Linux中的网络命名空间(新增网络命名空间,让这两个命名空间能通信)

最新推荐文章于 2022-01-12 22:29:20 发布
最新推荐文章于 2022-01-12 22:29:20 发布
阅读量2k 收藏 9
点赞数 2
分类专栏: Linux
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/wangmiaoyan/article/details/104075091
版权

网络命名空间是用于隔离,为了不同空间的操作不至于相互影响,这里说的是网络命名空间。

就像docker容器,你在本机运行ip a 跟在容器里面运行ip a 得到的结果是不一样的,且在容器里面进行的操作跟在本机进行的操作是互不影响的。接下来演示在本机中新建两个网络命名空间,并给到ip,让这两个空间可以相互通信。

1、新建两个名称空间

[root@templete ~]# ip netns list    # 查看网络名称空间列表
[root@templete ~]# ip netns add test1       # 新建网络名称空间test1
[root@templete ~]# ip netns add test2       #新建网络名称空间test2
[root@templete ~]# ip netns list               
test2
test1
[root@templete ~]# ip netns exec test1 ip a           # 查看test1的ip 列表
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

可以看到只有lo这个网络。状态为down,没有ip地址跟物理地址。

把test1的网络端口启动,看到状态为unknow,这是因为端口为一对,只启动一端而不知道另一端连的什么的话,是无法启动的。就像你连网线,需要两端都插好才能使用。如下

[root@templete ~]# ip netns exec test1 ip link set dev lo up
[root@templete ~]# ip netns exec test1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever

未新建docker容器前的ip link

[root@templete ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:0c:29:62:91:67 brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:d1:d2:53 brd ff:ff:ff:ff:ff:ff
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:d1:d2:53 brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:29:3f:73:0e brd ff:ff:ff:ff:ff:ff

新建两个docker容器
新建一个docker容器后查看本地的ip link,会发现多出来了一个veth,一端在本地,一端在docker的名称空间内,这样就能与docker容器通信。
由名称可以看到,容器里的10: eth0@if11 跟本机的11: veth37768bf@if10 是一对

[root@templete ~]# docker run -d --name test1 busybox /bin/sh -c "while true;do sleep 3600;done"
612d8c505992380d48a5fdbbdc26cc8c49e3aac32797692c49dd109ada2d5d9e
[root@templete ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
612d8c505992        busybox             "/bin/sh -c 'while t…"   26 seconds ago      Up 24 seconds                           test1
[root@templete ~]# docker exec 612d8c505992 ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
[root@templete ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:0c:29:62:91:67 brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:d1:d2:53 brd ff:ff:ff:ff:ff:ff
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:d1:d2:53 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:29:3f:73:0e brd ff:ff:ff:ff:ff:ff
11: veth37768bf@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default 
    link/ether 22:9b:25:01:b3:aa brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@templete ~]# docker run -d --name test2 busybox /bin/sh -c "while true;do sleep 3600;done"
7d95c8d859d301e566b4c651f0d2a20b3061753c74fd2024e4e079e215e99c3e
[root@templete ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS               NAMES
7d95c8d859d3        busybox             "/bin/sh -c 'while t…"   5 seconds ago        Up 4 seconds                            test2
612d8c505992        busybox             "/bin/sh -c 'while t…"   About a minute ago   Up About a minute                       test1
[root@templete ~]# docker exec 7d95c8d859d3 ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
[root@templete ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:0c:29:62:91:67 brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:d1:d2:53 brd ff:ff:ff:ff:ff:ff
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:d1:d2:53 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:29:3f:73:0e brd ff:ff:ff:ff:ff:ff
11: veth37768bf@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default 
    link/ether 22:9b:25:01:b3:aa brd ff:ff:ff:ff:ff:ff link-netnsid 0
13: vethc9b8dd5@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default 
    link/ether ea:ea:74:58:23:e4 brd ff:ff:ff:ff:ff:ff link-netnsid 1

新建两个docker容器后的ip a
新建两个容器后,本机的ip a 多出来两个端口,

[root@templete ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:62:91:67 brd ff:ff:ff:ff:ff:ff
    inet 192.168.124.134/24 brd 192.168.124.255 scope global noprefixroute dynamic ens33
       valid_lft 1408sec preferred_lft 1408sec
    inet6 fe80::c7f8:86cf:7943:a4f6/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::783a:5327:298f:7fcf/64 scope link tentative noprefixroute dadfailed 
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:d1:d2:53 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:d1:d2:53 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:29:3f:73:0e brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:29ff:fe3f:730e/64 scope link 
       valid_lft forever preferred_lft forever
11: veth37768bf@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 22:9b:25:01:b3:aa brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::209b:25ff:fe01:b3aa/64 scope link 
       valid_lft forever preferred_lft forever
13: vethc9b8dd5@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether ea:ea:74:58:23:e4 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet6 fe80::e8ea:74ff:fe58:23e4/64 scope link 
       valid_lft forever preferred_lft forever

docker 容器里的ip a
可以看到容器1的IP为172.17.0.3,另一个ip为172.17.0.2

[root@templete ~]# docker exec 7d95c8d859d3 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
[root@templete ~]# docker exec 612d8c505992 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever

进到其中一个容器里面,ping另一个容器的ip,发现是可以ping 通的

[root@templete ~]# docker exec -it 612d8c505992 /bin/sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
/ # ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: seq=0 ttl=64 time=0.372 ms
64 bytes from 172.17.0.3: seq=1 ttl=64 time=0.142 ms
64 bytes from 172.17.0.3: seq=2 ttl=64 time=0.368 ms
^C
--- 172.17.0.3 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.142/0.294/0.372 ms
/ # exit       # 退出容器

从上面的结果看来,不同的docker容器里面的网络名称空间是不同的,docker容器的网络名称空间是相互独立的,互不影响,Linux中也与其差不多的逻辑,有网络名称空间。

接下来演示在linux下创建网络名称空间,并让两者进行网络通信

思路:创建两个网络名称空间后,如何让他们通信呢,我们需要一条线,先在两个名称空间上开个口,然后用一条线连起来,这样就可以了。

1、创建两个网络名称空间test1和test2
2、创建一对接口veth
3、将一个veth移到test1,另一个移到test2
3、分配ip地址
4、测试通信

在这里插入图片描述
在这里插入图片描述
新增两个名称空间

[root@templete ~]# ip netns list
[root@templete ~]# ip netns add test1
[root@templete ~]# ip netns list
test1
[root@templete ~]# ip netns add test2
[root@templete ~]# ip netns list
test2
test1
[root@templete ~]# ip netns exec test1 ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[root@templete ~]# ip netns exec test2 ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

新增一对veth
ip link add veth-test1 type veth peer name veth-test2


[root@templete ~]# ip link add veth-test1 type veth peer name veth-test2    # 新增一对veth
[root@templete ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:0c:29:62:91:67 brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:d1:d2:53 brd ff:ff:ff:ff:ff:ff
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:d1:d2:53 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:29:3f:73:0e brd ff:ff:ff:ff:ff:ff
11: veth37768bf@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default 
    link/ether 22:9b:25:01:b3:aa brd ff:ff:ff:ff:ff:ff link-netnsid 0
13: vethc9b8dd5@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default 
    link/ether ea:ea:74:58:23:e4 brd ff:ff:ff:ff:ff:ff link-netnsid 1
14: veth-test2@veth-test1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 7a:06:8e:98:b1:3e brd ff:ff:ff:ff:ff:ff
15: veth-test1@veth-test2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 12:ea:5a:fc:13:13 brd ff:ff:ff:ff:ff:ff

如上,新增两个网络名称空间,再新增一对veth,新增后看到本地多出来两个link,有物理地址,但是没有ip

将新建的一对veth分别移到网络名称空间test1和test2
ip link set veth-test1 netns test1
ip link set veth-test2 netns test2

root@templete ~]# ip link     #查看本地ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:0c:29:62:91:67 brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:d1:d2:53 brd ff:ff:ff:ff:ff:ff
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:d1:d2:53 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:29:3f:73:0e brd ff:ff:ff:ff:ff:ff
11: veth37768bf@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default 
    link/ether 22:9b:25:01:b3:aa brd ff:ff:ff:ff:ff:ff link-netnsid 0
13: vethc9b8dd5@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default 
    link/ether ea:ea:74:58:23:e4 brd ff:ff:ff:ff:ff:ff link-netnsid 1
14: veth-test2@veth-test1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 7a:06:8e:98:b1:3e brd ff:ff:ff:ff:ff:ff
15: veth-test1@veth-test2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 12:ea:5a:fc:13:13 brd ff:ff:ff:ff:ff:ff
[root@templete ~]# ip netns exec test1 ip link      # 查看test1的ip link 
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[root@templete ~]# ip netns exec test2 ip link        # 查看test2的ip link 
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[root@templete ~]# ip link set veth-test1 netns test1    #将veth-test1移到test1名称空间 
[root@templete ~]# ip netns exec test1 ip link           #查看test1名称空间内的ip link,看到多出的veth-test1
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
15: veth-test1@if14: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 12:ea:5a:fc:13:13 brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@templete ~]# ip link        #查看本机的ip link,看到少了15: veth-test1
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:0c:29:62:91:67 brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:d1:d2:53 brd ff:ff:ff:ff:ff:ff
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:d1:d2:53 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:29:3f:73:0e brd ff:ff:ff:ff:ff:ff
11: veth37768bf@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default 
    link/ether 22:9b:25:01:b3:aa brd ff:ff:ff:ff:ff:ff link-netnsid 0
13: vethc9b8dd5@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default 
    link/ether ea:ea:74:58:23:e4 brd ff:ff:ff:ff:ff:ff link-netnsid 1
14: veth-test2@if15: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 7a:06:8e:98:b1:3e brd ff:ff:ff:ff:ff:ff link-netnsid 2
[root@templete ~]# ip link set veth-test2 netns test2
[root@templete ~]# ip netns exec test2 ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
14: veth-test2@if15: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 7a:06:8e:98:b1:3e brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@templete ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:0c:29:62:91:67 brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:d1:d2:53 brd ff:ff:ff:ff:ff:ff
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:d1:d2:53 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:29:3f:73:0e brd ff:ff:ff:ff:ff:ff
11: veth37768bf@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default 
    link/ether 22:9b:25:01:b3:aa brd ff:ff:ff:ff:ff:ff link-netnsid 0
13: vethc9b8dd5@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default 
    link/ether ea:ea:74:58:23:e4 brd ff:ff:ff:ff:ff:ff link-netnsid 1

从上可以看到,将本机的veth-test1移到test1名称空间后,test1多了一个veth,而本机则少了一个,另一个同理。

给网络端口分配ip地址
ip netns exec test1 ip addr add 192.168.1.1/24 dev veth-test1
ip netns exec test2 ip addr add 192.168.1.2/24 dev veth-test2

[root@templete ~]# ip netns exec test1 ip addr add 192.168.1.1/24 dev veth-test1  #给veth-test1分配ip地址
[root@templete ~]# ip netns exec test1 ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
15: veth-test1@if14: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 12:ea:5a:fc:13:13 brd ff:ff:ff:ff:ff:ff link-netnsid 1
[root@templete ~]# ip netns exec test1 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
15: veth-test1@if14: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 12:ea:5a:fc:13:13 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet 192.168.1.1/24 scope global veth-test1
       valid_lft forever preferred_lft forever
[root@templete ~]# ip netns exec test2 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
14: veth-test2@if15: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 7a:06:8e:98:b1:3e brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@templete ~]# ip netns exec test2 ip addr add 192.168.1.2/24 dev veth-test2
[root@templete ~]# ip netns exec test2 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
14: veth-test2@if15: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 7a:06:8e:98:b1:3e brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.2/24 scope global veth-test2
       valid_lft forever preferred_lft forever

如上所示,veth都已经有了ip,但是状态还是down,接下来将端口up起来。

将veth up起来

[root@templete ~]# ip netns exec test1 ip link set dev veth-test1 up
[root@templete ~]# ip netns exec test2 ip link set dev veth-test2 up
[root@templete ~]# ip netns exec test2 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
14: veth-test2@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 7a:06:8e:98:b1:3e brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.2/24 scope global veth-test2
       valid_lft forever preferred_lft forever
    inet6 fe80::7806:8eff:fe98:b13e/64 scope link 
       valid_lft forever preferred_lft forever
[root@templete ~]# ip netns exec test1 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
15: veth-test1@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 12:ea:5a:fc:13:13 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet 192.168.1.1/24 scope global veth-test1
       valid_lft forever preferred_lft forever
    inet6 fe80::10ea:5aff:fefc:1313/64 scope link 
       valid_lft forever preferred_lft forever

测试通信

[root@templete ~]# ip netns exec test1 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
15: veth-test1@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 12:ea:5a:fc:13:13 brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet 192.168.1.1/24 scope global veth-test1
       valid_lft forever preferred_lft forever
    inet6 fe80::10ea:5aff:fefc:1313/64 scope link 
       valid_lft forever preferred_lft forever
[root@templete ~]# ip netns exec test1 ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.393 ms
64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=0.118 ms
64 bytes from 192.168.1.2: icmp_seq=3 ttl=64 time=0.044 ms
^C
--- 192.168.1.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.044/0.185/0.393/0.150 ms
[root@templete ~]# ip netns exec test2 ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.173 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.112 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.070 ms
^C
--- 192.168.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.070/0.118/0.173/0.043 ms

如上,可以看到,两个名称空间的通信已经ok了~

wangmiaoyan
关注
  • 2
    点赞
  • 9
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
零入门kubernetes网络实战-13->同一宿主机上的两个网络命名空间通信方案
码二哥的技术池
02-13 358
本篇文章主要是想模拟一下,在同一个宿主机上,多个网络命名空间之间如何通信? 有哪些可以采取的方案。
Linux网络隔离功能 netns
最新发布
michael_linux的博客,一个小小小学生。滴水穿石,步步为营,只为那刹那芳华。
05-13 408
Network Namespace (以下简称netns)是Linux内核提供的一项实现网络隔离的功能,它能隔离多个不同的网络空间,并且各自拥有独立的网络协议栈,这其便包括了网络接口(网卡),路由表,iptables规则等。例如大名鼎鼎的docker便是基于netns实现的网络隔离,今天我们就来手动实验一下netns的隔离特性。
Linux Network Namespace(网络名称空间)介绍、应用 及 详细的互通案例
weixin_44983653的博客
11-19 2210
Linux Network Namespace(网络名称空间)介绍、应用 及 详细的互通案例1、Network Namespace 介绍1.1 基本概念1.2 命令帮助 Network Namespace1.3 创建 Network Namespace 及后续相关命令操作1.3.1 ip netns exec 说明1.3.2 新创建名称空间启动 lo 接口2、Network Namespace 之...
5.4 Docker网络名称空间的创建
Yusyang_的博客
04-07 323
文章目录1. Linux内核实现名称空间的创建1.1 ip netns命令1.2 创建Network Namespace1.3 操作Network Namespace1.4 转移设备1.4.1 veth pair1.4.2 创建veth pair1.4.3 删除veth pair1.5 实现Network Namespace间通信1.5.1 将虚拟网卡veth加入名称空间(从主机上移走至命名空间)...
Docker基础-18-网络-两个网络命名空间网络通信配置过程
Anthony_tester的博客
02-19 1703
本篇继续学习linux网络命名空间,主要介绍如何创建和删除一个linux network namespace,然后通过最底层的linux network namespace来解释前面一篇两个容器可以互相ping同的原理。   查看本机的network namespace 上面查询,我本机没有network namespace。 如何创建一个network namespace 如...
从源码上分析网络命名空间如何建立
Megahertz66的博客
07-29 601
network-namespace 环境 linux kernel-4.9.37 介绍 Network namespaces 网络命名空间可以理解为是完全独立丝毫没有相互影响的另一套协议栈。 疑问 Q1:网络命名空间之间为什么不能通讯? A1:因为没有网卡设备。真实的网卡设备一般在 根命名空间使用。需要是由 veth(virtual Ethernet) 充当网络命名空间的网卡设备。 Q2:网络命名空间之间的网络通讯流程是什么样的? A1:具体就流程就是 veth 的工作流程,会将数据包直接塞到接收侧的 rx
101-虚拟 ​router 原理分析1
08-08
在本节,我们将深入探讨虚拟路由器的工作原理,特别是如何在Linux环境实现路由功能,以及为何需要使用命名空间(namespace)来实现这一目的。我们关注的案例是虚拟路由器"router_100_101",它连接了两个不同的...
142-Neutron Router 工作原理1
08-08
路由器的这种工作方式基于Linux网络命名空间和iptables规则。每个namespace代表一个独立的网络环境,拥有自己的网络栈,包括IP地址、路由表等。iptables则负责在不同namespace之间设置NAT(网络地址转换)规则,确保...
Linux操作系统基础教程
04-08
在这一讲,我们主要是了解一下 Linux 的概况,以及对 Linux 有一个初步的感性认识。 一.什么是LinuxLinux 是一个以 Intel 系列 CPU(CYRIX,AMD 的 CPU也可以)为硬件平台,完全免费的 UNIX 兼容系统,完全...
nacos-server-1.1.3-windows&linux;.zip
09-05
.zip"压缩包包含了Nacos的1.1.3版本,适用于Windows和Linux两种操作系统,使得开发者在不同环境下都能方便地部署和使用。 Nacos的核心功能主要包括: 1. **服务发现和服务注册**:Nacos提供了一个平台,让服务能够...
Linux 不同network namespace 之间通信方式
ksj367043706的博客
05-03 2542
在云平台网络实现网元与外界通信,而对于虚拟机或容器来说,其没有物理网卡,需要通过虚拟网卡与外界通过。在Linux环境,network namespace实现了网络资源的隔离,它可以为网元提供网络设备(网卡)、ip配置等。下面我们来看看Linux环境下network namespace如何工作的。 network namespaces network namespaces主要提供了关于网络...
Linux网络命名空间
进步每一天
01-24 499
引言 Namespaces(命名空间)和cgroups是两种主要的内核技术,他们是容器化技术的基石。简而言之,cgroup是一种计量和限制机制,它能控制你可以使用多少系统资源(CPU、内存)。另一方面,Namespaces限制了你所看到的内容。得益于Namespaces,进程有其独立的系统资源视图。 Linux内核提供了6种类型的Namespaces:pid、net、mnt、uts、ipc、user。例如,pid命名空间的进程只能看到同一个命名空间的进程。使用mnt命名空间,可以将进程附加到其自己的文件系统
基于Linux网络命名空间和mininet构建轻量级虚拟网络实验
CHERRY_cong的博客
06-23 1036
一、实验目的 1. 通过Linux网络命名空间构建网络试验环境 2. 基于网络命名空间和OVS的网络实验环境mininet构建虚拟网络 二、实验背景 1. 网络命名空间 Linux命名空间机制提供了一种资源隔离的解决方案。PID,IPC,Network等系统资源不再是全局性的,而是属于特定的Namespace。Linux Namespace机制为实现基于容器的虚拟化技术提供了很好的基础,LXC(Linux containers)就是利用这一特性实现了资源的隔离。不同Container内的进程..
查看网卡信息:ifconfig命令及详细介绍
热门推荐
liangkk的博客
03-18 6万+
在 实体机上 ifconfig 命令用于 显示或配置网络设备(网络接口卡) 或修改。 1、显示内容分析  1、lo 回环接口 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 一般回环接口的ip v4地址为:127.0.0.1,子网掩码:255.255.255.0 虚拟网络接口:并非真实存在,并不真实地从外界接收和发送数据包,而是在系统内部接收和发送数据包,因此虚拟网络接口不需要驱动程序。 表示主机的回坏地址,这..
linux 网卡无驱动处理方法
sunkezhen的专栏
03-09 3547
有时候在安装linux系统后,或者系统升级后,发现开机网卡没有加载,大家可以尝试用一下方法解决: 1、ip addr 查看网卡 一般可以查看网卡名称,如下,我的就可以查到两块网卡:“enp4s0”、“enp5s0”; zhanlian@chenghua:/dat/app$ ip addr 1: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default 2: enp5s
linux网卡修改名字命令
狐狸叫
12-11 1万+
[root@admin network-scripts]# ip add 1: lo: mtu 16436 qdisc noqueue state UNKNOWN      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo     inet6 ::1/128 s
Docker 网络篇(五)
RenLJ1895的博客
01-12 794
Docker网络
SUSE15 vmware网络配置 本地ISO镜像 软件安装 SSH连接
evolay的专栏
08-12 3564
suse这个系统,对于刚接触的用户,是非常不友好的。 新安装的suse15sp1,没有vi,ifconfig等命令。 第一步:VMWARE设置或添加CD/DVD ,选择本地的iso文件(PACKAGE安装包镜像) 第二步:blkid -o list 可以看到有光驱资源 设置为本地的zypper源: mkdir/mnt/cdrom_sr0 mount /dev/sr0 /mnt/cdrom_sr0 配置本地repo zypper ar file:///mnt/cdrom_sr0 l..
linux命名空间的原理试试很么
04-03
命名空间是一种将系统资源隔离的技术,它可以让不同的进程拥有自己独立的资源空间,避免资源冲突和互相干扰。在Linux命名空间被广泛应用于容器技术Linux内核通过在进程间隔离资源的方式实现命名空间,比如在网络命名空间,进程可以拥有独立的网络接口、IP地址、路由表等网络资源,而在文件系统命名空间,进程可以拥有独立的文件系统挂载点、根目录等文件系统资源。 在Linux命名空间是通过clone()系统调用实现的。当一个进程调用clone()系统调用创建子进程时,可以通过指定不同的命名空间标志来实现隔离,比如CLONE_NEWNET标志可以创建一个新的网络命名空间命名空间的实现依赖于Linux内核的一些特性,比如Linux的文件系统VFS(Virtual File System)对文件系统命名空间的支持,以及Linux网络协议栈对网络命名空间的支持。同时,命名空间的实现需要保证隔离性和互通性,使得进程在不同的命名空间可以正常通信和交互。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值