linux支持的网络设备,Linux 虚拟网络设备---router、tun

最新推荐文章于 2024-07-16 10:29:16 发布

蔡道济

最新推荐文章于 2024-07-16 10:29:16 发布

阅读量640

点赞数

文章标签： linux支持的网络设备

标签：

Linux 虚拟网络设备—router、tun

router

router在虚拟网络中就是路由器，实现三层通信作用。

Linux 本身开启转发功能后就是一个路由器。

# 开启转发策略

[root@public ~]# cat /proc/sys/net/ipv4/ip_forward

0

[root@public ~]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf

[root@public ~]# sysctl -p

net.ipv4.ip_forward = 1

[root@public ~]# cat /proc/sys/net/ipv4/ip_forward

1

[root@public ~]#

使用测试用例，模拟验证router功能，拓扑图如下：

根据拓扑图创建对应设备：

# 开启转发后，根据拓扑进行配置

[root@public ~]#

[root@public ~]# ip link add tap1 type veth peer name tap1_peer

[root@public ~]# ip link add tap2 type veth peer name tap2_peer

[root@public ~]#

[root@public ~]# ip netns add ns1

[root@public ~]# ip netns add ns2

[root@public ~]#

[root@public ~]# ip link set tap1 netns ns1

[root@public ~]# ip link set tap2 netns ns2

[root@public ~]#

[root@public ~]# ip addr add 192.168.1.1/24 dev tap1_peer

[root@public ~]# ip addr add 192.168.2.1/24 dev tap2_peer

[root@public ~]# ip netns exec ns1 ip addr add 192.168.1.100/24 dev tap1

[root@public ~]# ip netns exec ns2 ip addr add 192.168.2.100/24 dev tap2

[root@public ~]#

[root@public ~]# ip link set tap1_peer up

[root@public ~]# ip link set tap2_peer up

[root@public ~]# ip netns exec ns1 ip link set tap1 up

[root@public ~]# ip netns exec ns2 ip link set tap2 up

[root@public ~]#

[root@public ~]# ip netns exec ns1 ping 192.168.2.100

connect: Network is unreachable

[root@public ~]#

配置好ip后，发现直接通信，无法成功，检查路由信息后，发现没有去另一网段的路由，配置路由再进行测试。

[root@public ~]# ip netns exec ns1 route -nee

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface MSS Window irtt

192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tap1 0 0 0

[root@public ~]#

[root@public ~]# ip netns exec ns1 route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.1

[root@public ~]# ip netns exec ns2 route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.2.1

[root@public ~]#

[root@public ~]# ip netns exec ns1 route -nee

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface MSS Window irtt

192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tap1 0 0 0

192.168.2.0 192.168.1.1 255.255.255.0 UG 0 0 0 tap1 0 0 0

[root@public ~]#

[root@public ~]# ip a s

1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000

link/ether fa:16:3e:08:0b:39 brd ff:ff:ff:ff:ff:ff

inet 192.168.10.93/24 brd 192.168.10.255 scope global noprefixroute dynamic eth0

valid_lft 70616sec preferred_lft 70616sec

inet6 fe80::f816:3eff:fe08:b39/64 scope link

valid_lft forever preferred_lft forever

3: tap1_peer@if4: mtu 1500 qdisc noqueue state UP qlen 1000

link/ether ca:6c:92:02:af:32 brd ff:ff:ff:ff:ff:ff link-netnsid 0

inet 192.168.1.1/24 scope global tap1_peer

valid_lft forever preferred_lft forever

inet6 fe80::c86c:92ff:fe02:af32/64 scope link

valid_lft forever preferred_lft forever

5: tap2_peer@if6: mtu 1500 qdisc noqueue state UP qlen 1000

link/ether 42:c6:2a:f3:7e:37 brd ff:ff:ff:ff:ff:ff link-netnsid 1

inet 192.168.2.1/24 scope global tap2_peer

valid_lft forever preferred_lft forever

inet6 fe80::40c6:2aff:fef3:7e37/64 scope link

valid_lft forever preferred_lft forever

[root@public ~]#

[root@public ~]#

[root@public ~]#

[root@public ~]# ip netns exec ns1 ping 192.168.2.100

PING 192.168.2.100 (192.168.2.100) 56(84) bytes of data.

64 bytes from 192.168.2.100: icmp_seq=1 ttl=63 time=0.020 ms

64 bytes from 192.168.2.100: icmp_seq=2 ttl=63 time=0.025 ms

64 bytes from 192.168.2.100: icmp_seq=3 ttl=63 time=0.030 ms

^C

--- 192.168.2.100 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 1999ms

rtt min/avg/max/mdev = 0.020/0.025/0.030/0.004 ms

[root@public ~]#

[root@public ~]# ip netns exec ns2 ping 192.168.1.100

PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.

64 bytes from 192.168.1.100: icmp_seq=1 ttl=63 time=0.020 ms

64 bytes from 192.168.1.100: icmp_seq=2 ttl=63 time=0.036 ms

64 bytes from 192.168.1.100: icmp_seq=3 ttl=63 time=0.034 ms

^C

--- 192.168.1.100 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 1999ms

rtt min/avg/max/mdev = 0.020/0.030/0.036/0.007 ms

[root@public ~]#

tun

tun是一个网络层的点对点的设备，它启用了ip层隧道功能。Linux原生支持的三层隧道，可以通过命令行ip tunnel help查看：

[root@public ~]# lsmod | grep ip

ip_tables 27115 0

[root@public ~]# modprobe ipip

[root@public ~]# lsmod | grep ipip

ipip 13465 0

tunnel4 13252 1 ipip

ip_tunnel 25163 1 ipip

[root@public ~]#

[root@public ~]# ip tunnel

tunl0: ip/ip remote any local any ttl inherit nopmtudisc

[root@public ~]# ip tunnel help

Usage: ip tunnel { add | change | del | show | prl | 6rd } [ NAME ]

[ mode { ipip | gre | sit | isatap | vti } ] [ remote ADDR ] [ local ADDR ]

[ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ]

[ prl-default ADDR ] [ prl-nodefault ADDR ] [ prl-delete ADDR ]

[ 6rd-prefix ADDR ] [ 6rd-relay_prefix ADDR ] [ 6rd-reset ]

[ ttl TTL ] [ tos TOS ] [ [no]pmtudisc ] [ dev PHYS_DEV ]

Where: NAME := STRING

ADDR := { IP_ADDRESS | any }

TOS := { STRING | 00..ff | inherit | inherit/STRING | inherit/00..ff }

TTL := { 1..255 | inherit }

KEY := { DOTTED_QUAD | NUMBER }

[root@public ~]#

Linux一共原生支持5种三层隧道(tunnel)，ipip、gre、sit、isatap、vti。

使用一个测试用例来讲述tun，拓扑图如下：

加载ipip模块模块，创建对应的设备进行验证：

# 在ns1上创建 tun1 和 ipip tunnel

[root@public ~]# ip netns exec ns1 ip tunnel add tun1 mode ipip remote 192.168.2.100 local 192.168.1.100 ttl 255

[root@public ~]# ip netns exec ns1 ip link set tun1 up

[root@public ~]# ip netns exec ns1 ip addr add 192.168.90.70 peer 192.168.70.70 dev tun1

[root@public ~]#

# 在ns2 上创建 tun2 和 ipip tunnel

[root@public ~]# ip netns exec ns2 ip tunnel add tun2 mode ipip remote 192.168.1.100 local 192.168.2.100 ttl 255

[root@public ~]# ip netns exec ns2 ip link set tun2 up

[root@public ~]# ip netns exec ns2 ip addr add 192.168.70.70 peer 192.168.90.70 dev tun2

[root@public ~]#

[root@public ~]# ip netns exec ns1 ping 192.168.70.70

PING 192.168.70.70 (192.168.70.70) 56(84) bytes of data.

64 bytes from 192.168.70.70: icmp_seq=1 ttl=64 time=0.051 ms

64 bytes from 192.168.70.70: icmp_seq=2 ttl=64 time=0.069 ms

64 bytes from 192.168.70.70: icmp_seq=3 ttl=64 time=0.048 ms

64 bytes from 192.168.70.70: icmp_seq=4 ttl=64 time=0.046 ms

^C

--- 192.168.70.70 ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 2999ms

rtt min/avg/max/mdev = 0.046/0.053/0.069/0.011 ms

[root@public ~]# ip netns exec ns2 ping 192.168.90.70

PING 192.168.90.70 (192.168.90.70) 56(84) bytes of data.

64 bytes from 192.168.90.70: icmp_seq=1 ttl=64 time=0.033 ms

64 bytes from 192.168.90.70: icmp_seq=2 ttl=64 time=0.051 ms

64 bytes from 192.168.90.70: icmp_seq=3 ttl=64 time=0.045 ms

64 bytes from 192.168.90.70: icmp_seq=4 ttl=64 time=0.100 ms

^C

--- 192.168.90.70 ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 2999ms

rtt min/avg/max/mdev = 0.033/0.057/0.100/0.026 ms

[root@public ~]#

ip tunnel add命令详解：

ip tunnel add tun1 mode ipip：创建一个tun类型的设备tun1，并隧道模式是ipip

remote 192.168.1.100 local 192.168.2.100：这个隧道的外层ip地址是：远端192.168.1.100，本地192.168.2.100。

如果将命令中的ipip换成gre，其余不变，就创建了一个gre隧道的tun设备。

标签：

来源： https://blog.csdn.net/LL845876425/article/details/82729161

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
linux支持的网络设备,Linux 虚拟网络设备---router、tun

标签：Linux 虚拟网络设备—router、tunrouterrouter在虚拟网络中就是路由器，实现三层通信作用。Linux 本身开启转发功能后就是一个路由器。# 开启转发策略[root@public ~]# cat /proc/sys/net/ipv4/ip_forward0[root@public ~]# echo "net.ipv4.ip_forward=1" >> /etc...
复制链接

扫一扫

评论

被折叠的条评论为什么被折叠?

到【灌水乐园】发言

查看更多评论

添加红包

成就一亿技术人!

hope_wisdom

发出的红包

实付元

使用余额支付

点击重新获取

扫码支付

钱包余额 0

抵扣说明：

1.余额是钱包充值的虚拟货币，按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载，可以购买VIP、付费专栏及课程。