The question is published on by Tutorial Guruji team.
I have
- an interface, name
eth0, in my main network namespace - another interface, name
jail0, in an alternate network namespace (namename0). This namespace is used by a jailed environment. jail0is a macvlan alias ofeth0.
I see the network without any problem, from the my main system and also from my jail.
However, I can’t ping eachother.
Why is it so? I would like to make them reachable.
None of the network interfaces exists in the namespace of the others.
Answer
macvlan interface can be used in different modes which alter how data transmitted between two macvlan instances is treated. The default mode is vepa (Virtual Ethernet Port Aggregation), which possibly is why your setup doesn’t work.
Short description of common modes you might want to configure:
-
vepadata is transmitted over physical interface, for communication between macvlan instances the switch needs to support hairpin mode or there must be a IP router forwarding the packets. -
privateno communication between macvlan instances allowed, even if the external switch supports hairpin mode. -
bridgeallow direct communication between instances, traffic between macvlan instances is not transmitted on physical link.
You probably want to use macvlan in bridge mode. For communication between the macvlan instance and the namespace containing the network interface itself, you need to create a macvlan instance in the same (main/host) network namespace. For details and explanation, see A.B’s answer.
For full documentation (and the other modes), see man 8 ip-link.