找到veth虚拟接口隐藏在net namespace中的对端

2023-06-05 本文已影响0人苏苏林

容器网络通常使用一对veth连接pod内外，如下是容器网络cilium 的pod接口：

10: lxc_health@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 3a:12:5a:79:27:35 brd ff:ff:ff:ff:ff:ff link-netnsid 0
12: lxcbc011c668a06@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 56:b0:37:8c:a7:3c brd ff:ff:ff:ff:ff:ff link-netnsid 1
14: lxc3a31cead3ba8@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9a:1e:ad:39:6a:94 brd ff:ff:ff:ff:ff:ff link-netnsid 2
16: lxc4855a34b5763@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 62:14:a9:a3:71:19 brd ff:ff:ff:ff:ff:ff link-netnsid 3

这些 14: lxc3a31cead3ba8@if13 就是位于主机net namespace的虚拟接口，14 标识自己的接口索引，@if13 中的13 是对端的接口索引。
link-netnsid 2 表示对端的 net namespace id，通过它找到对端netns。
先通过 netns id找到 pid，再根据pid找到找到netns，并到netnsn中执行相关的命令查看网络接口信息。

root@node1:~# lsns -t net

        NS TYPE NPROCS    PID USER     NETNSID NSFS                           COMMAND
4026531992 net     188      1 root  unassigned /run/docker/netns/default      /sbin/init =
4026532244 net       1    653 root  unassigned                                /usr/sbin/haveged --Foreground --verbose=1
4026532337 net       2   7639 65535          1 /run/docker/netns/0bf3469c31c1 /pause
4026532409 net      11   7640 admin          2 /run/docker/netns/24c515e66919 /pause
4026532479 net       2   7727 65535          3 /run/docker/netns/9ae5c1b6907e /pause
4026532556 net       1   7330 root           0                                cilium-health-responder --listen 4240 --pidfile /var/run/cilium/state/he
4026532652 net       3 309096 65535          4 /run/docker/netns/db651564b629 /pause
4026532726 net       3 453448 65535          5 /run/docker/netns/318b67753fbf /pause
4026532801 net       2 465991 65535          6 /run/docker/netns/3e9ca9dbdce1 /pause

root@node1:~# nsenter -t 7640 -n  ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
13: eth0@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether f6:7e:76:68:fb:e1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.0.1.39/32 scope global eth0
       valid_lft forever preferred_lft forever

找到veth虚拟接口隐藏在net namespace中的对端

猜你喜欢

热点阅读