ContainerizationDevOpsLinux NetworkingOperating Systems

Surviving Linux Networking When Everything is Broken

So there I was at 11 PM last Thursday, staring at a terminal on my M3 Mac, SSH’d into a staging server running Ubuntu 24.04. A background worker couldn’t reach our internal Redis cache. Simple, right? Three hours later, I was staring blindly at kernel routing tables and questioning my life choices.

Well, that’s not entirely accurate — we spend months learning DevOps tools. We write Terraform, we containerize our apps, we build deployment pipelines. But the second a packet drops between two services, the abstraction cracks. You suddenly realize you don’t actually know how Linux moves bytes from point A to point B.

Look, abstractions lie to us. We think of containers as these isolated little virtual machines. They aren’t. From the Linux kernel’s perspective, they’re just processes wearing a fake mustache, holding a slightly different map of the network.

The Namespace Illusion

If you want to understand why your traffic is blackholing, you have to stop thinking about Docker or Kubernetes and start thinking about network namespaces. A network namespace (netns) is just a totally separate copy of the network stack. It gets its own routing table, its own firewall rules, and its own interfaces.

I usually build these by hand when I’m trying to debug a weird routing issue. It proves the concept without the orchestration overhead getting in the way.

See also
# Create an isolated network room
sudo ip netns add debug_room

# See what's inside (spoiler: nothing but a downed loopback)
sudo ip netns exec debug_room ip link list

# Bring up the loopback so local routing works
sudo ip netns exec debug_room ip link set dev lo up

At this point, you have a process that is entirely cut off from the world. It can’t ping your local network. It can’t reach the internet. It’s sitting in a dark room.

To fix that, we use virtual ethernet cables (veth pairs). You plug one end into your host network and shove the other end through the wall into the namespace.

DevOps cloud computing - Cloud Computing and DevOps: Combination to Transform an Organisation
DevOps cloud computing – Cloud Computing and DevOps: Combination to Transform an Organisation
# Create the virtual cable
sudo ip link add veth_host type veth peer name veth_guest

# Shove the guest end into our namespace
sudo ip link set veth_guest netns debug_room

# Assign IPs and bring them up
sudo ip addr add 10.0.0.1/24 dev veth_host
sudo ip link set veth_host up

sudo ip netns exec debug_room ip addr add 10.0.0.2/24 dev veth

Gamezeen is a Zeen theme demo site. Zeen is a next generation WordPress theme. It’s powerful, beautifully designed and comes with everything you need to engage your visitors and increase conversions.

Can Not Find Kubeconfig File