Linux 虚拟网络设备---router、tun

版权声明:本文为博主原创文章,未经博主允许不得转载。原创不易,各位勉之。 https://blog.csdn.net/LL845876425/article/details/82729161

Linux 虚拟网络设备—router、tun

router

router在虚拟网络中就是路由器,实现三层通信作用。

Linux 本身开启转发功能后就是一个路由器。

# 开启转发策略
[root@public ~]# cat /proc/sys/net/ipv4/ip_forward
0
[root@public ~]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf 
[root@public ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@public ~]# cat /proc/sys/net/ipv4/ip_forward
1
[root@public ~]# 

使用测试用例,模拟验证router功能,拓扑图如下:

这里写图片描述

根据拓扑图创建对应设备:

# 开启转发后,根据拓扑进行配置
[root@public ~]# 
[root@public ~]# ip link add tap1 type veth peer name tap1_peer
[root@public ~]# ip link add tap2 type veth peer name tap2_peer
[root@public ~]# 
[root@public ~]# ip netns add ns1
[root@public ~]# ip netns add ns2
[root@public ~]# 
[root@public ~]# ip link set tap1 netns ns1
[root@public ~]# ip link set tap2 netns ns2
[root@public ~]# 
[root@public ~]# ip addr add 192.168.1.1/24 dev tap1_peer
[root@public ~]# ip addr add 192.168.2.1/24 dev tap2_peer
[root@public ~]# ip netns exec ns1 ip addr add 192.168.1.100/24 dev tap1
[root@public ~]# ip netns exec ns2 ip addr add 192.168.2.100/24 dev tap2
[root@public ~]# 
[root@public ~]# ip link set tap1_peer up
[root@public ~]# ip link set tap2_peer up
[root@public ~]# ip netns exec ns1 ip link set tap1 up
[root@public ~]# ip netns exec ns2 ip link set tap2 up
[root@public ~]# 
[root@public ~]# ip netns exec ns1 ping 192.168.2.100
connect: Network is unreachable
[root@public ~]# 


配置好ip后,发现直接通信,无法成功,检查路由信息后,发现没有去另一网段的路由,配置路由再进行测试。


[root@public ~]# ip netns exec ns1 route -nee
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface    MSS   Window irtt
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 tap1     0     0      0
[root@public ~]# 
[root@public ~]# ip netns exec ns1 route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.1
[root@public ~]# ip netns exec ns2 route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.2.1
[root@public ~]# 
[root@public ~]# ip netns exec ns1 route -nee
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface    MSS   Window irtt
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 tap1     0     0      0
192.168.2.0     192.168.1.1     255.255.255.0   UG    0      0        0 tap1     0     0      0
[root@public ~]# 
[root@public ~]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether fa:16:3e:08:0b:39 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.93/24 brd 192.168.10.255 scope global noprefixroute dynamic eth0
       valid_lft 70616sec preferred_lft 70616sec
    inet6 fe80::f816:3eff:fe08:b39/64 scope link 
       valid_lft forever preferred_lft forever
3: tap1_peer@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether ca:6c:92:02:af:32 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.1/24 scope global tap1_peer
       valid_lft forever preferred_lft forever
    inet6 fe80::c86c:92ff:fe02:af32/64 scope link 
       valid_lft forever preferred_lft forever
5: tap2_peer@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 42:c6:2a:f3:7e:37 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet 192.168.2.1/24 scope global tap2_peer
       valid_lft forever preferred_lft forever
    inet6 fe80::40c6:2aff:fef3:7e37/64 scope link 
       valid_lft forever preferred_lft forever
[root@public ~]# 
[root@public ~]# 
[root@public ~]# 
[root@public ~]# ip netns exec ns1 ping 192.168.2.100
PING 192.168.2.100 (192.168.2.100) 56(84) bytes of data.
64 bytes from 192.168.2.100: icmp_seq=1 ttl=63 time=0.020 ms
64 bytes from 192.168.2.100: icmp_seq=2 ttl=63 time=0.025 ms
64 bytes from 192.168.2.100: icmp_seq=3 ttl=63 time=0.030 ms
^C
--- 192.168.2.100 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.020/0.025/0.030/0.004 ms
[root@public ~]# 
[root@public ~]# ip netns exec ns2 ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
64 bytes from 192.168.1.100: icmp_seq=1 ttl=63 time=0.020 ms
64 bytes from 192.168.1.100: icmp_seq=2 ttl=63 time=0.036 ms
64 bytes from 192.168.1.100: icmp_seq=3 ttl=63 time=0.034 ms
^C
--- 192.168.1.100 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.020/0.030/0.036/0.007 ms
[root@public ~]# 

tun

tun是一个网络层的点对点的设备,它启用了ip层隧道功能。Linux原生支持的三层隧道,可以通过命令行ip tunnel help查看:

[root@public ~]# lsmod | grep ip
ip_tables              27115  0 
[root@public ~]# modprobe ipip
[root@public ~]# lsmod | grep ipip
ipip                   13465  0 
tunnel4                13252  1 ipip
ip_tunnel              25163  1 ipip
[root@public ~]# 
[root@public ~]# ip tunnel
tunl0: ip/ip  remote any  local any  ttl inherit  nopmtudisc
[root@public ~]# ip tunnel help
Usage: ip tunnel { add | change | del | show | prl | 6rd } [ NAME ]
          [ mode { ipip | gre | sit | isatap | vti } ] [ remote ADDR ] [ local ADDR ]
          [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ]
          [ prl-default ADDR ] [ prl-nodefault ADDR ] [ prl-delete ADDR ]
          [ 6rd-prefix ADDR ] [ 6rd-relay_prefix ADDR ] [ 6rd-reset ]
          [ ttl TTL ] [ tos TOS ] [ [no]pmtudisc ] [ dev PHYS_DEV ]

Where: NAME := STRING
       ADDR := { IP_ADDRESS | any }
       TOS  := { STRING | 00..ff | inherit | inherit/STRING | inherit/00..ff }
       TTL  := { 1..255 | inherit }
       KEY  := { DOTTED_QUAD | NUMBER }
[root@public ~]# 

Linux一共原生支持5种三层隧道(tunnel),ipip、gre、sit、isatap、vti。

使用一个测试用例来讲述tun,拓扑图如下:

加载ipip模块模块,创建对应的设备进行验证:

# 在ns1上创建 tun1 和 ipip tunnel
[root@public ~]# ip netns exec ns1 ip tunnel add tun1 mode ipip remote 192.168.2.100 local 192.168.1.100 ttl 255
[root@public ~]# ip netns exec ns1 ip link set tun1 up
[root@public ~]# ip netns exec ns1 ip addr add 192.168.90.70 peer 192.168.70.70 dev tun1 
[root@public ~]# 
# 在ns2 上创建 tun2 和 ipip tunnel
[root@public ~]# ip netns exec ns2 ip tunnel add tun2 mode ipip remote 192.168.1.100 local 192.168.2.100 ttl 255
[root@public ~]# ip netns exec ns2 ip link set tun2 up
[root@public ~]# ip netns exec ns2 ip addr add 192.168.70.70 peer 192.168.90.70 dev tun2
[root@public ~]# 
[root@public ~]# ip netns exec ns1 ping 192.168.70.70
PING 192.168.70.70 (192.168.70.70) 56(84) bytes of data.
64 bytes from 192.168.70.70: icmp_seq=1 ttl=64 time=0.051 ms
64 bytes from 192.168.70.70: icmp_seq=2 ttl=64 time=0.069 ms
64 bytes from 192.168.70.70: icmp_seq=3 ttl=64 time=0.048 ms
64 bytes from 192.168.70.70: icmp_seq=4 ttl=64 time=0.046 ms
^C
--- 192.168.70.70 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.046/0.053/0.069/0.011 ms
[root@public ~]# ip netns exec ns2 ping 192.168.90.70
PING 192.168.90.70 (192.168.90.70) 56(84) bytes of data.
64 bytes from 192.168.90.70: icmp_seq=1 ttl=64 time=0.033 ms
64 bytes from 192.168.90.70: icmp_seq=2 ttl=64 time=0.051 ms
64 bytes from 192.168.90.70: icmp_seq=3 ttl=64 time=0.045 ms
64 bytes from 192.168.90.70: icmp_seq=4 ttl=64 time=0.100 ms
^C
--- 192.168.90.70 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.033/0.057/0.100/0.026 ms
[root@public ~]# 

ip tunnel add命令详解:

ip tunnel add tun1 mode ipip:创建一个tun类型的设备tun1,并隧道模式是ipip

remote 192.168.1.100 local 192.168.2.100:这个隧道的外层ip地址是:远端192.168.1.100,本地192.168.2.100。

如果将命令中的ipip换成gre,其余不变,就创建了一个gre隧道的tun设备。

没有更多推荐了,返回首页