Key Takeaway

<aside> 💡

This article will explain how the routing system works in Linux and, through experiments, demonstrate how to use the routing table (Direct Routing) to enable communication between two different network namespace environments (on different subnets).

In addition, during the experiment, we will encounter an interesting issue, and I will walk you through how the Linux kernel (6.16) processes ARP packets.

</aside>

For a better understanding, please refer to the previous articles on Namespaces, VETH, and ARP.

Linux Routing System Introduction

<aside> 💡

In Linux systems, packet forwarding is a core functionality that enables a Linux host to act as a router or gateway, forwarding network packets from one network interface to another. This is critical for building network infrastructure, such as Kubernetes clusters, VPNs, or enterprise routers.

By default, the Linux kernel does not enable packet forwarding, requiring manual configuration to activate this feature.

</aside>

Kernel Configuration

The Linux kernel manages packet forwarding through specific system parameters, primarily involving a global switch and interface-level settings.

Global Switch:net.ipv4.ip_forward

<aside> 💡

The global switch is located at /proc/sys/net/ipv4/ip_forward and controls whether the system allows IPv4 packet forwarding.

The default value is 0 (disabled), and it must be set to 1 to enable forwarding.

This is a common configuration step in scenarios like Kubernetes CNI plugin setup.

</aside>

Temporary Enable

$ sudo sysctl -w net.ipv4.ip_forward=1
# or
$ sudo echo 1 > /proc/sys/net/ipv4/ip_forward

Permanent Enable

# Edit /etc/sysctl.conf or a file under /etc/sysctl.d/, adding
net.ipv4.ip_forward = 1

# Then apply the settings
$ sudo sysctl -p

Interface-Level Control:net.ipv4.conf.$NIC.forwarding

<aside> 💡

In addition to the global switch, Linux provides forwarding control for specific network interfaces (e.g., eth0, ens33) via /proc/sys/net/ipv4/conf/$NIC/forwarding. This setting allows enabling or disabling forwarding for individual interfaces, offering finer-grained control.

</aside>

Temporary Enable for a Specific Interface