If you have created a docker container, you always want that this container should not get interfere with host and vice-versa. So, container should have its own networking, file system etc. Why do you feel so? This document tries to explain this.
An installation of Linux shares a single set of network interfaces and routing table entries. You can modify the routing table entries using policy routing (here’s an introduction I wrote and here’s a write-up on a potential use case for policy routing), but that doesn’t fundamentally change the fact that the set of network interfaces and routing tables/entries are shared across the entire OS.
Network namespaces change that fundamental assumption. With network namespaces, you can have different and separate instances of network interfaces and routing tables that operate independent of each other. And so, logically, you feel a dedicated networking for your own purpose.
Creating a network namespace is actually quite easy. Just use this command:
ip netns add <new namespace name>
For example, let’s say you wanted to create a namespace called “blue”. You’d use this command:
ip netns add blue
To verify that the network namespace has been created, use this command:
ip netns list
You should see your network namespace listed there, ready for you to use.
Virtual routing and forwarding is an IP technology that allows multiple instances of a routing table to coexist on the same router at the same time. It is another name for the network namespace functionality described above.
http://blog.scottlowe.org/2013/09/04/introducing-linux-network-namespaces/
http://man7.org/linux/man-pages/man8/ip-netns.8.html
http://docs.openstack.org/mitaka/networking-guide/intro-network-namespaces.html
https://www.quora.com/How-are-multiple-routing-tables-support-implemented-in-Linux