I am creating a new network namespace called OAM, along wit the veth interfaces to communicate between the new namespace and the default namespace:
$ sudo ip netns add OAM$ sudo ip link add veth0 type veth peer name veth1$ sudo ip link set veth1 netns OAM$ ip netns exec OAM ip link set dev veth1 up$ ip link set dev veth0 up$ sudo ip netns exec OAM ip addr add dev veth1 192.168.0.1/24$ sudo ip addr add dev veth0 192.168.0.2/24Now I check the value of ip_default_ttl parameter from within the default namespace:
$ cat /proc/sys/net/ipv4/ip_default_ttl64It is set to 64. Next I check the same parameter in the newly created OAM namespace:
$ sudo ip netns exec OAM cat /proc/sys/net/ipv4/ip_default_ttlcat: /proc/sys/net/ipv4/ip_default_ttl: No such file or directorySo, there isn’t a copy of this parameter in the new network namespace.
If I try to test what is the value of TTL in both namespaces by using ping, I can see it’s ttl=64:
Default namespace:
$ ping 192.168.0.1PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.64 bytes from 192.168.0.1: icmp_req=1 ttl=64 time=0.072 ms64 bytes from 192.168.0.1: icmp_req=2 ttl=64 time=0.060 ms64 bytes from 192.168.0.1: icmp_req=3 ttl=64 time=0.053 ms^C--- 192.168.0.1 ping statistics ---5 packets transmitted, 5 received, 0% packet loss, time 3997msrtt min/avg/max/mdev = 0.036/0.051/0.072/0.016 msNewly created OAM namespace:
$ sudo ip netns exec OAM ping 192.168.0.2PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.64 bytes from 192.168.0.2: icmp_req=1 ttl=64 time=0.042 ms64 bytes from 192.168.0.2: icmp_req=2 ttl=64 time=0.030 ms64 bytes from 192.168.0.2: icmp_req=3 ttl=64 time=0.053 ms^C--- 192.168.0.2 ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 1998msrtt min/avg/max/mdev = 0.030/0.041/0.053/0.012 msSo it seems that even though the ip_default_ttl parameter is not present in the new OAM namespace, the value used is the same (ttl=64). I confirm that by logging in as root into another terminal and changing the ip_default_ttl value from 64 to 32 like this:
$ echo 32 > /proc/sys/net/ipv4/ip_default_ttlNow if I retest the pings to check TTL, I get the same value of ttl=32 in both default and OAM namespace:
$ ping 192.168.0.1PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.64 bytes from 192.168.0.1: icmp_req=1 ttl=32 time=0.029 ms64 bytes from 192.168.0.1: icmp_req=2 ttl=32 time=0.038 ms64 bytes from 192.168.0.1: icmp_req=3 ttl=32 time=0.053 ms^C--- 192.168.0.1 ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 2000msrtt min/avg/max/mdev = 0.029/0.040/0.053/0.009 ms$ sudo ip netns exec OAM ping 192.168.0.2PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.64 bytes from 192.168.0.2: icmp_req=1 ttl=32 time=0.023 ms64 bytes from 192.168.0.2: icmp_req=2 ttl=32 time=0.031 ms64 bytes from 192.168.0.2: icmp_req=3 ttl=32 time=0.082 ms^C--- 192.168.0.2 ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 1998msrtt min/avg/max/mdev = 0.023/0.045/0.082/0.026 msSo, it seems that the kernel parameter ip_default_ttl defined in the default namespace is used globally across all the network namespaces.
Finally, my question is, what if I want to have different TTL values depending on different namespaces. Is there a way to achieve that ? Is there a way to somehow clone the ip_default_ttl kernel parameter (or other ones which don’t get copied) from default to a newly created network namespace and have a separate value ?
Thanks for your answer in advance.
Advertisement
Answer
Different namespaces and thus containers, etc. operate within a single instance kernel, so parameters like ip_default_ttl are global.
You can however explicitly set hoplimit for routes:
# ip route change 192.168.50.0/24 dev xenbr0 hoplimit 32