首先创建一个netns "ns-test".

[router] / # ip netns add ns-test

[router] / # ip netns list
ns-test

创建一对veth_pair.在主机侧,接口名为p1,对侧为p2

[router] / # ip link add p1 type veth peer p2 netns ns-test
[router] / #

将p1加入host侧的bridge.

[router] / # brctl addif br-lan p1
[router] / # brctl show
bridge name bridge id STP enabled interfaces
br-lan 7fff.44657f149f45 yes ath0
                                          eth0
                                          p1

我们在新创建的网络名字空间检查一下新创建的接口

[router] / # ip netns exec ns-test ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN mode DEFAULT group default qlen 1
link/tunnel6 :: brd ::
3: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1
link/sit 0.0.0.0 brd 0.0.0.0
4: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN mode DEFAULT group default qlen 1
link/gre 0.0.0.0 brd 0.0.0.0
5: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
6: ip6gre0@NONE: <NOARP> mtu 1448 qdisc noop state DOWN mode DEFAULT group default qlen 1
link/gre6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
7: veth0@if35: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 26:56:e5:4e:a0:ce brd ff:ff:ff:ff:ff:ff link-netnsid 0

这个veth0就是我们创建的p2接口,我们可以看到他现在状态是down的,如果我们将他设置为up,并分配一个IP 192.168.1.120

[router] / # ip netns exec ns-test ip addr add 192.168.1.120/24 dev veth0
[router] / # ip netns exec ns-test ifconfig
[router] / # ip netns exec ns-test ifconfig veth0 up
[router] / # ip netns exec ns-test ifconfig
veth0     Link encap:Ethernet  HWaddr 26:56:E5:4E:A0:CE
          inet addr:192.168.1.120  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

我们尝试一下看能不能ping通192.168.1.1

[router] / # ip netns exec ns-test ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
^C
--- 192.168.1.1 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5001ms

发现不通。

我们换个命令再看看,发现veth0的状态是LOWERLAYERDOWN。

[router] / # ip netns exec ns-test ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1
    link/tunnel6 :: brd ::
3: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
    link/sit 0.0.0.0 brd 0.0.0.0
4: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1
    link/gre 0.0.0.0 brd 0.0.0.0
5: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
6: ip6gre0@NONE: <NOARP> mtu 1448 qdisc noop state DOWN group default qlen 1
    link/gre6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
7: veth0@if35: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
    link/ether 26:56:e5:4e:a0:ce brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.120/24 scope global veth0
       valid_lft forever preferred_lft forever

 

[router] / # ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
...
35: p1@if7: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master br-lan state DOWN mode DEFAULT group default qlen 1000
link/ether d2:5b:73:04:1d:f1 brd ff:ff:ff:ff:ff:ff link-netnsid 2

发现p1没有up,于是我们将其up,然后再看veth0的状态,发现变成up了。

[router] / # ip link set p1 up
[router] / # ip netns exec ns-test ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1
    link/tunnel6 :: brd ::
3: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
    link/sit 0.0.0.0 brd 0.0.0.0
4: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1
    link/gre 0.0.0.0 brd 0.0.0.0
5: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
6: ip6gre0@NONE: <NOARP> mtu 1448 qdisc noop state DOWN group default qlen 1
    link/gre6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
7: veth0@if35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 26:56:e5:4e:a0:ce brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.120/24 scope global veth0
       valid_lft forever preferred_lft forever
    inet6 fe80::2456:e5ff:fe4e:a0ce/64 scope link
       valid_lft forever preferred_lft forever

然后再ping host bridge。这下通了,但是ping不通自己

[router] / # ip netns exec ns-test ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_req=1 ttl=64 time=0.654 ms
64 bytes from 192.168.1.1: icmp_req=2 ttl=64 time=0.249 ms
64 bytes from 192.168.1.1: icmp_req=3 ttl=64 time=0.261 ms^C
--- 192.168.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.249/0.388/0.654/0.188 ms
[router] / # ip netns exec ns-test ping 192.168.1.120
PING 192.168.1.120 (192.168.1.120) 56(84) bytes of data.
^C
--- 192.168.1.120 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3008ms

我们将ns-test网络名字空间的loopback接口up.

[router] / # ip netns exec ns-test ip link set lo up
[router]
/ # ip netns exec ns-test ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 64 bytes from 192.168.1.1: icmp_req=1 ttl=64 time=0.562 ms ^C --- 192.168.1.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.562/0.562/0.562/0.000 ms [router] / # ip netns exec ns-test ping 192.168.1.120 PING 192.168.1.120 (192.168.1.120) 56(84) bytes of data. 64 bytes from 192.168.1.120: icmp_req=1 ttl=64 time=0.185 ms 64 bytes from 192.168.1.120: icmp_req=2 ttl=64 time=0.156 ms ^C --- 192.168.1.120 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.156/0.170/0.185/0.019 ms

这下都通了。