Namespace是Linux提供的一种内核级别环境隔离的方法,在Linux中Namespace实际上有6中,这里只是单纯的说明一下网络命名空间(Network Namespace)。在实际应用中,Network NameSpace为kvm、容器等虚拟化所打造的一个虚拟化网络环境,他使得你可以创建不同的命名空间,并且每个命名空间都是相对独立的,有自己的ip、arp、route,并且每个命名空间都相互不影响。
在内核中的支持如下:
相关内容可参考:ip netns的使用及network namespace 简介
下面将介绍使用openvswitch创建网桥,连接两个不同的Network Namespace。网络拓扑如下:
1. 创建两个Network Namespace
ns1
ns0
2. 创建两组veth
两组veth成对出现,两个相互连接的命名空间(两个设备间相当于用网线直接连接在一起)。
默认会创建下面两对点到点的veth: veth0—veth1 veth2—veth3
或者这样创建自定义命名设备: ip link add veth0 type veth peer name veth1 ip link add veth2 type veth peer name veth2
1: veth0@veth1:
<BROADCAST,MULTICAST,M-DOWN
> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether ea:25:dd:b8:1d:77 brd ff:ff:ff:ff:ff:ff
2: veth1@veth0:
<BROADCAST,MULTICAST,M-DOWN
> mtu 1500 qdisc noop master ovs-system state DOWN group default qlen 1000
link/ether ee:e9:83:72:bf:08 brd ff:ff:ff:ff:ff:ff
3: veth2@veth3:
<BROADCAST,MULTICAST,M-DOWN
> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 46:dc:09:03:fe:b1 brd ff:ff:ff:ff:ff:ff
4: veth3@veth2:
<BROADCAST,MULTICAST,M-DOWN
> mtu 1500 qdisc noop master ovs-system state DOWN group default qlen 1000
3. 把veth0/veth2划到ns0/ns1中,并配置ip
1: lo:
<LOOPBACK
> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
5: veth0@if6:
<BROADCAST,MULTICAST,UP,LOWER_UP
> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ea:25:dd:b8:1d:77 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.0.0.1/24 scope global veth0
valid_lft forever preferred_lft forever
inet6 fe80::e825:ddff:feb8:1d77/64 scope
link
valid_lft forever preferred_lft forever
1: lo:
<LOOPBACK
> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
7: veth2@if8:
<BROADCAST,MULTICAST,UP,LOWER_UP
> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 46:dc:09:03:fe:b1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.0.0.2/24 scope global veth2
valid_lft forever preferred_lft forever
inet6 fe80::44dc:9ff:fe03:feb1/64 scope
link
valid_lft forever preferred_lft forever
4. 创建网桥vswitch0,并将把veth1/veth3加入到网桥
9f5877b0-14c0-41bd-a5c7-627e8d1aac24
Bridge
"vswitch0"
Port
"veth1"
Interface
"veth1"
Port
"vswitch0"
Interface
"vswitch0"
type: internal
Port
"veth3"
Interface
"veth3"
ovs_version:
"2.12.0"
5. 分别进入ns0/ns1,ping一下对方,查看效果
ns0
> ip addr show veth0
5: veth0@if6:
<BROADCAST,MULTICAST,UP,LOWER_UP
> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ea:25:dd:b8:1d:77 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.0.0.1/24 scope global veth0
valid_lft forever preferred_lft forever
inet6 fe80::e825:ddff:feb8:1d77/64 scope
link
valid_lft forever preferred_lft forever
ns0
> ping 10.0.0.2 -c 3
PING 10.0.0.2
(10.0.0.2
) 56
(84
) bytes of data.
64 bytes from 10.0.0.2: icmp_seq
=1 ttl
=64 time
=0.409 ms
64 bytes from 10.0.0.2: icmp_seq
=2 ttl
=64 time
=0.083 ms
64 bytes from 10.0.0.2: icmp_seq
=3 ttl
=64 time
=0.079 ms
--- 10.0.0.2
ping statistics ---
3 packets transmitted, 3 received, 0% packet loss,
time 87ms
rtt min/avg/max/mdev
= 0.079/0.190/0.409/0.155 ms
ns1
> ip addr show veth2
7: veth2@if8:
<BROADCAST,MULTICAST,UP,LOWER_UP
> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 46:dc:09:03:fe:b1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.0.0.2/24 scope global veth2
valid_lft forever preferred_lft forever
inet6 fe80::44dc:9ff:fe03:feb1/64 scope
link
valid_lft forever preferred_lft forever
ns1
> ping 10.0.0.1 -c 3
PING 10.0.0.1
(10.0.0.1
) 56
(84
) bytes of data.
64 bytes from 10.0.0.1: icmp_seq
=1 ttl
=64 time
=0.254 ms
64 bytes from 10.0.0.1: icmp_seq
=2 ttl
=64 time
=0.079 ms
64 bytes from 10.0.0.1: icmp_seq
=3 ttl
=64 time
=0.079 ms
--- 10.0.0.1
ping statistics ---
3 packets transmitted, 3 received, 0% packet loss,
time 39ms
rtt min/avg/max/mdev
= 0.079/0.137/0.254/0.083 ms
参考: https://www.jianshu.com/p/df3931c2ec8a https://www.cnblogs.com/zqyanywn/p/10491916.html
