vnetbuild - an easy to use but powerful namespace setup tool


sudo vnetbuild CONFIGFILE { start | stop | status }

vnetbuild CONFIGFILE graphviz OUTFILE.{gv|png|pdf|ps}


VNetBuild is a program that helps you set up groups of interconnected network namespaces, to simulate networks of any complexity without resorting to using real or virtual machines.

This is ideal for testing complex multi-host configurations with a minimal amount of resources on a single machine:

Run without any arguments, vnetbuild will present some help on usage.



Sets up a series of network namespaces as defined in CONFIGFILE. vnetbuild creates interconnected network devices as specified in the configuration, sets up routing and runs any custom commands that are given within the namespace.


Removes any devices from the namespaces defined in CONFIGFILE and kills any processes running with the namespaces, then removes the namespaces themselves.


For each namespace defined in CONFIGFILE, shows if it is active and if so its network devices and their configuration.

graphviz OUTFILE

Generates a graph of the network defined in CONFIGFILE. This does not need root access, nor does it require the namespaces to have been started.

OUTFILE can be png pdf or ps. If the extension gv is given the output is a graphviz(7) file which you can process separately.


Once you have created a set of network namespaces, you can easily run any commands you want within them. If for instance you defined three hosts (host_a with IP, host_b with IP and host_c with IP connected via a common switch sw0:

# ping host_b and host_c from host_a
 sudo ip netns exec host_a ping
 sudo ip netns exec host_a ping

 # use netcat to listen on host_a and send data from host_b
 # (use two terminals to run the commands simultaneously)
 sudo ip netns exec host_a nc -l -p 23
 sudo ip netns exec host_b nc -q 0 23 < /etc/hosts

 # capture traffic passing through the switch, then view it
 sudo ip netns exec sw0 tcpdump -i switch -w capfile
 wireshark capfile

 # Use 'firehol panic' in host_b to block all traffic
 # (you could equally load a full config etc.)
 sudo ip netns exec host_b firehol panic

 # this is now blocked
 sudo ip netns exec host_a ping

 # not blocked (host_b not involved)
 sudo ip netns exec host_a ping

 # obtain a shell for your regular user, only "in" host_c
 sudo ip netns exec host_c sudo -i -u $USER
 ip a | grep