linux namespace
1. 创建网络命名空间
[root@mgt01 netns]# ip netns add netns1
[root@mgt01 netns]# ip netns lis
netns1
2. 在net namespace中执行命令
[root@mgt01 netns]# ip netns exec netns1 ping 127.0.0.1
ping: connect: 网络不可达
3. 打开本地会还网卡
[root@mgt01 netns]# ip netns exec netns1 ip link set dev lo up
[root@mgt01 netns]# ip netns exec netns1 ping 127.0.0.1 -c 4
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.051 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.064 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.058 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.038 ms
--- 127.0.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3083ms
rtt min/avg/max/mdev = 0.038/0.052/0.064/0.009 ms
4. 创建一对虚拟以太网卡,一端放到netns1命名空间中
[root@mgt01 netns]# ip link add veth0 type veth peer name veth1
[root@mgt01 netns]# ip link set veth1 netns netns1
[root@mgt01 netns]# ip netns exec netns1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
90: veth1@if91: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 8a:7b:46:5f:bf:7b brd ff:ff:ff:ff:ff:ff link-netnsid 0
5. 设置ip,打开网卡对,测试连通性
[root@mgt01 netns]# ip netns exec netns1 ifconfig veth1 10.1.1.1/24 up
[root@mgt01 netns]# ifconfig veth0 10.1.1.2/24 up
[root@mgt01 netns]# ip netns exec netns1 ping 10.1.1.2
PING 10.1.1.2 (10.1.1.2) 56(84) bytes of data.
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.204 ms
64 bytes from 10.1.1.2: icmp_seq=2 ttl=64 time=0.071 ms
64 bytes from 10.1.1.2: icmp_seq=3 ttl=64 time=0.075 ms
^C
--- 10.1.1.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2049ms
rtt min/avg/max/mdev = 0.071/0.116/0.204/0.061 ms
[root@mgt01 netns]# ping 10.1.1.1 -c 4
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.205 ms
64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.048 ms
64 bytes from 10.1.1.1: icmp_seq=3 ttl=64 time=0.068 ms
64 bytes from 10.1.1.1: icmp_seq=4 ttl=64 time=0.082 ms
--- 10.1.1.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3089ms
rtt min/avg/max/mdev = 0.048/0.100/0.205/0.061 ms
6. 查看ns的路由和防火墙
[root@mgt01 netns]# ip netns exec netns1 route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 veth1
[root@mgt01 netns]# ip netns exec netns1 iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
7. 创建一个bridge
[root@mgt01 ~]# brctl addbr br0
[root@mgt01 ~]# ip link set br0 up
[root@mgt01 ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.626c6e1ef6a8 no
[root@mgt01 ~]# ip link add name br0 type brige
RTNETLINK answers: File exists
[root@mgt01 ~]# ifconfig br0
br0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 62:6c:6e:1e:f6:a8 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
8. 创建veth pair连到br0
[root@mgt01 ~]# ip link add veth0 type veth peer name veth1
[root@mgt01 ~]# ip addr add 1.2.3.101/24 dev veth0
[root@mgt01 ~]# ip addr add 1.2.3.102/24 dev veth1
[root@mgt01 ~]# ip link set veth0 up
[root@mgt01 ~]# ip link set veth1 up
[root@mgt01 ~]# ip link set dev veth0 master br0
或者
[root@mgt01 ~]# brctl addif br0 veth0
device veth0 is already a member of a bridge; can't enslave it to bridge br0.
9. 查看网桥上有哪些设备
[root@mgt01 ~]# bridge link
96: veth0@veth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 2
[root@mgt01 ~]# brctl show br0
bridge name bridge id STP enabled interfaces
br0 8000.626c6e1ef6a8 no veth0