首先创建一个netns "ns-test".
[router] / # ip netns add ns-test [router] / # ip netns list ns-test
创建一对veth_pair.在主机侧,接口名为p1,对侧为p2
[router] / # ip link add p1 type veth peer p2 netns ns-test
[router] / #
将p1加入host侧的bridge.
[router] / # brctl addif br-lan p1
[router] / # brctl show
bridge name bridge id STP enabled interfaces
br-lan 7fff.44657f149f45 yes ath0
eth0
p1
我们在新创建的网络名字空间检查一下新创建的接口
[router] / # ip netns exec ns-test ip link 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN mode DEFAULT group default qlen 1 link/tunnel6 :: brd :: 3: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1 link/sit 0.0.0.0 brd 0.0.0.0 4: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN mode DEFAULT group default qlen 1 link/gre 0.0.0.0 brd 0.0.0.0 5: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 6: ip6gre0@NONE: <NOARP> mtu 1448 qdisc noop state DOWN mode DEFAULT group default qlen 1 link/gre6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 7: veth0@if35: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 26:56:e5:4e:a0:ce brd ff:ff:ff:ff:ff:ff link-netnsid 0
这个veth0就是我们创建的p2接口,我们可以看到他现在状态是down的,如果我们将他设置为up,并分配一个IP 192.168.1.120
[router] / # ip netns exec ns-test ip addr add 192.168.1.120/24 dev veth0 [router] / # ip netns exec ns-test ifconfig [router] / # ip netns exec ns-test ifconfig veth0 up [router] / # ip netns exec ns-test ifconfig veth0 Link encap:Ethernet HWaddr 26:56:E5:4E:A0:CE inet addr:192.168.1.120 Bcast:0.0.0.0 Mask:255.255.255.255 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
我们尝试一下看能不能ping通192.168.1.1
[router] / # ip netns exec ns-test ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. ^C --- 192.168.1.1 ping statistics --- 6 packets transmitted, 0 received, 100% packet loss, time 5001ms
发现不通。
我们换个命令再看看,发现veth0的状态是LOWERLAYERDOWN。
[router] / # ip netns exec ns-test ip addr 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1 link/tunnel6 :: brd :: 3: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1 link/sit 0.0.0.0 brd 0.0.0.0 4: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1 link/gre 0.0.0.0 brd 0.0.0.0 5: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 6: ip6gre0@NONE: <NOARP> mtu 1448 qdisc noop state DOWN group default qlen 1 link/gre6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 7: veth0@if35: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000 link/ether 26:56:e5:4e:a0:ce brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 192.168.1.120/24 scope global veth0 valid_lft forever preferred_lft forever
[router] / # ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
...
35: p1@if7: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master br-lan state DOWN mode DEFAULT group default qlen 1000
link/ether d2:5b:73:04:1d:f1 brd ff:ff:ff:ff:ff:ff link-netnsid 2
发现p1没有up,于是我们将其up,然后再看veth0的状态,发现变成up了。
[router] / # ip link set p1 up [router] / # ip netns exec ns-test ip addr 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1 link/tunnel6 :: brd :: 3: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1 link/sit 0.0.0.0 brd 0.0.0.0 4: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1 link/gre 0.0.0.0 brd 0.0.0.0 5: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 6: ip6gre0@NONE: <NOARP> mtu 1448 qdisc noop state DOWN group default qlen 1 link/gre6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 7: veth0@if35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 26:56:e5:4e:a0:ce brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 192.168.1.120/24 scope global veth0 valid_lft forever preferred_lft forever inet6 fe80::2456:e5ff:fe4e:a0ce/64 scope link valid_lft forever preferred_lft forever
然后再ping host bridge。这下通了,但是ping不通自己
[router] / # ip netns exec ns-test ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 64 bytes from 192.168.1.1: icmp_req=1 ttl=64 time=0.654 ms 64 bytes from 192.168.1.1: icmp_req=2 ttl=64 time=0.249 ms 64 bytes from 192.168.1.1: icmp_req=3 ttl=64 time=0.261 ms^C --- 192.168.1.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1998ms rtt min/avg/max/mdev = 0.249/0.388/0.654/0.188 ms [router] / # ip netns exec ns-test ping 192.168.1.120 PING 192.168.1.120 (192.168.1.120) 56(84) bytes of data. ^C --- 192.168.1.120 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3008ms
我们将ns-test网络名字空间的loopback接口up.
[router] / # ip netns exec ns-test ip link set lo up
[router] / # ip netns exec ns-test ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 64 bytes from 192.168.1.1: icmp_req=1 ttl=64 time=0.562 ms ^C --- 192.168.1.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.562/0.562/0.562/0.000 ms [router] / # ip netns exec ns-test ping 192.168.1.120 PING 192.168.1.120 (192.168.1.120) 56(84) bytes of data. 64 bytes from 192.168.1.120: icmp_req=1 ttl=64 time=0.185 ms 64 bytes from 192.168.1.120: icmp_req=2 ttl=64 time=0.156 ms ^C --- 192.168.1.120 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.156/0.170/0.185/0.019 ms
这下都通了。