namspace點到點通信
本文兩個實驗介紹了namespace的基礎用法,如何創建虛擬網卡對和網橋設備實現namespace間通信
實驗示意
實驗步驟
1、宿主機上創建兩個namespace
# ip netns add ns0
# ip netns add ns1
# ip netns list
ns1
ns0
2、默認情況下,兩個namespace內只有環回口
# ip netns exec ns0 ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
# ip netns exec ns1 ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3、創建一對網口設備
# ip link add type veth
創建後在宿主機上通過ip addr 可以查看到一對虛擬設備
veth0@veth1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 4e:96:10:30:f2:9c brd ff:ff:ff:ff:ff:ff
veth1@veth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 16:b4:da:7e:b8:6b brd ff:ff:ff:ff:ff:ff
4、將虛擬設備加入各自namespace中
# ip link set veth0 netns ns0
# ip link set veth1 netns ns1
加入之後,宿主機上ip addr查看可發現虛擬設備已經沒有了,對應已經進入各自namespace中
# ip netns exec ns0 ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
9: veth0@if10: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 4e:96:10:30:f2:9c brd ff:ff:ff:ff:ff:ff link-netnsid 1
# ip netns exec ns1 ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
10: veth1@if9: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 16:b4:da:7e:b8:6b brd ff:ff:ff:ff:ff:ff link-netnsid 0
5、添加ip地址
# ip netns exec ns0 ip address add 10.0.0.1/24 dev veth0
# ip netns exec ns0 ip link set veth0 up
# ip netns exec ns1 ip address add 10.0.0.2/24 dev veth1
# ip netns exec ns1 ip link set veth1 up
6、測試聯通性
ip netns exec ns0 ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.065 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.039 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.040 ms
^C
--- 10.0.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.039/0.048/0.065/0.012 ms
網橋通信
網橋通信是將兩個namespace的接口分別連接至虛擬橋上,類似於物理網絡中兩臺機器連接至交換機上。
實驗示意
實驗步驟
1、創建ns0、ns1、bridge
# ip netns add ns0
# ip netns add ns1
# ip netns add bridge
# ip netns list
bridge
ns1
ns0
2、創建虛擬設備,用於連接ns0和bridge
# ip link add type veth
3、關聯鏈路
將veth0命名爲ns0-bridge並加入到ns0
# ip link set dev veth0 name ns0-bridge netns ns0
將veth1命名爲bridge-ns0 並加入到bridge
# ip link set dev veth1 namebridge-ns0 netns ns0
查看ns0和bridge鏈路
# ip netns exec bridge ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
12: bridge-ns0@if11: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 4e:ad:08:bc:57:dc brd ff:ff:ff:ff:ff:ff link-netnsid 0
# ip netns exec ns0 ip add
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
11: ns0-bridge@if12: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 42:52:96:38:a0:32 brd ff:ff:ff:ff:ff:ff link-netnsid 1
4、再創建一對虛擬設備,用於連接ns1和bridge
# ip link add type veth
# ip link set dev veth0 name ns1-bridge netns ns1
# ip link set dev veth1 name bridge-ns1 netns bridge
5、給網橋創建虛擬橋
# ip netns exec bridge brctl addbr br
# ip netns exec bridge ip link set dev br up
# ip netns exec bridge ip link set dev bridge-ns0 up
# ip netns exec bridge ip link set dev bridge-ns1 up
網橋內部接口互聯
# ip netns exec bridge brctl addif br bridge-ns0
# ip netns exec bridge brctl addif br bridge-ns1
6、ns1、ns2設置ip
# ip netns exec ns0 ip address add 10.0.0.1/24 dev ns0-bridge
# ip netns exec ns1 ip address add 10.0.0.2/24 dev ns1-bridge
# ip netns exec ns0 ip link set dev ns0-bridge up
# ip netns exec ns1 ip link set dev ns1-bridge up
7、測試
# ip netns exec ns0 ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.057 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.067 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.053 ms
