网络命名空间和网桥的基本操作命令
一。6种名称空间
1. UTS:主机名和域名
2. User:用户
3. Mount:挂载文件系统
4. IPC:进程间通信
5. Pid:进程ID
6. Net:网络
二。网络名称空间
1. 查看是否有 iproute
[gh@localhost ~]$ rpm -q iproute iproute-3.10.0-87.el7.x86_64 [gh@localhost ~]$
2. 创建n1,n2网络名称空间
[root@localhost ~]# ip netns add n1 [root@localhost ~]# ip netns add n2 [root@localhost ~]#
---- 这种方式创建只有网络名称空间是独立的,其他名称空间不是独立的
[root@localhost ~]# mkdir /var/testNS // 主机创建的文件夹n1名称空间可用 [root@localhost ~]# ls /var/ |grep "testNS" testNS [root@localhost ~]# ip netns exec n1 ls /var/ |grep "testNS" testNS [root@localhost ~]# ip netns exec n1 mkdir /var/testNS1 // n1名称空间创建的文件夹主机可用 [root@localhost ~]# ip netns exec n1 ls /var/ |grep "testNS" testNS testNS1 [root@localhost ~]# ls /var/ |grep "testNS" testNS testNS1 [root@localhost ~]#
3. 查看网络名称空间
[root@localhost ~]# ip netns list n2 n1 [root@localhost ~]#
4. n1网络空间里执行查看网卡接口命令
[root@localhost ~]# ip netns exec n1 ifconfig [root@localhost ~]# ip netns exec n1 ifconfig -a lo: flags=8<LOOPBACK> mtu 65536 loop txqueuelen 1 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost ~]#
5. 创建两个以太网网卡对并查看设备
[root@localhost ~]# ip link add name veth1.1 type veth peer name veth1.2 [root@localhost ~]# ip link show |grep "veth"
7: veth1.2@veth1.1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 3e:5c:76:42:02:21 brd ff:ff:ff:ff:ff:ff 8: veth1.1@veth1.2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 16:a9:17:44:6b:cf brd ff:ff:ff:ff:ff:ff [root@localhost ~]#
6. 把veth1.2放到n1里
[root@localhost ~]# ip link set dev veth1.2 netns n1 [root@localhost ~]# ip link show |grep "veth" 8: veth1.1@if7: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 [root@localhost ~]#
7. 查看n1
[root@localhost ~]# ip netns exec n1 ifconfig -a |grep "veth" veth1.2: flags=4098<BROADCAST,MULTICAST> mtu 1500 [root@localhost ~]#
8. 在n1把veth1.2改成eth0
[root@localhost ~]# ip netns exec n1 ip link set dev veth1.2 name eth0 [root@localhost ~]# ip netns exec n1 ifconfig -a |grep "veth" [root@localhost ~]# ip netns exec n1 ifconfig -a |grep "eth0" eth0: flags=4098<BROADCAST,MULTICAST> mtu 1500 [root@localhost ~]#
9. 启动veth1.1并赋予ip
[root@localhost ~]# ifconfig |grep "veth" [root@localhost ~]# ifconfig -a |grep "veth" veth1.1: flags=4098<BROADCAST,MULTICAST> mtu 1500 [root@localhost ~]# ifconfig veth1.1 10.1.0.1/24 up [root@localhost ~]# ifconfig |grep "veth" veth1.1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 [root@localhost ~]#
10. 把n1里的也启动并赋予ip
[root@localhost ~]# ip netns exec n1 ifconfig eth0 10.1.0.2/24 up [root@localhost ~]# ip netns exec n1 ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.1.0.2 netmask 255.255.255.0 broadcast 10.1.0.255 inet6 fe80::3c5c:76ff:fe42:221 prefixlen 64 scopeid 0x20<link> ether 3e:5c:76:42:02:21 txqueuelen 1000 (Ethernet) RX packets 8 bytes 648 (648.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8 bytes 648 (648.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost ~]#
11. 主机和n1通信
[root@localhost ~]# ping -c3 10.1.0.2 PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data. 64 bytes from 10.1.0.2: icmp_seq=1 ttl=64 time=0.037 ms 64 bytes from 10.1.0.2: icmp_seq=2 ttl=64 time=0.034 ms 64 bytes from 10.1.0.2: icmp_seq=3 ttl=64 time=0.040 ms --- 10.1.0.2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1999ms rtt min/avg/max/mdev = 0.034/0.037/0.040/0.002 ms [root@localhost ~]#
12. 把veth1.1放到n2
[root@localhost ~]# ip link set dev veth1.1 netns n2 [root@localhost ~]# ip netns exec n2 ifconfig veth1.1 10.1.0.1/24 up [root@localhost ~]# ip netns exec n2 ifconfig veth1.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.1.0.1 netmask 255.255.255.0 broadcast 10.1.0.255 inet6 fe80::14a9:17ff:fe44:6bcf prefixlen 64 scopeid 0x20<link> ether 16:a9:17:44:6b:cf txqueuelen 1000 (Ethernet) RX packets 15 bytes 1222 (1.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 22 bytes 1800 (1.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost ~]#
13. n2通信n1
[root@localhost ~]# ip netns exec n2 ping -c3 10.1.0.2 PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data. 64 bytes from 10.1.0.2: icmp_seq=1 ttl=64 time=0.057 ms 64 bytes from 10.1.0.2: icmp_seq=2 ttl=64 time=0.035 ms 64 bytes from 10.1.0.2: icmp_seq=3 ttl=64 time=0.036 ms --- 10.1.0.2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1999ms rtt min/avg/max/mdev = 0.035/0.042/0.057/0.012 ms [root@localhost ~]#
14. 主机通信n1或者n2都不通
[root@localhost ~]# ping -c3 10.1.0.2 PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data. --- 10.1.0.2 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2000ms [root@localhost ~]#
三。网桥(参考:https://segmentfault.com/a/1190000009491002)
1. 创建br0网桥并启动
[root@localhost ~]# ip link add name br0 type bridge [root@localhost ~]# ip link set br0 up [root@localhost ~]# ifconfig br0 br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::c84b:56ff:fe15:5897 prefixlen 64 scopeid 0x20<link> ether ca:4b:56:15:58:97 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8 bytes 648 (648.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost ~]#
2. 创建以太网(veth)类型的网卡对veth0和veth1
[root@localhost ~]# ip link add veth0 type veth peer name veth1 [root@localhost ~]# ip addr add 10.20.1.10/24 dev veth0 [root@localhost ~]# ip link set veth0 up [root@localhost ~]# ifconfig |grep -A 2 "veth" veth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 10.20.1.10 netmask 255.255.255.0 broadcast 0.0.0.0 inet6 fe80::e833:53ff:fe7f:c089 prefixlen 64 scopeid 0x20<link> [root@localhost ~]#
3. 创建ns1网络名称空间并把veth1加入
[root@localhost ~]# ip netns add n1 [root@localhost ~]# ip link set dev veth1 netns n1 [root@localhost ~]# ip netns exec n1 ip addr add 10.20.1.20/24 dev veth1 [root@localhost ~]# ip netns exec n1 ip link set veth1 up [root@localhost ~]# ip netns exec n1 ifconfig veth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.20.1.20 netmask 255.255.255.0 broadcast 0.0.0.0 inet6 fe80::c0c7:24ff:fe52:6397 prefixlen 64 scopeid 0x20<link> ether c2:c7:24:52:63:97 txqueuelen 1000 (Ethernet) RX packets 8 bytes 648 (648.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 15 bytes 1226 (1.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost ~]#
4. veth0和veth1通信成功
[root@localhost ~]# ping -c1 10.20.1.20 PING 10.20.1.20 (10.20.1.20) 56(84) bytes of data. 64 bytes from 10.20.1.20: icmp_seq=1 ttl=64 time=0.082 ms --- 10.20.1.20 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.082/0.082/0.082/0.000 ms [root@localhost ~]#
5. 把veth0连接上网桥br0
[root@localhost ~]# ip link set dev veth0 master br0 [root@localhost ~]# bridge link 7: veth0 state UP @(null): <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 2 [root@localhost ~]#
---- 此时br0的mac地址为veth0的mac地址且veth0不再转发数据给内核(协议栈),而是br0来转发。
6. veth0和veth1通信失败
[root@localhost ~]# ping -c1 10.20.1.20 PING 10.20.1.20 (10.20.1.20) 56(84) bytes of data. --- 10.20.1.20 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms [root@localhost ~]#
7. 给br0配置ip来转发数据给内核(协议栈),接着通信还是失败
[root@localhost ~]# ip addr add 10.20.1.15/24 dev br0 [root@localhost ~]# ifconfig br0 br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.20.1.15 netmask 255.255.255.0 broadcast 0.0.0.0 inet6 fe80::c84b:56ff:fe15:5897 prefixlen 64 scopeid 0x20<link> ether ea:33:53:7f:c0:89 txqueuelen 1000 (Ethernet) RX packets 5 bytes 196 (196.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8 bytes 648 (648.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost ~]# ping -c1 10.20.1.20 PING 10.20.1.20 (10.20.1.20) 56(84) bytes of data. From 10.20.1.10 icmp_seq=1 Destination Host Unreachable --- 10.20.1.20 ping statistics --- 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms [root@localhost ~]#
8. 删除veth0的默认路由,接着通信成功
[root@localhost ~]# ip route show |grep "10.20.1.0" 10.20.1.0/24 dev veth0 proto kernel scope link src 10.20.1.10 10.20.1.0/24 dev br0 proto kernel scope link src 10.20.1.15 [root@localhost ~]# ip route del 10.20.1.0/24 dev veth0 [root@localhost ~]# ip route show |grep "10.20.1.0" 10.20.1.0/24 dev br0 proto kernel scope link src 10.20.1.15 [root@localhost ~]# ping -c1 10.20.1.20 PING 10.20.1.20 (10.20.1.20) 56(84) bytes of data. 64 bytes from 10.20.1.20: icmp_seq=1 ttl=64 time=0.059 ms --- 10.20.1.20 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.059/0.059/0.059/0.000 ms [root@localhost ~]#
9.同理可把物理网卡桥接到网桥