本文详细介绍了Linux系统中如何进行网络名称空间(NETNamespace)的创建与管理,包括查看、添加和删除网络名称空间,以及通过veth对创建虚拟网卡并进行命名空间之间的通信。同时,文章探讨了网桥的建立与配置,解释了如何将网卡设备添加到网桥,以及在遇到通信问题时如何解决,展示了如何通过调整路由设置实现名称空间间的正常通信。
网络名称空间和网桥的基本操作
网络名称空间 (NET Namespace)
- 查看是否有iproute
[root@localhost ~]# rpm -q iproute
iproute-4.11.0-14.el7.x86_64
- 创建n1, n2 网络名称空间
[root@localhost ~]# ip netns add n1
[root@localhost ~]# ip netns add n2
这种方式创建只有网络名称空间是独立的, 其他名称空间不是独立的。
- 查看网络名称空间
[root@localhost ~]# ip netns list
n2
n1
- n1网络空间里执行查看网卡接口命令
[root@localhost ~]# ip netns exec n1 ifconfig -a
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- 创建两个以太网网卡对并查看设备
[root@localhost ~]# ip link add name veth1.1 type veth peer name veth1.2
[root@localhost ~]# ip link show | grep 'veth'
13: veth1.2@veth1.1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
14: veth1.1@veth1.2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
- 把veth1.2放到n1里
[root@localhost ~]# ip link set dev veth1.2 netns n1
[root@localhost ~]# ip link show | grep 'veth'
14: veth1.1@if13: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
- 查看n1
[root@localhost ~]# ip netns exec n1 ifconfig -a | grep 'veth'
veth1.2: flags=4098<BROADCAST,MULTICAST> mtu 1500
- 在n1把veth1.2改成eth0
[root@localhost ~]# ip netns exec n1 ip link set dev veth1.2 name eth0
[root@localhost ~]# ip netns exec n1 ifconfig -a | grep 'veth'
[root@localhost ~]# ip netns exec n1 ifconfig -a | grep 'eth0'
eth0: flags=4098<BROADCAST,MULTICAST> mtu 1500
- 启动veth1.1并赋予IP
[root@localhost ~]# ifconfig -a | grep 'veth'
veth1.1: flags=4098<BROADCAST,MULTICAST> mtu 1500
[root@localhost ~]# ifconfig veth1.1 10.1.0.1/24 up
[root@localhost ~]# ifconfig -a | grep 'veth'
veth1.1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
- 把n1里的也启动并赋予IP
[root@localhost ~]# ip netns exec n1 ifconfig eth0 10.1.0.2/24 up
[root@localhost ~]# ip netns exec n1 ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.1.0.2 netmask 255.255.255.0 broadcast 10.1.0.255
inet6 fe80::a0dd:c4ff:fe13:38f0 prefixlen 64 scopeid 0x20<link>
ether a2:dd:c4:13:38:f0 txqueuelen 1000 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- 主机和n1通信
[root@localhost ~]# ping -c3 10.1.0.2
PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data.
64 bytes from 10.1.0.2: icmp_seq=1 ttl=64 time=0.075 ms
64 bytes from 10.1.0.2: icmp_seq=2 ttl=64 time=0.038 ms
64 bytes from 10.1.0.2: icmp_seq=3 ttl=64 time=0.041 ms
--- 10.1.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.038/0.051/0.075/0.017 ms
- 把veth1.1放到n2
[root@localhost ~]# ip link set dev veth1.1 netns n2
[root@localhost ~]# ip netns exec n2 ifconfig veth1.1 10.1.0.1/24 up
[root@localhost ~]# ip netns exec n2 ifconfig
veth1.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.1.0.1 netmask 255.255.255.0 broadcast 10.1.0.255
inet6 fe80::1097:c8ff:fe37:2e36 prefixlen 64 scopeid 0x20<link>
ether 12:97:c8:37:2e:36 txqueuelen 1000 (Ethernet)
RX packets 13 bytes 1026 (1.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 21 bytes 1674 (1.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- n2通信n1
[root@localhost ~]# ip netns exec n2 ping -c3 10.1.0.2
PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data.
64 bytes from 10.1.0.2: icmp_seq=1 ttl=64 time=0.102 ms
64 bytes from 10.1.0.2: icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from 10.1.0.2: icmp_seq=3 ttl=64 time=0.038 ms
--- 10.1.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.037/0.059/0.102/0.030 ms
- 主机通信n1或者n2都不通
网桥
- 创建br0网桥并启动
[root@localhost ~]# ip link add name br0 type bridge
[root@localhost ~]# ip link set br0 up
[root@localhost ~]# ifconfig br0
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::463:74ff:fe4c:10cf prefixlen 64 scopeid 0x20<link>
ether 06:63:74:4c:10:cf txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 508 (508.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- 创建以太网(veth)类型的网卡对 veth0 和 veth1
[root@localhost ~]# ip link add veth0 type veth peer name veth1
[root@localhost ~]# ip addr add 10.20.1.10/24 dev veth0
[root@localhost ~]# ip link set veth0 up
[root@localhost ~]# ifconfig | grep -A 2 'veth'
veth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 10.20.1.10 netmask 255.255.255.0 broadcast 0.0.0.0
ether d6:b7:5a:b2:5b:a6 txqueuelen 1000 (Ethernet)
- 创建ns1网络名称空间并把veth1加入
[root@localhost ~]# ip netns add ns1
[root@localhost ~]# ip link set dev veth1 netns ns1
[root@localhost ~]# ip netns exec ns1 ip addr add 10.20.1.20/24 dev veth1
[root@localhost ~]# ip netns exec ns1 ip link set veth1 up
[root@localhost ~]# ip netns exec ns1 ifconfig
veth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.20.1.20 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::e018:ebff:fe42:18df prefixlen 64 scopeid 0x20<link>
ether e2:18:eb:42:18:df txqueuelen 1000 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- veth0和veth1通信成功
[root@localhost ~]# ping -c1 10.20.1.20
PING 10.20.1.20 (10.20.1.20) 56(84) bytes of data.
64 bytes from 10.20.1.20: icmp_seq=1 ttl=64 time=0.056 ms
--- 10.20.1.20 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.056/0.056/0.056/0.000 ms
- 把veth0连接上网桥br0
[root@localhost ~]# ip link set dev veth0 master br0
[root@localhost ~]# bridge link
17: veth0 state UP @(null): <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 2
此时br0的mac地址为veth0的mac地址且veth0不再转发数据给内核(协议栈),而是br0来转发。
- veth0和veth1通信失败
[root@localhost ~]# ping -c1 10.20.1.20
PING 10.20.1.20 (10.20.1.20) 56(84) bytes of data.
--- 10.20.1.20 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
- 给br0配置ip来转发数据给内核(协议栈),接着通信还是失败
[root@localhost ~]# ip addr add 10.20.1.15/24 dev br0
[root@localhost ~]# ifconfig br0
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.20.1.15 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::463:74ff:fe4c:10cf prefixlen 64 scopeid 0x20<link>
ether d6:b7:5a:b2:5b:a6 txqueuelen 1000 (Ethernet)
RX packets 5 bytes 196 (196.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]# ping -c1 10.20.1.20
PING 10.20.1.20 (10.20.1.20) 56(84) bytes of data.
From 10.20.1.10 icmp_seq=1 Destination Host Unreachable
--- 10.20.1.20 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
- 删除veth0的默认路由,接着通信成功
[root@localhost ~]# ip route show | grep '10.20.1.0'
10.20.1.0/24 dev veth0 proto kernel scope link src 10.20.1.10
10.20.1.0/24 dev br0 proto kernel scope link src 10.20.1.15
[root@localhost ~]# ip route del 10.20.1.0/24 dev veth0
[root@localhost ~]# ip route show | grep '10.20.1.0'
10.20.1.0/24 dev br0 proto kernel scope link src 10.20.1.15
[root@localhost ~]# ping -c1 10.20.1.20
PING 10.20.1.20 (10.20.1.20) 56(84) bytes of data.
64 bytes from 10.20.1.20: icmp_seq=1 ttl=64 time=0.062 ms
--- 10.20.1.20 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.062/0.062/0.062/0.000 ms
- 同理可把物理网卡桥接到网桥
扫一扫
1261
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
