试验:
1.建立个namespace 名字为test
2.简历个veth peer,一个放入test里面
3.使test里面的网络能ping到外面的veth peer
4.设置ip route使test里面的网络能ping到外面的ip
创建一个namespace
[code="java"]# ip netns add test
# ip netns
test
# ip netns exec test ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00[/code]
[code="java"]# ip netns exec test bash
# ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
# ip netns identify $$
test
# exit
exit[/code]
在namespace里面使用普通linux网络命令
[code="java"]# ip netns exec test ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
# ip netns exec test ip link set dev lo up
# ip netns exec test ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever[/code]
ping
[code="java"]# ip netns exec test ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.093 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.054 ms
^C
--- 127.0.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.054/0.073/0.093/0.021 ms
[/code]
增加一对veth peer ,把veth1扔进namespace
[code="java"]# ip link add type veth
#
#
# ip link set veth1 netns test
# ip netns exec test ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
6: veth1@if5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether ba:3f:cf:12:23:5d brd ff:ff:ff:ff:ff:ff link-netnsid 0
查看配对的veth peer
# ethtool -S veth0
NIC statistics:
peer_ifindex: 6
# ip netns exec test ethtool -S veth1
NIC statistics:
peer_ifindex: 5[/code]
把namespace中的veth启动起来
[code="java"]# ip netns exec test ip link set veth1 up
# ip netns exec test ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
6: veth1@if5: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state LOWERLAYERDOWN qlen 1000
link/ether ba:3f:cf:12:23:5d brd ff:ff:ff:ff:ff:ff link-netnsid 0[/code]
设置namespace里面的veth1的ip,和namespace外面的veth0的ip
[code="java"]# ip netns exec test ip addr add dev veth1 192.168.3.2/29
# ip route
default via 192.168.128.1 dev eth0
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
192.168.128.0/20 dev eth0 proto kernel scope link src 192.168.139.55
# ip addr add dev veth0 192.168.3.1/29
# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 50:50:18:aa:80:17 brd ff:ff:ff:ff:ff:ff
inet 192.168.139.55/20 brd 192.168.143.255 scope global dynamic eth0
valid_lft 2823sec preferred_lft 2823sec
inet6 fe80::5250:18ff:feaa:8017/64 scope link
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:71:94:cc brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
link/ether 52:54:00:71:94:cc brd ff:ff:ff:ff:ff:ff
5: veth0@if6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether be:ab:06:b0:59:fa brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.3.1/29 scope global veth0
valid_lft forever preferred_lft forever[/code]
查看路由表
[code="java"]# ip route
default via 192.168.128.1 dev eth0
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
192.168.128.0/20 dev eth0 proto kernel scope link src 192.168.139.55 [/code]
启动外面的veth0
[code="java"]# ip link set veth0 up
# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 50:50:18:aa:80:17 brd ff:ff:ff:ff:ff:ff
inet 192.168.139.55/20 brd 192.168.143.255 scope global dynamic eth0
valid_lft 2788sec preferred_lft 2788sec
inet6 fe80::5250:18ff:feaa:8017/64 scope link
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:71:94:cc brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
link/ether 52:54:00:71:94:cc brd ff:ff:ff:ff:ff:ff
5: veth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether be:ab:06:b0:59:fa brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.3.1/29 scope global veth0
valid_lft forever preferred_lft forever
inet6 fe80::bcab:6ff:feb0:59fa/64 scope link
valid_lft forever preferred_lft forever[/code]
再次查看路由表
[code="java"]# ip route
default via 192.168.128.1 dev eth0
192.168.3.0/29 dev veth0 proto kernel scope link src 192.168.3.1
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
192.168.128.0/20 dev eth0 proto kernel scope link src 192.168.139.55
# ip netns exec test ip route
192.168.3.0/29 dev veth1 proto kernel scope link src 192.168.3.2
# ping 192.168.3.2
PING 192.168.3.2 (192.168.3.2) 56(84) bytes of data.
64 bytes from 192.168.3.2: icmp_seq=1 ttl=64 time=0.091 ms
64 bytes from 192.168.3.2: icmp_seq=2 ttl=64 time=0.076 ms
^C
--- 192.168.3.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.076/0.083/0.091/0.011 ms[/code]
设置路由之后就通了
[code="java"]#
#
# ping 192.168.3.2
PING 192.168.3.2 (192.168.3.2) 56(84) bytes of data.
64 bytes from 192.168.3.2: icmp_seq=1 ttl=64 time=0.117 ms
64 bytes from 192.168.3.2: icmp_seq=2 ttl=64 time=0.073 ms
64 bytes from 192.168.3.2: icmp_seq=3 ttl=64 time=0.045 ms
64 bytes from 192.168.3.2: icmp_seq=4 ttl=64 time=0.050 ms
64 bytes from 192.168.3.2: icmp_seq=5 ttl=64 time=0.057 ms
^C
--- 192.168.3.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4000ms
rtt min/avg/max/mdev = 0.045/0.068/0.117/0.027 ms
# [/code]
★★换另一个ssh终端
[code="java"]# ip netns exec test tcpdump -i veth1 -l
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on veth1, link-type EN10MB (Ethernet), capture size 65535 bytes
08:01:59.180834 IP 192.168.3.1 > centos7: ICMP echo request, id 4142, seq 1, length 64
08:01:59.180899 IP centos7 > 192.168.3.1: ICMP echo reply, id 4142, seq 1, length 64
08:02:00.181087 IP 192.168.3.1 > centos7: ICMP echo request, id 4142, seq 2, length 64
^C
10 packets captured
10 packets received by filter
0 packets dropped by kernel[/code]
[code="java"]#
#
# ip netns exec test ping 192.168.139.55
connect: Network is unreachable
# ip netns exec test ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
6: veth1@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether ba:3f:cf:12:23:5d brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.3.2/29 scope global veth1
valid_lft forever preferred_lft forever
inet6 fe80::b83f:cfff:fe12:235d/64 scope link
valid_lft forever preferred_lft forever[/code]
[code="java"]# ip netns exec test ip route
192.168.3.0/29 dev veth1 proto kernel scope link src 192.168.3.2
# ip netns exec test ip route add default via 192.168.3.1
#
# ip netns exec test ping 192.168.139.55
PING 192.168.139.55 (192.168.139.55) 56(84) bytes of data.
64 bytes from 192.168.139.55: icmp_seq=1 ttl=64 time=0.074 ms
^C
--- 192.168.139.55 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.074/0.074/0.074/0.000 ms
# [/code]
1.建立个namespace 名字为test
2.简历个veth peer,一个放入test里面
3.使test里面的网络能ping到外面的veth peer
4.设置ip route使test里面的网络能ping到外面的ip
创建一个namespace
[code="java"]# ip netns add test
# ip netns
test
# ip netns exec test ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00[/code]
[code="java"]# ip netns exec test bash
# ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
# ip netns identify $$
test
# exit
exit[/code]
在namespace里面使用普通linux网络命令
[code="java"]# ip netns exec test ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
# ip netns exec test ip link set dev lo up
# ip netns exec test ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever[/code]
ping
[code="java"]# ip netns exec test ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.093 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.054 ms
^C
--- 127.0.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.054/0.073/0.093/0.021 ms
[/code]
增加一对veth peer ,把veth1扔进namespace
[code="java"]# ip link add type veth
#
#
# ip link set veth1 netns test
# ip netns exec test ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
6: veth1@if5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether ba:3f:cf:12:23:5d brd ff:ff:ff:ff:ff:ff link-netnsid 0
查看配对的veth peer
# ethtool -S veth0
NIC statistics:
peer_ifindex: 6
# ip netns exec test ethtool -S veth1
NIC statistics:
peer_ifindex: 5[/code]
把namespace中的veth启动起来
[code="java"]# ip netns exec test ip link set veth1 up
# ip netns exec test ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
6: veth1@if5: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state LOWERLAYERDOWN qlen 1000
link/ether ba:3f:cf:12:23:5d brd ff:ff:ff:ff:ff:ff link-netnsid 0[/code]
设置namespace里面的veth1的ip,和namespace外面的veth0的ip
[code="java"]# ip netns exec test ip addr add dev veth1 192.168.3.2/29
# ip route
default via 192.168.128.1 dev eth0
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
192.168.128.0/20 dev eth0 proto kernel scope link src 192.168.139.55
# ip addr add dev veth0 192.168.3.1/29
# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 50:50:18:aa:80:17 brd ff:ff:ff:ff:ff:ff
inet 192.168.139.55/20 brd 192.168.143.255 scope global dynamic eth0
valid_lft 2823sec preferred_lft 2823sec
inet6 fe80::5250:18ff:feaa:8017/64 scope link
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:71:94:cc brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
link/ether 52:54:00:71:94:cc brd ff:ff:ff:ff:ff:ff
5: veth0@if6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether be:ab:06:b0:59:fa brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.3.1/29 scope global veth0
valid_lft forever preferred_lft forever[/code]
查看路由表
[code="java"]# ip route
default via 192.168.128.1 dev eth0
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
192.168.128.0/20 dev eth0 proto kernel scope link src 192.168.139.55 [/code]
启动外面的veth0
[code="java"]# ip link set veth0 up
# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 50:50:18:aa:80:17 brd ff:ff:ff:ff:ff:ff
inet 192.168.139.55/20 brd 192.168.143.255 scope global dynamic eth0
valid_lft 2788sec preferred_lft 2788sec
inet6 fe80::5250:18ff:feaa:8017/64 scope link
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:71:94:cc brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
link/ether 52:54:00:71:94:cc brd ff:ff:ff:ff:ff:ff
5: veth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether be:ab:06:b0:59:fa brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.3.1/29 scope global veth0
valid_lft forever preferred_lft forever
inet6 fe80::bcab:6ff:feb0:59fa/64 scope link
valid_lft forever preferred_lft forever[/code]
再次查看路由表
[code="java"]# ip route
default via 192.168.128.1 dev eth0
192.168.3.0/29 dev veth0 proto kernel scope link src 192.168.3.1
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
192.168.128.0/20 dev eth0 proto kernel scope link src 192.168.139.55
# ip netns exec test ip route
192.168.3.0/29 dev veth1 proto kernel scope link src 192.168.3.2
# ping 192.168.3.2
PING 192.168.3.2 (192.168.3.2) 56(84) bytes of data.
64 bytes from 192.168.3.2: icmp_seq=1 ttl=64 time=0.091 ms
64 bytes from 192.168.3.2: icmp_seq=2 ttl=64 time=0.076 ms
^C
--- 192.168.3.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.076/0.083/0.091/0.011 ms[/code]
设置路由之后就通了
[code="java"]#
#
# ping 192.168.3.2
PING 192.168.3.2 (192.168.3.2) 56(84) bytes of data.
64 bytes from 192.168.3.2: icmp_seq=1 ttl=64 time=0.117 ms
64 bytes from 192.168.3.2: icmp_seq=2 ttl=64 time=0.073 ms
64 bytes from 192.168.3.2: icmp_seq=3 ttl=64 time=0.045 ms
64 bytes from 192.168.3.2: icmp_seq=4 ttl=64 time=0.050 ms
64 bytes from 192.168.3.2: icmp_seq=5 ttl=64 time=0.057 ms
^C
--- 192.168.3.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4000ms
rtt min/avg/max/mdev = 0.045/0.068/0.117/0.027 ms
# [/code]
★★换另一个ssh终端
[code="java"]# ip netns exec test tcpdump -i veth1 -l
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on veth1, link-type EN10MB (Ethernet), capture size 65535 bytes
08:01:59.180834 IP 192.168.3.1 > centos7: ICMP echo request, id 4142, seq 1, length 64
08:01:59.180899 IP centos7 > 192.168.3.1: ICMP echo reply, id 4142, seq 1, length 64
08:02:00.181087 IP 192.168.3.1 > centos7: ICMP echo request, id 4142, seq 2, length 64
^C
10 packets captured
10 packets received by filter
0 packets dropped by kernel[/code]
[code="java"]#
#
# ip netns exec test ping 192.168.139.55
connect: Network is unreachable
# ip netns exec test ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
6: veth1@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether ba:3f:cf:12:23:5d brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.3.2/29 scope global veth1
valid_lft forever preferred_lft forever
inet6 fe80::b83f:cfff:fe12:235d/64 scope link
valid_lft forever preferred_lft forever[/code]
[code="java"]# ip netns exec test ip route
192.168.3.0/29 dev veth1 proto kernel scope link src 192.168.3.2
# ip netns exec test ip route add default via 192.168.3.1
#
# ip netns exec test ping 192.168.139.55
PING 192.168.139.55 (192.168.139.55) 56(84) bytes of data.
64 bytes from 192.168.139.55: icmp_seq=1 ttl=64 time=0.074 ms
^C
--- 192.168.139.55 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.074/0.074/0.074/0.000 ms
# [/code]