网络虚拟化(二)namespace的内部通信
namspace点到点通信
作者:计算机-周卓
本文两个实验介绍了namespace的基础用法,如何创建虚拟网卡对和网桥设备实现namespace间通信
实验示意
1、宿主机上创建两个namespace
# ip netns add ns0
# ip netns add ns1
# ip netns list
ns1
ns0
2、默认情况下,两个namespace内只有环回口
# ip netns exec ns0 ip addr
1: lo: mtu 65536 qdisc noop state DOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
# ip netns exec ns1 ip addr
1: lo: mtu 65536 qdisc noop state DOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3、创建一对网口设备
# ip link add type veth
创建后在宿主机上通过ip addr 可以查看到一对虚拟设备
veth0@veth1: mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 4e:96:10:30:f2:9c brd ff:ff:ff:ff:ff:ff
veth1@veth0: mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 16:b4:da:7e:b8:6b brd ff:ff:ff:ff:ff:ff
4、将虚拟设备加入各自namespace中
# ip link set veth0 netns ns0
# ip link set veth1 netns ns1
加入之后,宿主机上ip addr查看可发现虚拟设备已经没有了,对应已经进入各自namespace中
# ip netns exec ns0 ip addr
1: lo: mtu 65536 qdisc noop state DOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
9: veth0@if10: mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 4e:96:10:30:f2:9c brd ff:ff:ff:ff:ff:ff link-netnsid 1
# ip netns exec ns1 ip addr
1: lo: mtu 65536 qdisc noop state DOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
10: veth1@if9: mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 16:b4:da:7e:b8:6b brd ff:ff:ff:ff:ff:ff link-netnsid 0
5、添加ip地址
# ip netns exec ns0 ip address add 10.0.0.1/24 dev veth0
# ip netns exec ns0 ip link set veth0 up
# ip netns exec ns1 ip address add 10.0.0.2/24 dev veth1
# ip netns exec ns1 ip link set veth1 up
6、测试联通性
ip netns exec ns0 ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.065 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.039 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.040 ms
^C
--- 10.0.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.039/0.048/0.065/0.012 ms
网桥通信
网桥通信是将两个namespace的接口分别连接至虚拟桥上,类似于物理网络中两台机器连接至交换机上。
实验示意
1、创建ns0、ns1、bridge
# ip netns add ns0
# ip netns add ns1
# ip netns add bridge
# ip netns list
bridge
ns1
ns0
2、创建虚拟设备,用于连接ns0和bridge
# ip link add type veth
3、关联链路
将veth0命名为ns0-bridge并加入到ns0
# ip link set dev veth0 name ns0-bridge netns ns0
将veth1命名为bridge-ns0 并加入到bridge
# ip link set dev veth1 namebridge-ns0 netns ns0
查看ns0和bridge链路
# ip netns exec bridge ip addr
1: lo: mtu 65536 qdisc noop state DOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
12: bridge-ns0@if11: mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 4e:ad:08:bc:57:dc brd ff:ff:ff:ff:ff:ff link-netnsid 0
# ip netns exec ns0 ip add
1: lo: mtu 65536 qdisc noop state DOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
11: ns0-bridge@if12: mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 42:52:96:38:a0:32 brd ff:ff:ff:ff:ff:ff link-netnsid 1
4、再创建一对虚拟设备,用于连接ns1和bridge
# ip link add type veth
# ip link set dev veth0 name ns1-bridge netns ns1
# ip link set dev veth1 name bridge-ns1 netns bridge
5、给网桥创建虚拟桥
# ip netns exec bridge brctl addbr br
# ip netns exec bridge ip link set dev br up
# ip netns exec bridge ip link set dev bridge-ns0 up
# ip netns exec bridge ip link set dev bridge-ns1 up
网桥内部接口互联
# ip netns exec bridge brctl addif br bridge-ns0
# ip netns exec bridge brctl addif br bridge-ns1
6、ns1、ns2设置ip
# ip netns exec ns0 ip address add 10.0.0.1/24 dev ns0-bridge
# ip netns exec ns1 ip address add 10.0.0.2/24 dev ns1-bridge
# ip netns exec ns0 ip link set dev ns0-bridge up
# ip netns exec ns1 ip link set dev ns1-bridge up
7、测试
# ip netns exec ns0 ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.057 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.067 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.053 ms
作者:计算机-周卓
