I am creating a new network namespace called OAM, along wit the veth interfaces to communicate between the new namespace and the default namespace:
$ sudo ip netns add OAM $ sudo ip link add veth0 type veth peer name veth1 $ sudo ip link set veth1 netns OAM $ ip netns exec OAM ip link set dev veth1 up $ ip link set dev veth0 up $ sudo ip netns exec OAM ip addr add dev veth1 192.168.0.1/24 $ sudo ip addr add dev veth0 192.168.0.2/24
Now I check the value of ip_default_ttl parameter from within the default namespace:
$ cat /proc/sys/net/ipv4/ip_default_ttl 64
It is set to 64. Next I check the same parameter in the newly created OAM namespace:
$ sudo ip netns exec OAM cat /proc/sys/net/ipv4/ip_default_ttl cat: /proc/sys/net/ipv4/ip_default_ttl: No such file or directory
So, there isn’t a copy of this parameter in the new network namespace.
If I try to test what is the value of TTL in both namespaces by using ping, I can see it’s ttl=64:
Default namespace:
$ ping 192.168.0.1 PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data. 64 bytes from 192.168.0.1: icmp_req=1 ttl=64 time=0.072 ms 64 bytes from 192.168.0.1: icmp_req=2 ttl=64 time=0.060 ms 64 bytes from 192.168.0.1: icmp_req=3 ttl=64 time=0.053 ms ^C --- 192.168.0.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 3997ms rtt min/avg/max/mdev = 0.036/0.051/0.072/0.016 ms
Newly created OAM namespace:
$ sudo ip netns exec OAM ping 192.168.0.2 PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data. 64 bytes from 192.168.0.2: icmp_req=1 ttl=64 time=0.042 ms 64 bytes from 192.168.0.2: icmp_req=2 ttl=64 time=0.030 ms 64 bytes from 192.168.0.2: icmp_req=3 ttl=64 time=0.053 ms ^C --- 192.168.0.2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1998ms rtt min/avg/max/mdev = 0.030/0.041/0.053/0.012 ms
So it seems that even though the ip_default_ttl parameter is not present in the new OAM namespace, the value used is the same (ttl=64). I confirm that by logging in as root into another terminal and changing the ip_default_ttl value from 64 to 32 like this:
$ echo 32 > /proc/sys/net/ipv4/ip_default_ttl
Now if I retest the pings to check TTL, I get the same value of ttl=32 in both default and OAM namespace:
$ ping 192.168.0.1 PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data. 64 bytes from 192.168.0.1: icmp_req=1 ttl=32 time=0.029 ms 64 bytes from 192.168.0.1: icmp_req=2 ttl=32 time=0.038 ms 64 bytes from 192.168.0.1: icmp_req=3 ttl=32 time=0.053 ms ^C --- 192.168.0.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.029/0.040/0.053/0.009 ms $ sudo ip netns exec OAM ping 192.168.0.2 PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data. 64 bytes from 192.168.0.2: icmp_req=1 ttl=32 time=0.023 ms 64 bytes from 192.168.0.2: icmp_req=2 ttl=32 time=0.031 ms 64 bytes from 192.168.0.2: icmp_req=3 ttl=32 time=0.082 ms ^C --- 192.168.0.2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1998ms rtt min/avg/max/mdev = 0.023/0.045/0.082/0.026 ms
So, it seems that the kernel parameter ip_default_ttl defined in the default namespace is used globally across all the network namespaces.
Finally, my question is, what if I want to have different TTL values depending on different namespaces. Is there a way to achieve that ? Is there a way to somehow clone the ip_default_ttl kernel parameter (or other ones which don’t get copied) from default to a newly created network namespace and have a separate value ?
Thanks for your answer in advance.
Advertisement
Answer
Different namespaces and thus containers, etc. operate within a single instance kernel, so parameters like ip_default_ttl are global.
You can however explicitly set hoplimit for routes:
# ip route change 192.168.50.0/24 dev xenbr0 hoplimit 32