投稿
  1. 首页
  2. python

Linux虚拟网络1-namespace实践

code 2022-5-13 python 阅读 21

Linux虚拟网络1-namespace实践,第1张

一、tap

tap(虚拟以太设备)位于二层,tun位于三层,两者都是 *** 作系统内核中的虚拟网络设备。

Linux使用tun模块实现了tun/tap,要想使用Linux命令行 *** 作一个tap,首先需要检查系统是支持/加载了tum模块。

#输入modinfo tun,如果有输出,说明系统具有tun模块
[root@localhost ~]# modinfo tun
filename:       /lib/modules/3.10.0-1127.8.2.el7.x86_64/kernel/drivers/net/tun.ko.xz
alias:          devname:net/tun
alias:          char-major-10-200
license:        GPL
author:         (C) 1999-2004 Max Krasnyansky 
description:    Universal TUN/TAP device driver
retpoline:      Y
rhelversion:    7.8
srcversion:     E26A36A927427B2BAE3FB17
depends:        
intree:         Y
vermagic:       3.10.0-1127.8.2.el7.x86_64 SMP mod_unload modversions 
signer:         CentOS Linux kernel signing key
sig_key:        FF:31:8C:E9:B8:32:4E:45:57:70:C2:6E:E8:BF:60:81:39:FF:A9:28
sig_hashalgo:   sha256
#lsmod检查是否加载了tun模块
[root@localhost ~]# lsmod | grep tun
#modprobe命令进行加载
[root@localhost ~]# modprobe tun
[root@localhost ~]# lsmod | grep tun
tun                    36164  0 
#检查是否有安装tunctl工具
[root@localhost ~]# tunctl help
-bash: tunctl: command not found
#直接安装,装不了
[root@localhost ~]# yum -y install tunctl 
#指定自定义的Yum源
yum --enablerep o=nux-misc install -y tunctl

2、创建tap

[root@localhost ~]# tunctl -t tap_test
Set 'tap_test' persistent and owned by uid 0
[root@localhost ~]# ip addr add 10.100.50.5/24 dev tap_test
[root@localhost ~]# ifconfig tap_test
tap_test: flags=4098  mtu 1500
        inet 10.100.50.5  netmask 255.255.255.0  broadcast 0.0.0.0
        ether a6:78:f3:c7:4d:79  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

二、namespace

一个namespace提供了一份独立的网络协议栈(网络设备接口、ipv4、ipv6、ip路由、防火墙规则、sockets等)。一个设备(Linux Device)只能位于一个namespace中,不同的namespace中的设备可以利用veth pair进行桥接。

#创建
[root@localhost ~]# ip netns add ns_test
#查看ns列表
[root@localhost yum.repos.d]# ip netns list
ns_test
#将虚拟网卡迁移到ns
[root@localhost ~]# ip link set tap_test netns ns_test
#exec ns执行命令
[root@localhost ~]# ip netns exec ns_test ip link list
1: lo:  mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
6: tap_test:  mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether a6:78:f3:c7:4d:79 brd ff:ff:ff:ff:ff:ff
#设定IP
[root@localhost ~]# ip netns exec ns_test ip addr add 100.10.89.21/24 dev tap_test
[root@localhost ~]# ip netns exec ns_test ifconfig tap_test up
[root@localhost ~]# ip netns exec ns_test ip a
1: lo:  mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
6: tap_test:  mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether a6:78:f3:c7:4d:79 brd ff:ff:ff:ff:ff:ff
    inet 100.10.89.21/24 scope global tap_test
       valid_lft forever preferred_lft forever
#启动虚拟网卡,但启动失败
[root@localhost ~]# ip netns exec ns_test ip link set tap_test up
[root@localhost ~]# ip netns exec ns_test ip a
1: lo:  mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
6: tap_test:  mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether a6:78:f3:c7:4d:79 brd ff:ff:ff:ff:ff:ff
    inet 100.10.89.21/24 scope global tap_test
       valid_lft forever preferred_lft forever
三、veth pair

veth pair不是一个设备,而是一对设备,以连接两个虚拟以太端口。

#创建veth pair
[root@localhost ~]# ip link add tap1 type veth peer name tap2
#创建 ns
[root@localhost ~]# ip netns add ns1
[root@localhost ~]# ip netns add ns2
#把两个tap分别迁移到对应的namespace中
[root@localhost ~]# ip link set tap1 netns ns1
[root@localhost ~]# ip link set tap2 netns ns2
#分别给两个tap绑定IP地址
[root@localhost ~]# ip netns exec ns1 ip addr add local 192.168.50.1/24 dev tap1
[root@localhost ~]# ip netns exec ns2 ip addr add local 192.168.50.2/24 dev tap2
#将两个tap设置为tap
[root@localhost ~]# ip netns exec ns1 ifconfig tap1 up
[root@localhost ~]# ip netns exec ns2 ifconfig tap2 up
#ping测试
[root@localhost ~]# ip netns exec ns2 ping 192.168.50.1
PING 192.168.50.1 (192.168.50.1) 56(84) bytes of data.
64 bytes from 192.168.50.1: icmp_seq=1 ttl=64 time=0.053 ms
64 bytes from 192.168.50.1: icmp_seq=2 ttl=64 time=0.046 ms
^C
--- 192.168.50.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.046/0.049/0.053/0.007 ms
[root@localhost ~]# ip netns exec ns1 ping 192.168.50.2
PING 192.168.50.2 (192.168.50.2) 56(84) bytes of data.
64 bytes from 192.168.50.2: icmp_seq=1 ttl=64 time=0.030 ms
^C
--- 192.168.50.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.030/0.030/0.030/0.000 ms

参考来源:《深入理解Openstack Neutron》-李宗标

欢迎分享,转载请注明来源:内存溢出

原文地址: http://outofmemory.cn/langs/874004.html

(0)
打赏 微信扫一扫 微信扫一扫 支付宝扫一扫 支付宝扫一扫
code code 管理员组
0 0
上一篇 2022-05-13
下一篇 2022-05-13

发表评论

登录后才能评论

评论列表(0条)

保存