This blog post will guide you through a hands-on project that simulates a Virtual Private Cloud (VPC) using Linux network namespaces. This project is a great way for beginners to understand fundamental networking concepts like VPCs, subnets, routing, NAT, and security groups in a practical, low-level way.
*Overview of the Project
*
The vpcctl.py script is a command-line tool that allows you to create, manage, and network your own virtual private clouds. Instead of using a cloud provider's complex UI or API, you'll use simple shell commands to build a VPC from scratch on your Linux machine. This provides a transparent and educational way to see how the different components of a VPC work together.
Prerequisites
- List the tools the reader needs to follow along, such as:
- A Linux environment.
- root or sudo access.
- Python 3.
At its core, the script uses Linux network namespaces to create isolated network environments. Each VPC and subnet runs in its own namespace, preventing interference with your host machine's network or other simulated VPCs.
*Here's what you can do with vpcctl.py:
*
- Create and manage VPCs: Each VPC gets a dedicated router namespace and an internal bridge.
- Add subnets: Create isolated subnets within your VPC, each with its own IP address range.
- Enable Internet access: Configure a NAT (Network Address Translation) gateway to allow subnets to access the internet.
- Isolate subnets: Apply firewall rules to control which subnets can access the internet.
- Peer VPCs: Connect two VPCs together to allow communication between their subnets.
- Apply security groups: Define ingress and egress rules to control traffic to and from your subnets.
CLI Usage Examples and Explanations
1 ### Create the VPC:
2
3 Let's create a VPC for a fictional company, "company-a".
sudo ./vpcctl.sh create-vpc company-a 10.0.0.0/16
1
2 ### Add Subnets:
3
4 Now, add a "public-web" subnet and a "private-db" subnet.
sudo ./vpcctl.sh add-subnet company-a public-web 10.0.1.0/24
sudo ./vpcctl.sh add-subnet company-a private-db 10.0.2.0/24
1
2 ### Enable Internet:
3
4 Grant internet access only to the public-web subnet.
sudo ./vpcctl.sh enable-internet company-a public-web
1
2 ### Step 4: Inspect and Test
3
4 Now that our VPC is set up, let's see if it works.
5
6 #### Inspect the VPC:
7
8 The inspect command gives you a detailed look at the state of your VPC, including its namespaces, IP
addresses, and firewall rules.
sudo ./vpcctl.sh inspect company-a
1
2 #### Test Connectivity:
3
4 Next, run the connectivity test to confirm that your subnets can talk to each other and that only the
public subnet can reach the internet.
sudo ./vpcctl.py test-connectivity company-a
1 You should see that public-web has internet access, while private-db does not.
2
3 ### Step 5: Run a Workload (The Practical Example)
4
5 Let's run a simple web server inside our public-web subnet. This demonstrates how you would run a real
application inside your virtual network.
sudo ./vpcctl.py run-workload company-a public-web "python3 -m http.server 80"
1 This command starts a basic Python web server on port 80 inside the public-web namespace.
2
3 ### Step 6: The All-Important Cleanup
4
5 After you are done experimenting, it is crucial to clean up the virtual network devices you created. The
cleanup command removes all namespaces, virtual interfaces, and firewall rules created by the script.
sudo ./vpcctl.sh cleanup
Top comments (0)