记录一次Linux Network Namespace的实验过程
大概思路:
新建两个networknamespace test1和test2
新建一对 neth peer
将它连接到test1 test2
给他们分配IP
启动起来
ping 验证
[root@docker ~]# ip netns list #查看当前所有的networknamespace,目前没有
[root@docker ~]# ip netns add test1 #添加networknamespace test1 test2
[root@docker ~]# ip netns add test2
[root@docker ~]#
[root@docker ~]# ip netns exec test1 ip a #networknamespace test1 test2状态,可以看到两者都只有一个回环网卡,并且没有IP地址,状态down
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[root@docker ~]# ip netns exec test2 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[root@docker ~]# ip link #查看当前主机网络状态
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 6c:0b:84:93:c5:c6 brd ff:ff:ff:ff:ff:ff
3: enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
link/ether 00:15:17:df:f6:ac brd ff:ff:ff:ff:ff:ff
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 02:42:e5:ce:85:4d brd ff:ff:ff:ff:ff:ff
22: veth2dffa9d@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 1e:76:43:55:c3:10 brd ff:ff:ff:ff:ff:ff link-netnsid 0
66: vethdf8aff3@if65: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 86:af:5b:a3:bf:cf brd ff:ff:ff:ff:ff:ff link-netnsid 1
68: veth50d376b@if67: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 3a:aa:bd:88:90:d6 brd ff:ff:ff:ff:ff:ff link-netnsid 2
[root@docker ~]# ip link add veth-test1 type veth peer name veth-test2 #添加一对虚拟的veth peer
[root@docker ~]# ip link #再次查看,可以看到本机多了两个虚拟的接口
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 6c:0b:84:93:c5:c6 brd ff:ff:ff:ff:ff:ff
3: enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
link/ether 00:15:17:df:f6:ac brd ff:ff:ff:ff:ff:ff
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 02:42:e5:ce:85:4d brd ff:ff:ff:ff:ff:ff
22: veth2dffa9d@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 1e:76:43:55:c3:10 brd ff:ff:ff:ff:ff:ff link-netnsid 0
66: vethdf8aff3@if65: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 86:af:5b:a3:bf:cf brd ff:ff:ff:ff:ff:ff link-netnsid 1
68: veth50d376b@if67: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 3a:aa:bd:88:90:d6 brd ff:ff:ff:ff:ff:ff link-netnsid 2
73: veth-test2@veth-test1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 #这是刚刚新添加的 veth
link/ether c2:84:b3:8e:93:f9 brd ff:ff:ff:ff:ff:ff
74: veth-test1@veth-test2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 #这是刚刚新添加的 veth
link/ether 6e:e1:88:37:13:da brd ff:ff:ff:ff:ff:ff
[root@docker ~]# ip link set veth-test1 netns test1 #把veth-test1分配到networknamespace test1
[root@docker ~]# ip link #再次查看本机link,可以发现veth-test1已经没了,已经分配到了networknamespace test1
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 6c:0b:84:93:c5:c6 brd ff:ff:ff:ff:ff:ff
3: enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
link/ether 00:15:17:df:f6:ac brd ff:ff:ff:ff:ff:ff
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 02:42:e5:ce:85:4d brd ff:ff:ff:ff:ff:ff
22: veth2dffa9d@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 1e:76:43:55:c3:10 brd ff:ff:ff:ff:ff:ff link-netnsid 0
66: vethdf8aff3@if65: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 86:af:5b:a3:bf:cf brd ff:ff:ff:ff:ff:ff link-netnsid 1
68: veth50d376b@if67: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 3a:aa:bd:88:90:d6 brd ff:ff:ff:ff:ff:ff link-netnsid 2
73: veth-test2@if74: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether c2:84:b3:8e:93:f9 brd ff:ff:ff:ff:ff:ff link-netnsid 3
[root@docker ~]# ip link set veth-test2 netns test2 #把veth-test1分配到networknamespace test1
[root@docker ~]# ip link #再次查看本机link,可以发现veth-test1已经没了,已经分配到了networknamespace test1
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 6c:0b:84:93:c5:c6 brd ff:ff:ff:ff:ff:ff
3: enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
link/ether 00:15:17:df:f6:ac brd ff:ff:ff:ff:ff:ff
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 02:42:e5:ce:85:4d brd ff:ff:ff:ff:ff:ff
22: veth2dffa9d@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 1e:76:43:55:c3:10 brd ff:ff:ff:ff:ff:ff link-netnsid 0
66: vethdf8aff3@if65: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 86:af:5b:a3:bf:cf brd ff:ff:ff:ff:ff:ff link-netnsid 1
68: veth50d376b@if67: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
link/ether 3a:aa:bd:88:90:d6 brd ff:ff:ff:ff:ff:ff link-netnsid 2
[root@docker ~]# ip netns exec test1 ip a #查看networknamaspace test1,可以看到多了一个接口
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
74: veth-test1@if73: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 6e:e1:88:37:13:da brd ff:ff:ff:ff:ff:ff link-netnsid 1
[root@docker ~]# ip netns exec test2 ip a #查看networknamaspace test2,可以看到多了一个接口
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
73: veth-test2@if74: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether c2:84:b3:8e:93:f9 brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@docker ~]# ip netns exec test1 ip addr add 192.168.1.1/24 dev veth-test1 #给test1的veth-test1分配IP
[root@docker ~]# ip netns exec test2 ip addr add 192.168.1.2/24 dev veth-test2 #给test2的veth-test2分配IP
[root@docker ~]#
[root@docker ~]# ip netns exec test2 ip a #查看IP,可以看到状态down
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
73: veth-test2@if74: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether c2:84:b3:8e:93:f9 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.1.2/24 scope global veth-test2
valid_lft forever preferred_lft forever
[root@docker ~]# ip netns exec test1 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
74: veth-test1@if73: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 6e:e1:88:37:13:da brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet 192.168.1.1/24 scope global veth-test1
valid_lft forever preferred_lft forever
[root@docker ~]# ip netns exec test1 ip link set dev veth-test1 up #把接口UP起来
[root@docker ~]# ip netns exec test2 ip link set dev veth-test2 up
[root@docker ~]# ip netns exec test1 ip a #可以看到接口已经UP
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
74: veth-test1@if73: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 6e:e1:88:37:13:da brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet 192.168.1.1/24 scope global veth-test1
valid_lft forever preferred_lft forever
inet6 fe80::6ce1:88ff:fe37:13da/64 scope link
valid_lft forever preferred_lft forever
[root@docker ~]# ip netns exec test2 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
73: veth-test2@if74: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether c2:84:b3:8e:93:f9 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.1.2/24 scope global veth-test2
valid_lft forever preferred_lft forever
inet6 fe80::c084:b3ff:fe8e:93f9/64 scope link
valid_lft forever preferred_lft forever
[root@docker ~]# ip netns exec test1 ping 192.168.1.2 #在test1里面ping test2里面的IP,可以通
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.116 ms
64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=0.082 ms
64 bytes from 192.168.1.2: icmp_seq=3 ttl=64 time=0.075 ms
64 bytes from 192.168.1.2: icmp_seq=4 ttl=64 time=0.083 ms
^C
--- 192.168.1.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.075/0.089/0.116/0.015 ms
[root@docker ~]# ip netns exec test2 ping 192.168.1.1 #在test2里面ping test1里面的IP,可以通
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.064 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.081 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.070 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=0.081 ms
^C
--- 192.168.1.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.064/0.074/0.081/0.007 ms
[root@docker ~]#