video for the switch example
diagram show vm2(left) ip 192.168.1.11 but it should be 192.168.0.11
Thank you, yes that is an unfortunate typo.
Is it possible to provide the commands used in the video?
Hi, you can find scripts here: github.com/gary-RR/myRUclips_video_container_networking