Linux 虚拟网络 host gw
host gw
把 host 作为网关,通过网关进行数据包传输。
一、使用 Containerlab 模拟网络
a | 拓扑
b | 网络拓扑文件
# host-gw.clab.yml
name: host-gw
topology:
nodes:
gw1:
kind: linux
image: vyos/vyos:1.2.8
cmd: /sbin/init
binds:
- /lib/modules:/lib/modules
- ./startup-conf/gw1.cfg:/opt/vyatta/etc/config/config.boot
gw2:
kind: linux
image: vyos/vyos:1.2.8
cmd: /sbin/init
binds:
- /lib/modules:/lib/modules
- ./startup-conf/gw2.cfg:/opt/vyatta/etc/config/config.boot
server1:
kind: linux
image: harbor.dayuan1997.com/devops/nettool:0.9
exec:
- ip addr add 10.1.5.10/24 dev net0
- ip route replace default via 10.1.5.1
server2:
kind: linux
image: harbor.dayuan1997.com/devops/nettool:0.9
exec:
- ip addr add 10.1.8.10/24 dev net0
- ip route replace default via 10.1.8.1
links:
- endpoints: ["gw1:eth1", "server1:net0"]
- endpoints: ["gw2:eth1", "server2:net0"]
- endpoints: ["gw1:eth2", "gw2:eth2"]
c | VyOS 配置文件
gw1.cfg
配置文件
# ./startup-conf/gw1.cfg
interfaces {
ethernet eth1 {
address 10.1.5.1/24
duplex auto
smp-affinity auto
speed auto
}
ethernet eth2 {
address 172.12.1.10/24
duplex auto
smp-affinity auto
speed auto
}
loopback lo {
}
}
protocols {
# 静态路由,指定到达 10.1.8.0/24 网络的下一条为 172.12.1.11, 172.12.1.11 和 172.12.1.10 互为 veth pair
static {
route 10.1.8.0/24 {
next-hop 172.12.1.11 {
}
}
}
}
system {
config-management {
commit-revisions 100
}
console {
device ttyS0 {
speed 9600
}
}
host-name vyos
login {
user vyos {
authentication {
encrypted-password $6$QxPS.uk6mfo$9QBSo8u1FkH16gMyAVhus6fU3LOzvLR9Z9.82m3tiHFAxTtIkhaZSWssSgzt4v4dGAL8rhVQxTg0oAG9/q11h/
plaintext-password ""
}
level admin
}
}
ntp {
server 0.pool.ntp.org {
}
server 1.pool.ntp.org {
}
server 2.pool.ntp.org {
}
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
time-zone UTC
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "dns-forwarding@1:mdns@1:ssh@1:webproxy@1:webgui@1:zone-policy@1:broadcast-relay@1:l2tp@1:cluster@1:snmp@1:pppoe-server@2:conntrack@1:wanloadbalance@3:webproxy@2:firewall@5:ntp@1:dhcp-server@5:dhcp-relay@2:system@10:nat@4:quagga@7:qos@1:ipsec@5:conntrack-sync@1:config-management@1:vrrp@2:pptp@1" === */
/* Release version: 1.2.8 */
gw2.cfg
配置文件
# ./startup-conf/gw1.cfg
interfaces {
ethernet eth1 {
address 10.1.8.1/24
duplex auto
smp-affinity auto
speed auto
}
ethernet eth2 {
address 172.12.1.11/24
duplex auto
smp-affinity auto
speed auto
}
loopback lo {
}
}
protocols {
# 静态路由,指定到达 10.1.5.0/24 网络的下一条为 172.12.1.10, 172.12.1.10 和 172.12.1.11 互为 veth pair
static {
route 10.1.5.0/24 {
next-hop 172.12.1.10 {
}
}
}
}
system {
config-management {
commit-revisions 100
}
console {
device ttyS0 {
speed 9600
}
}
host-name vyos
login {
user vyos {
authentication {
encrypted-password $6$QxPS.uk6mfo$9QBSo8u1FkH16gMyAVhus6fU3LOzvLR9Z9.82m3tiHFAxTtIkhaZSWssSgzt4v4dGAL8rhVQxTg0oAG9/q11h/
plaintext-password ""
}
level admin
}
}
ntp {
server 0.pool.ntp.org {
}
server 1.pool.ntp.org {
}
server 2.pool.ntp.org {
}
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
time-zone UTC
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "dns-forwarding@1:mdns@1:ssh@1:webproxy@1:webgui@1:zone-policy@1:broadcast-relay@1:l2tp@1:cluster@1:snmp@1:pppoe-server@2:conntrack@1:wanloadbalance@3:webproxy@2:firewall@5:ntp@1:dhcp-server@5:dhcp-relay@2:system@10:nat@4:quagga@7:qos@1:ipsec@5:conntrack-sync@1:config-management@1:vrrp@2:pptp@1" === */
/* Release version: 1.2.8 */
d | 部署服务
# tree -L 2 ./
./
├── host-gw.clab.yml
└── startup-conf
├── gw1.cfg
└── gw2.cfg
# clab deploy -t host-gw.clab.yml
INFO[0000] Containerlab v0.54.2 started
INFO[0000] Parsing & checking topology file: 1.yaml
INFO[0000] Creating docker network: Name="clab", IPv4Subnet="172.20.20.0/24", IPv6Subnet="2001:172:20:20::/64", MTU=1500
INFO[0000] Creating lab directory: /root/wcni-kind/network/5-demo-cni/5-host-gw/1-clab-host-gw/clab-host-gw
INFO[0000] Creating container: "server2"
INFO[0000] Creating container: "gw1"
INFO[0000] Creating container: "gw2"
INFO[0001] Creating container: "server1"
INFO[0001] Created link: gw2:eth1 <--> server2:net0
INFO[0001] Created link: gw1:eth2 <--> gw2:eth2
INFO[0002] Created link: gw1:eth1 <--> server1:net0
INFO[0002] Executed command "ip addr add 10.1.8.10/24 dev net0" on the node "server2". stdout:
INFO[0002] Executed command "ip route replace default via 10.1.8.1" on the node "server2". stdout:
INFO[0002] Executed command "ip addr add 10.1.5.10/24 dev net0" on the node "server1". stdout:
INFO[0002] Executed command "ip route replace default via 10.1.5.1" on the node "server1". stdout:
INFO[0002] Adding containerlab host entries to /etc/hosts file
INFO[0002] Adding ssh config for containerlab nodes
INFO[0002] 🎉 New containerlab version 0.55.0 is available! Release notes: https://containerlab.dev/rn/0.55/
Run 'containerlab version upgrade' to upgrade or go check other installation options at https://containerlab.dev/install/
+---+----------------------+--------------+------------------------------------------+-------+---------+----------------+----------------------+
| # | Name | Container ID | Image | Kind | State | IPv4 Address | IPv6 Address |
+---+----------------------+--------------+------------------------------------------+-------+---------+----------------+----------------------+
| 1 | clab-host-gw-gw1 | 440eb562396a | vyos/vyos:1.2.8 | linux | running | 172.20.20.2/24 | 2001:172:20:20::2/64 |
| 2 | clab-host-gw-gw2 | 54bf443a9a15 | vyos/vyos:1.2.8 | linux | running | 172.20.20.4/24 | 2001:172:20:20::4/64 |
| 3 | clab-host-gw-server1 | a7b7da6c43ba | harbor.dayuan1997.com/devops/nettool:0.9 | linux | running | 172.20.20.5/24 | 2001:172:20:20::5/64 |
| 4 | clab-host-gw-server2 | 5c767bb152b9 | harbor.dayuan1997.com/devops/nettool:0.9 | linux | running | 172.20.20.3/24 | 2001:172:20:20::3/64 |
+---+----------------------+--------------+------------------------------------------+-------+---------+----------------+----------------------+
e | 查看 4 个容器路由表信息
## clab-host-gw-server1 主机路由
# lo clab-host-gw-server1 route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.1.5.1 0.0.0.0 UG 0 0 0 net0
10.1.5.0 0.0.0.0 255.255.255.0 U 0 0 0 net0
172.20.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
## clab-host-gw-server2 主机路由
# lo clab-host-gw-server2 route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.1.8.1 0.0.0.0 UG 0 0 0 net0
10.1.8.0 0.0.0.0 255.255.255.0 U 0 0 0 net0
172.20.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
## clab-host-gw-gw1 主机路由
# lo clab-host-gw-gw1 route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.20.20.1 0.0.0.0 UG 0 0 0 eth0
10.1.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.1.8.0 172.12.1.11 255.255.255.0 UG 20 0 0 eth2
172.12.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
172.20.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
## clab-host-gw-gw2 主机路由
# lo clab-host-gw-gw2 route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.20.20.1 0.0.0.0 UG 0 0 0 eth0
10.1.5.0 172.12.1.10 255.255.255.0 UG 20 0 0 eth2
10.1.8.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
172.12.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
172.20.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
f| 抓包分析
s1.cap包分析
server1~$ ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
10: net0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9500 qdisc noqueue state UP group default
link/ether aa:c1:ab:0a:31:ba brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet 10.1.5.10/24 scope global net0
valid_lft forever preferred_lft forever
inet6 fe80::a8c1:abff:fe0a:31ba/64 scope link
valid_lft forever preferred_lft forever
18: eth0@if19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:14:14:05 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.20.20.5/24 brd 172.20.20.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2001:172:20:20::5/64 scope global nodad
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe14:1405/64 scope link
valid_lft forever preferred_lft forever
server1~$ arp -n
Address HWtype HWaddress Flags Mask Iface
10.1.5.1 ether aa:c1:ab:b8:da:60 C net0
icmp 包中,源 mac 地址:aa:c1:ab:0a:31:ba 目标 mac 地址:aa:c1:ab:b8:da:60 , 分别为 s1 主机的 net0 网卡的 mac 地址,和 gw1 路由器 10.1.5.1 ip 的 mac 地址
gw1.cap包分析
root@gw1:/# ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:14:14:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.20.20.2/24 brd 172.20.20.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2001:172:20:20::2/64 scope global nodad
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe14:1402/64 scope link
valid_lft forever preferred_lft forever
11: eth1@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9500 qdisc noqueue state UP group default
link/ether aa:c1:ab:b8:da:60 brd ff:ff:ff:ff:ff:ff link-netnsid 2
inet 10.1.5.1/24 brd 10.1.5.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::a8c1:abff:feb8:da60/64 scope link
valid_lft forever preferred_lft forever
13: eth2@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9500 qdisc noqueue state UP group default
link/ether aa:c1:ab:43:ad:26 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet 172.12.1.10/24 brd 172.12.1.255 scope global eth2
valid_lft forever preferred_lft forever
inet6 fe80::a8c1:abff:fe43:ad26/64 scope link
valid_lft forever preferred_lft forever
root@gw1:/# arp -n
Address HWtype HWaddress Flags Mask Iface
172.20.20.1 ether 02:42:69:09:a0:d5 C eth0
172.12.1.11 ether aa:c1:ab:e4:7f:96 C eth2
10.1.5.10 ether aa:c1:ab:0a:31:ba C eth1
icmp 包中,源 mac 地址:aa:c1:ab:43:ad:26 目标 mac 地址:aa:c1:ab:e4:7f:96 ,分别为 gw1 路由器的 eth2 网卡的 mac 地址,和 gw2 路由器 172.12.1.11 ip 的 mac 地址
gw2.cap包分析
root@vyos:/# ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
12: eth2@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9500 qdisc noqueue state UP group default
link/ether aa:c1:ab:e4:7f:96 brd ff:ff:ff:ff:ff:ff link-netnsid 2
inet 172.12.1.11/24 brd 172.12.1.255 scope global eth2
valid_lft forever preferred_lft forever
inet6 fe80::a8c1:abff:fee4:7f96/64 scope link
valid_lft forever preferred_lft forever
14: eth0@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:14:14:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.20.20.4/24 brd 172.20.20.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2001:172:20:20::4/64 scope global nodad
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe14:1404/64 scope link
valid_lft forever preferred_lft forever
16: eth1@if17: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9500 qdisc noqueue state UP group default
link/ether aa:c1:ab:55:86:a1 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet 10.1.8.1/24 brd 10.1.8.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::a8c1:abff:fe55:86a1/64 scope link
valid_lft forever preferred_lft forever
root@vyos:/# arp -n
Address HWtype HWaddress Flags Mask Iface
172.20.20.1 ether 02:42:69:09:a0:d5 C eth0
10.1.8.10 ether aa:c1:ab:bb:da:b9 C eth1
172.12.1.10 ether aa:c1:ab:43:ad:26 C eth2
icmp 包中,源 mac 地址:aa:c1:ab:55:86:a1 目标 mac 地址:aa:c1:ab:bb:da:b9 ,分别为 gw2 路由器的 eth1 网卡的 mac 地址,和 s2 路由器 10.1.8.10 ip 的 mac 地址
s2.cap包分析
server2~$ ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:14:14:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.20.20.3/24 brd 172.20.20.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2001:172:20:20::3/64 scope global nodad
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe14:1403/64 scope link
valid_lft forever preferred_lft forever
17: net0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9500 qdisc noqueue state UP group default
link/ether aa:c1:ab:bb:da:b9 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet 10.1.8.10/24 scope global net0
valid_lft forever preferred_lft forever
inet6 fe80::a8c1:abff:febb:dab9/64 scope link
valid_lft forever preferred_lft forever
server2~$ arp -n
Address HWtype HWaddress Flags Mask Iface
10.1.8.1 ether aa:c1:ab:55:86:a1 C net0
icmp 包中,源 mac 地址:aa:c1:ab:55:86:a1 目标 mac 地址:aa:c1:ab:bb:da:b9 ,分别为 gw2 路由器 10.1.8.1 ip 的 mac 地址,和 s2 路由器 net0 的 mac 地址
- 总结:查看上面
4张抓包图片,可以分析到,在host-gw模式中,数据包的转发流程中:mac地址,每经过一个节点,源mac和 目标mac均会发生改变ip地址,源ip和 目标ip不会发生改变
g | VyOS cli 配置
gw1cli接口配置
root@gw1:/# show configuration commands
set interfaces ethernet eth1 address '10.1.5.1/24'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 smp-affinity 'auto'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth2 address '172.12.1.10/24'
set interfaces ethernet eth2 duplex 'auto'
set interfaces ethernet eth2 smp-affinity 'auto'
set interfaces ethernet eth2 speed 'auto'
set interfaces loopback lo
set protocols static route 10.1.8.0/24 next-hop 172.12.1.11
set system config-management commit-revisions '100'
set system console device ttyS0 speed '9600'
set system host-name 'vyos'
set system login user vyos authentication encrypted-password '$6$QxPS.uk6mfo$9QBSo8u1FkH16gMyAVhus6fU3LOzvLR9Z9.82m3tiHFAxTtIkhaZSWssSgzt4v4dGAL8rhVQxTg0oAG9/q11h/'
set system login user vyos authentication plaintext-password ''
set system login user vyos level 'admin'
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set system ntp server 2.pool.ntp.org
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'
set system time-zone 'UTC'
gw2cli接口配置
root@gw2:/# show configuration commands
set interfaces ethernet eth1 address '10.1.8.1/24'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 smp-affinity 'auto'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth2 address '172.12.1.11/24'
set interfaces ethernet eth2 duplex 'auto'
set interfaces ethernet eth2 smp-affinity 'auto'
set interfaces ethernet eth2 speed 'auto'
set interfaces loopback lo
set protocols static route 10.1.5.0/24 next-hop 172.12.1.10
set system config-management commit-revisions '100'
set system console device ttyS0 speed '9600'
set system host-name 'vyos'
set system login user vyos authentication encrypted-password '$6$QxPS.uk6mfo$9QBSo8u1FkH16gMyAVhus6fU3LOzvLR9Z9.82m3tiHFAxTtIkhaZSWssSgzt4v4dGAL8rhVQxTg0oAG9/q11h/'
set system login user vyos authentication plaintext-password ''
set system login user vyos level 'admin'
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set system ntp server 2.pool.ntp.org
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'
set system time-zone 'UTC'
h | 销毁服务
# clab destroy -t host-gw.clab.yml
二、手动搭建 host-gw 网络
a | 拓扑
b | 配置命令
- host 141 主机配置命令
# host 141
## 创建名称空间
ip netns add ns1
## 创建 br0 类型为网桥
ip l a br0 type bridge
ip l s br0 up
## 创建 1对 veth pair 网卡
ip l a int0 type veth peer name br-int0
## ns1 配置信息,网卡 int0 一端插到 ns1,一端插到 br0 网桥
ip l s int0 netns ns1
ip netns exec ns1 ip l s int0 up
ip netns exec ns1 ip a a 10.1.5.10/24 dev int0
ip netns exec ns1 ip r a default via 10.1.5.1 dev int0
## veth pair 网卡另一端插到 br0 网桥
ip l s br-int0 master br0
ip l s br-int0 up
## br0 网卡是在为网关 宿主机添加路由 打通网络
ip a a 10.1.5.1/24 dev br0
ip r a 10.1.8.0/24 via 172.16.94.142 dev ens33
- host 142 主机配置命令
# host 142
## 创建名称空间
ip netns add ns1
## 创建 br0 类型为网桥
ip l a br0 type bridge
ip l s br0 up
## 创建 1对 veth pair 网卡
ip l a int0 type veth peer name br-int0
## ns1 配置信息,网卡 int0 一端插到 ns1,一端插到 br0 网桥
ip l s int0 netns ns1
ip netns exec ns1 ip l s int0 up
ip netns exec ns1 ip a a 10.1.8.10/24 dev int0
ip netns exec ns1 ip r a default via 10.1.8.1
## veth pair 网卡另一端插到 br0 网桥
ip l s br-int0 master br0
ip l s br-int0 up
## br0 网卡是在为网关 宿主机添加路由 打通网络
ip a a 10.1.8.1/24 dev br0
ip r a 10.1.5.0/24 via 172.16.94.141 dev ens33
c | 测试网络
# ip netns exec ns1 ping 10.1.8.10 -c 1
PING 10.1.8.10 (10.1.8.10) 56(84) bytes of data.
64 bytes from 10.1.8.10: icmp_seq=1 ttl=62 time=0.610 ms
--- 10.1.8.10 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.610/0.610/0.610/0.000 ms
d | IP 路由信息查看
141主机ns1名称空间
# ip netns exec ns1 ip a l
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
7: int0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 8e:68:40:dc:b0:c8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.1.5.10/24 scope global int0
valid_lft forever preferred_lft forever
inet6 fe80::8c68:40ff:fedc:b0c8/64 scope link
valid_lft forever preferred_lft forever
# ip netns exec ns1 route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.1.5.1 0.0.0.0 UG 0 0 0 int0
10.1.5.0 0.0.0.0 255.255.255.0 U 0 0 0 int0
141主机
# ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:81:cc:3a brd ff:ff:ff:ff:ff:ff
inet 172.16.94.141/24 brd 172.16.94.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe81:cc3a/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:3b:a8:a3:f7 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 96:93:f4:d4:81:f0 brd ff:ff:ff:ff:ff:ff
inet 10.1.5.1/24 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::ecbe:88ff:fe2a:65a0/64 scope link
valid_lft forever preferred_lft forever
6: br-int0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default qlen 1000
link/ether 96:93:f4:d4:81:f0 brd ff:ff:ff:ff:ff:ff link-netns ns1
inet6 fe80::9493:f4ff:fed4:81f0/64 scope link
valid_lft forever preferred_lft forever
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.16.94.2 0.0.0.0 UG 0 0 0 ens33
10.1.5.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
10.1.8.0 172.16.94.142 255.255.255.0 UG 0 0 0 ens33
172.16.94.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
142主机ns1名称空间
# ip netns exec ns1 ip a l
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
6: int0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 5a:52:38:f5:31:41 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.1.8.10/24 scope global int0
valid_lft forever preferred_lft forever
inet6 fe80::5852:38ff:fef5:3141/64 scope link
valid_lft forever preferred_lft forever
# ip netns exec ns1 route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.1.8.1 0.0.0.0 UG 0 0 0 int0
10.1.8.0 0.0.0.0 255.255.255.0 U 0 0 0 int0
142主机
# ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:1a:5c:d3 brd ff:ff:ff:ff:ff:ff
inet 172.16.94.142/24 brd 172.16.94.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe1a:5cd3/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:88:a3:b7:c1 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether fa:aa:5a:49:22:37 brd ff:ff:ff:ff:ff:ff
inet 10.1.8.1/24 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::4495:c4ff:fe58:b23f/64 scope link
valid_lft forever preferred_lft forever
5: br-int0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default qlen 1000
link/ether fa:aa:5a:49:22:37 brd ff:ff:ff:ff:ff:ff link-netns ns1
inet6 fe80::f8aa:5aff:fe49:2237/64 scope link
valid_lft forever preferred_lft forever
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.16.94.2 0.0.0.0 UG 0 0 0 ens33
10.1.5.0 172.16.94.141 255.255.255.0 UG 0 0 0 ens33
10.1.8.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
172.16.94.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
e | 资源回收
## 141
# ip netns del ns1 && ip l d br0 && reboot
## 142
# ip netns del ns1 && ip l d br0 && reboot
三、 Docker 搭建 host-gw 网络
a | 拓扑
b | 配置命令
- host 141 主机配置命令
# host 141
## 创建 docker 网桥
docker network create -d bridge --subnet=172.100.0.0/24 n1
## 创建容器,使用上面新创建的网桥
docker run --name t1 -d --net n1 harbor.dayuan1997.com/devops/nettool:0.9
## 添加路由信息
ip route add 172.200.0.0/24 via 172.16.94.142 dev ens33
- host 142 主机配置命令
# host 142
## 创建 docker 网桥,使用的ip地址段,要不同于 141 主机
docker network create -d bridge --subnet=172.200.0.0/24 n2
## 创建容器,使用上面新创建的网桥
docker run --name t2 -d --net n2 harbor.dayuan1997.com/devops/nettool:0.9
## 添加路由信息
ip route add 172.100.0.0/24 via 172.16.94.141 dev ens33
c | 测试网络
## 141
# docker exec -it t1 ping 172.200.0.2 -c 1
PING 172.200.0.2 (172.200.0.2): 56 data bytes
64 bytes from 172.200.0.2: seq=0 ttl=62 time=0.575 ms
--- 172.200.0.2 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.575/0.575/0.575 ms
## 142
# docker exec -it t2 ping 172.100.0.2 -c 1
PING 172.100.0.2 (172.100.0.2): 56 data bytes
64 bytes from 172.100.0.2: seq=0 ttl=62 time=0.778 ms
--- 172.100.0.2 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.778/0.778/0.778 ms
d | IP 路由信息查看
141主机t1容器
# docker exec -it t1 ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:64:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.100.0.2/24 brd 172.100.0.255 scope global eth0
valid_lft forever preferred_lft forever
# docker exec -it t1 route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.100.0.1 0.0.0.0 UG 0 0 0 eth0
172.100.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
141主机
# ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:81:cc:3a brd ff:ff:ff:ff:ff:ff
inet 172.16.94.141/24 brd 172.16.94.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe81:cc3a/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:3e:cd:95:a1 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
5: br-ab911541487a: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:19:7a:f2:73 brd ff:ff:ff:ff:ff:ff
inet 172.100.0.1/24 brd 172.100.0.255 scope global br-ab911541487a
valid_lft forever preferred_lft forever
inet6 fe80::42:19ff:fe7a:f273/64 scope link
valid_lft forever preferred_lft forever
7: vethbf6b0f3@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-ab911541487a state UP group default
link/ether 3e:db:3a:e2:a7:cc brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::3cdb:3aff:fee2:a7cc/64 scope link
valid_lft forever preferred_lft forever
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.16.94.2 0.0.0.0 UG 0 0 0 ens33
172.16.94.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.100.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br-ab911541487a
172.200.0.0 172.16.94.142 255.255.255.0 UG 0 0 0 ens33
142主机t2容器
# docker exec -it t2 ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
5: eth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:c8:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.200.0.2/24 brd 172.200.0.255 scope global eth0
valid_lft forever preferred_lft forever
# docker exec -it t2 route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.200.0.1 0.0.0.0 UG 0 0 0 eth0
172.200.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
142主机
# ip a l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:1a:5c:d3 brd ff:ff:ff:ff:ff:ff
inet 172.16.94.142/24 brd 172.16.94.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe1a:5cd3/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:9f:a6:58:43 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
4: br-b1a541756313: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:43:ea:b4:26 brd ff:ff:ff:ff:ff:ff
inet 172.200.0.1/24 brd 172.200.0.255 scope global br-b1a541756313
valid_lft forever preferred_lft forever
inet6 fe80::42:43ff:feea:b426/64 scope link
valid_lft forever preferred_lft forever
6: veth4c8e3b9@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-b1a541756313 state UP group default
link/ether 06:f9:1f:8f:ed:3e brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::4f9:1fff:fe8f:ed3e/64 scope link
valid_lft forever preferred_lft forever
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.16.94.2 0.0.0.0 UG 0 0 0 ens33
172.16.94.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.100.0.0 172.16.94.141 255.255.255.0 UG 0 0 0 ens33
172.200.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br-b1a541756313
e | 资源回收
## 141
# docker stop t1 && docker rm t1 && reboot
## 142
# docker stop t2 && docker rm t2 && reboot
