Docker网络技术networknamespace（13）

最新推荐文章于 2024-02-02 17:20:01 发布

kubailing

最新推荐文章于 2024-02-02 17:20:01 发布

阅读量152

点赞数

分类专栏： Docker成长之路

本文链接：https://blog.csdn.net/kubailing/article/details/87932819

版权

Docker成长之路专栏收录该内容

37 篇文章 1 订阅

订阅专栏

一、如何创建一个linux的networknamespace

[root@localhost ~]# ip netns add test1
[root@localhost ~]# ip netns add test2
[root@localhost ~]# ip netns list
test1
test2
[root@localhost ~]# ip netns exec test1 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[root@localhost ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qle
n 1    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode
 DEFAULT qlen 1000    link/ether 08:00:27:86:e3:e7 brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mod
e DEFAULT qlen 1000    link/ether 52:54:00:7f:90:e1 brd ff:ff:ff:ff:ff:ff
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state D
OWN mode DEFAULT qlen 1000    link/ether 52:54:00:7f:90:e1 brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mo
de DEFAULT     link/ether 02:42:cd:60:93:0c brd ff:ff:ff:ff:ff:ff
[root@localhost ~]# ip netns exec test1 ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[root@localhost ~]# ip netns exec test1 ip link set dev lo up
[root@localhost ~]# ip netns exec test1 ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qle
n 1    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

每创建一个container，都会生成一个完全独立networknamespace，

二、实验概述

创建两个Network Namespace，然后再创建一对Veth pair，使其可以相互通信

三、实验步骤

1、创建两个Network Namespace，分别为test1和test2

[root@localhost ~]# ip netns add test1
[root@localhost ~]# ip netns add test2
[root@localhost ~]# ip netns list
test1
test2

2、建立veth-test1与veth-test2的连接

[root@localhost ~]# ip link add veth-test1 type veth peer name veth-test2
[root@localhost ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qle
n 1    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode
 DEFAULT qlen 1000    link/ether 08:00:27:86:e3:e7 brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mod
e DEFAULT qlen 1000    link/ether 52:54:00:7f:90:e1 brd ff:ff:ff:ff:ff:ff
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state D
OWN mode DEFAULT qlen 1000    link/ether 52:54:00:7f:90:e1 brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mo
de DEFAULT     link/ether 02:42:cd:60:93:0c brd ff:ff:ff:ff:ff:ff
66: veth-test2@veth-test1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DO
WN mode DEFAULT qlen 1000    link/ether 16:e4:45:a4:9c:db brd ff:ff:ff:ff:ff:ff
67: veth-test1@veth-test2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DO
WN mode DEFAULT qlen 1000    link/ether ce:94:b7:a6:d7:8e brd ff:ff:ff:ff:ff:ff

3、将veth-test1、veth-test2分别加入test1和test2

[root@localhost ~]# ip link set veth-test1 netns test1
[root@localhost ~]# ip link set veth-test2 netns test2
[root@localhost ~]# ip netns exec test1 ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qle
n 1    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
67: veth-test1@if66: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAU
LT qlen 1000    link/ether ce:94:b7:a6:d7:8e brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@localhost ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qle
n 1    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode
 DEFAULT qlen 1000    link/ether 08:00:27:86:e3:e7 brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mod
e DEFAULT qlen 1000    link/ether 52:54:00:7f:90:e1 brd ff:ff:ff:ff:ff:ff
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state D
OWN mode DEFAULT qlen 1000    link/ether 52:54:00:7f:90:e1 brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mo
de DEFAULT     link/ether 02:42:cd:60:93:0c brd ff:ff:ff:ff:ff:ff
66: veth-test2@if67: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAU
LT qlen 1000    link/ether 16:e4:45:a4:9c:db brd ff:ff:ff:ff:ff:ff link-netnsid 0

此时veth-test1和veth-test2端口仍为down状态

4、为veth-test1和veth-test2配置IP，并且UP

[root@localhost ~]# ip netns exec test1 ip addr add 192.168.1.1/24 dev veth-test1
[root@localhost ~]# ip netns exec test2 ip addr add 192.168.1.2/24 dev veth-test2
[root@localhost ~]# ip netns exec test1 ip link set dev veth-test1 up
[root@localhost ~]# ip netns exec test2 ip link set dev veth-test2 up
[root@localhost ~]# ip netns exec test1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
67: veth-test1@if66: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state 
UP qlen 1000    link/ether ce:94:b7:a6:d7:8e brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet 192.168.1.1/24 scope global veth-test1
       valid_lft forever preferred_lft forever
    inet6 fe80::cc94:b7ff:fea6:d78e/64 scope link 
       valid_lft forever preferred_lft forever
[root@localhost ~]# ip netns exec test2 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
66: veth-test2@if67: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state 
UP qlen 1000    link/ether 16:e4:45:a4:9c:db brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.2/24 scope global veth-test2
       valid_lft forever preferred_lft forever
    inet6 fe80::14e4:45ff:fea4:9cdb/64 scope link 
       valid_lft forever preferred_lft forever

5、测试test1和test2两个Network Namespace的连通性

[root@localhost ~]# ip netns exec test1 ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.190 ms
64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=0.075 ms
64 bytes from 192.168.1.2: icmp_seq=3 ttl=64 time=0.062 ms

总结，这与两个container相互能通，原理是一样的。

kubailing

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Docker网络技术networknamespace（13）

一、如何创建一个linux的networknamespace[root@localhost ~]# ip netns add test1[root@localhost ~]# ip netns add test2[root@localhost ~]# ip netns listtest1test2[root@localhost ~]# ip netns exec test1 ip ...
复制链接

扫一扫