veth pair实战

whz-emm

已于 2022-04-29 17:37:50 修改

阅读量1.2k

点赞数

分类专栏： k8s网络文章标签： linux 运维网络

于 2022-04-29 17:01:32 首次发布

本文链接：https://blog.csdn.net/weixin_42758299/article/details/124499618

版权

k8s网络专栏收录该内容

8 篇文章 0 订阅

订阅专栏

veth pair作用

veth pair用于同一主机不同命名空间通信，其原理为向veth pair设备的一端输入数据，数据通过内核协议栈后从veth pair的另一端出来

veth pair使用

netns帮助

# ip netns help
Usage:    ip netns list
    ip netns add NAME
    ip netns attach NAME PID
    ip netns set NAME NETNSID
    ip [-all] netns delete [NAME]
    ip netns identify [PID]
    ip netns pids NAME
    ip [-all] netns exec [NAME] cmd ...
    ip netns monitor
    ip netns list-id [target-nsid POSITIVE-INT] [nsid POSITIVE-INT]
NETNSID := auto | POSITIVE-INT

创建network namespace

ip netns add ns1

删除network namespace

ip netns del ns1

创建veth pair

ip link add veth0 type veth peer name veth1

查看veth pair

# ip a
...
8: veth1@veth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether ea:1c:85:27:14:ca brd ff:ff:ff:ff:ff:ff
9: veth0@veth1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 72:74:8e:30:ac:7d brd ff:ff:ff:ff:ff:ff

将veth1移动到ns1中

ip link set veth1 netns ns1

注：如果要将ns1中的veth1移动到根命名空间（宿主机），可使用以下命令，1即表示宿主机命名空间

ip netns exec ns1 ip link set veth1 netns 1

给veth0和veth1配上IP

ip addr add 192.168.1.100/24 dev veth0
ip netns exec ns1 ip addr add 192.168.1.101/24 dev veth1

启动网卡

ip link set veth0 up
ip netns exec ns1 ip link set veth1 up

查看ns1中的网卡信息

# ip netns exec ns1 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
8: veth1@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ea:1c:85:27:14:ca brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.101/24 scope global veth1
       valid_lft forever preferred_lft forever
    inet6 fe80::e81c:85ff:fe27:14ca/64 scope link 
       valid_lft forever preferred_lft forever

测试连通性

# ping 192.168.1.101
PING 192.168.1.101 (192.168.1.101) 56(84) bytes of data.
64 bytes from 192.168.1.101: icmp_seq=1 ttl=64 time=0.102 ms
^C
--- 192.168.1.101 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.102/0.102/0.102/0.000 ms

# ip netns exec ns1 ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
64 bytes from 192.168.1.100: icmp_seq=1 ttl=64 time=0.076 ms
64 bytes from 192.168.1.100: icmp_seq=2 ttl=64 time=0.055 ms
^C
--- 192.168.1.100 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1075ms
rtt min/avg/max/mdev = 0.055/0.065/0.076/0.010 ms

模拟k8s calico网络

k8s使用calico会有如下现象

# ifconfig cali52cd9f5b6c4
cali52cd9f5b6c4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::ecee:eeff:feee:eeee  prefixlen 64  scopeid 0x20<link>
        ether ee:ee:ee:ee:ee:ee  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

该veth并没有配IP，而是添加了如下一条路由规则，宿主机命名空间就能和容器内的命名空间通信了

# ip route
10.233.97.1 dev cali52cd9f5b6c4 scope link

删除veth0的IP

ip addr del 192.168.1.100/24 dev veth0

添加如calico的路由规则

ip route add 192.168.1.101/32 dev veth0

查看路由规则

# ip route
...
192.168.1.101 dev veth0 scope link

尝试ping ns1中的IP

# ping 192.168.1.101
PING 192.168.1.101 (192.168.1.101) 56(84) bytes of data.
^C
--- 192.168.1.101 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2089ms

不能ping通，尝试使用tcpdump抓包

# ping 192.168.1.101
PING 192.168.1.101 (192.168.1.101) 56(84) bytes of data.
From 172.20.42.70 icmp_seq=1 Destination Host Unreachable
From 172.20.42.70 icmp_seq=2 Destination Host Unreachable
From 172.20.42.70 icmp_seq=3 Destination Host Unreachable
From 172.20.42.70 icmp_seq=4 Destination Host Unreachable
From 172.20.42.70 icmp_seq=5 Destination Host Unreachable
From 172.20.42.70 icmp_seq=6 Destination Host Unreachable

# ip netns exec ns1 tcpdump -i veth1
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on veth1, link-type EN10MB (Ethernet), capture size 262144 bytes
17:20:14.809648 ARP, Request who-has master1 tell deploy, length 28
17:20:15.832062 ARP, Request who-has master1 tell deploy, length 28
17:20:16.872071 ARP, Request who-has master1 tell deploy, length 28
17:20:17.912265 ARP, Request who-has master1 tell deploy, length 28
17:20:18.952076 ARP, Request who-has master1 tell deploy, length 28
17:20:19.992079 ARP, Request who-has master1 tell deploy, length 28
17:20:21.032265 ARP, Request who-has master1 tell deploy, length 28
17:20:22.072065 ARP, Request who-has master1 tell deploy, length 28

查看ns1内路由

ns1内已经接收到了请求，但是并没有回，查看ns1内路由规则，只有192.168.1.0/24网段的地址才会从veth1发出，其他地址的包都被丢弃了

# ip netns exec ns1 ip route
192.168.1.0/24 dev veth1 proto kernel scope link src 192.168.1.101

添加默认路由

# ip netns exec ns1 ip route add default via 192.168.1.101 dev veth1

再次ping ns1

# ping 192.168.1.101
PING 192.168.1.101 (192.168.1.101) 56(84) bytes of data.
64 bytes from 192.168.1.101: icmp_seq=1 ttl=64 time=0.067 ms
64 bytes from 192.168.1.101: icmp_seq=2 ttl=64 time=0.051 ms
^C
--- 192.168.1.101 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1025ms
rtt min/avg/max/mdev = 0.051/0.059/0.067/0.008 ms

whz-emm

关注

0
点赞
踩
4

收藏

觉得还不错? 一键收藏
0
评论
veth pair实战

veth pair作用veth pair用于同一主机不同命名空间通信，其原理为向veth pair设备的一端输入数据，数据通过内核协议栈后从veth pair的另一端出来netns帮助# ip netns helpUsage: ip netns list ip netns add NAME ip netns attach NAME PID ip netns set NAME NETNSID ip [-all] netns delete [NAME]...
复制链接

扫一扫