Neutron 学习笔记 1-tap,tun

最新推荐文章于 2021-05-01 15:11:51 发布

vito0319

最新推荐文章于 2021-05-01 15:11:51 发布

阅读量628

点赞数 1

分类专栏： openstack 文章标签： openstack

本文链接：https://blog.csdn.net/warrior_0319/article/details/86591174

版权

openstack 专栏收录该内容

14 篇文章 0 订阅

订阅专栏

1、tap

两层设备，数据链路层，
安装tunctl工具：
创建按yum源仓库文件：
/etc/yum.repos.d/nux-misc.repo

[nux-misc]
name=Nux Misc
baseurl=http://li.nux.ro/download/nux/misc/el7/x86_64/
enabled=0
gpgcheck=1
gpgkey=http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro

执行安装命令：

[root@localhost ~]# yum --enablerepo=nux-misc install tunctl

创建一个tap设备：

[root@localhost ~]# tunctl -t tap_test
Set 'tap_test' persistent and owned by uid 0

查看tap设备

[root@localhost ~]# ip link list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: tap_test: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether b2:1f:9d:7a:c9:6f brd ff:ff:ff:ff:ff:ff

tap设备绑定ip地址：

[root@localhost ~]# ip addr add local 192.168.100.1/24 dev tap_test
[root@localhost ~]# ifconfig -a
tap_test: flags=4098<BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.100.1  netmask 255.255.255.0  broadcast 0.0.0.0
        ether b2:1f:9d:7a:c9:6f  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

2、Namespace

linux操作namespace的命令是ip netns：

[root@localhost ~]# ip netns help
Usage: ip netns list
       ip netns add NAME
       ip netns set NAME NETNSID
       ip [-all] netns delete [NAME]
       ip netns identify [PID]
       ip netns pids NAME
       ip [-all] netns exec [NAME] cmd ...
       ip netns monitor
       ip netns list-id

创建一个namespace

[root@localhost ~]# ip netns add ns_test
[root@localhost ~]# ip netns list
ns_test

把上面的tap设备迁移到这个namespace

[root@localhost ~]# ip link set tap_test netns ns_test

在namespace ns_test中查看刚才的tap设备：

[root@localhost ~]# ip netns exec ns_test ip link list
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
15: tap_test: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether b2:1f:9d:7a:c9:6f brd ff:ff:ff:ff:ff:ff

绑定ip地址：

[root@localhost ~]# ip netns exec ns_test ifconfig tap_test 192.168.10.10/24 up
[root@localhost ~]# ip netns exec ns_test ifconfig -a
lo: flags=8<LOOPBACK>  mtu 65536
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tap_test: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.10.10  netmask 255.255.255.0  broadcast 192.168.10.255
        ether b2:1f:9d:7a:c9:6f  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

3、veth pair

veth pair设备对，连接两个namespace，但是连接多个namespace的时候，只有一对tap的veth pair无法胜任，这时候就需要bridge/Switch

4、Bridge

Bridge网桥，Switch交换机在linux中是同一个概念。linux实现bridge功能的时候brctl模块：

[root@localhost ~]# brctl help
never heard of command [help]
Usage: brctl [commands]
commands:
	addbr     	<bridge>		add bridge
	delbr     	<bridge>		delete bridge
	addif     	<bridge> <device>	add interface to bridge
	delif     	<bridge> <device>	delete interface from bridge
	hairpin   	<bridge> <port> {on|off}	turn hairpin on/off
	setageing 	<bridge> <time>		set ageing time
	setbridgeprio	<bridge> <prio>		set bridge priority
	setfd     	<bridge> <time>		set bridge forward delay
	sethello  	<bridge> <time>		set hello time
	setmaxage 	<bridge> <time>		set max message age
	setpathcost	<bridge> <port> <cost>	set path cost
	setportprio	<bridge> <port> <prio>	set port priority
	show      	[ <bridge> ]		show a list of bridges
	showmacs  	<bridge>		show a list of mac addrs
	showstp   	<bridge>		show bridge stp info
	stp       	<bridge> {on|off}	turn stp on/off

5、Router

查看linux是否打开了路由转发功能：

[root@localhost ~]# less /proc/sys/net/ipv4/ip_forward

如果是1表示打开了，如果是0，表示没有打开。
组网测试，两个不通网段的不通namespace互通测试：

创建两个veth pair

[root@localhost ~]# ip link add tap1 type veth peer name tap1_peer
[root@localhost ~]# ip link add tap2 type veth peer name tap2_peer
[root@localhost ~]# ip a
16: tap1_peer@tap1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 82:63:4b:7e:60:86 brd ff:ff:ff:ff:ff:ff
17: tap1@tap1_peer: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether ae:3a:aa:32:b1:9a brd ff:ff:ff:ff:ff:ff
18: tap2_peer@tap2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 16:aa:4f:e9:15:bd brd ff:ff:ff:ff:ff:ff
19: tap2@tap2_peer: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether d2:d2:5e:ba:98:b2 brd ff:ff:ff:ff:ff:ff

创建两个namespace

[root@localhost ~]# ip netns add ns1
[root@localhost ~]# ip netns add ns2
[root@localhost ~]# ip netns list
ns2
ns1

将tap迁移到namespace

[root@localhost ~]# ip link set tap1 netns ns1
[root@localhost ~]# ip link set tap2 netns ns2

设置tap的ip地址

[root@localhost ~]# ip netns exec ns1 ip addr add local 192.168.100.2/24 dev tap1
[root@localhost ~]# ip netns exec ns2 ip addr add local 192.168.200.2/24 dev tap2

[root@localhost ~]# ip addr add local 192.168.100.1/24 dev tap1_peer
[root@localhost ~]# ip addr add local 192.168.200.1/24 dev tap2_peer

启动网络设备

[root@localhost ~]# ip link set tap1_peer up
[root@localhost ~]# ip link set tap2_peer up
[root@localhost ~]# ip netns exec ns1 ip link set tap1 up
[root@localhost ~]# ip netns exec ns2 ip link set tap2 up

测试一下网络联通情况：

[root@localhost ~]# ip netns exec ns1 ping 192.168.200.2
connect: Network is unreachable

网络不可达，查看ns1 的路由表：

[root@localhost ~]#   ip netns exec ns1 route -nee
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface    MSS   Window irtt
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 tap1     0     0      0

没有到达200的路由表项，我们手动添加：

[root@localhost ~]#   ip netns exec ns1 route add -net 192.168.200.0 netmask 255.255.255.0 gw 192.168.100.1
[root@localhost ~]#   ip netns exec ns2 route add -net 192.168.100.0 netmask 255.255.255.0 gw 192.168.200.1
[root@localhost ~]#   ip netns exec ns1 route -nee
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface    MSS   Window irtt
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 tap1     0     0      0
192.168.200.0   192.168.100.1   255.255.255.0   UG    0      0        0 tap1     0     0      0

测试联通性：

[root@localhost ~]# ip netns exec ns1 ping 192.168.200.2
PING 192.168.200.2 (192.168.200.2) 56(84) bytes of data.
64 bytes from 192.168.200.2: icmp_seq=1 ttl=63 time=0.109 ms
64 bytes from 192.168.200.2: icmp_seq=2 ttl=63 time=0.079 ms
64 bytes from 192.168.200.2: icmp_seq=3 ttl=63 time=0.078 ms
64 bytes from 192.168.200.2: icmp_seq=4 ttl=63 time=0.080 ms
^C
--- 192.168.200.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.078/0.086/0.109/0.016 ms

6、tun