macvlan 虚拟技术的 bridge 模式
2021-07-28 本文已影响0人
Jamza
macvlan 虚拟技术的 bridge 模式
macvlan 是 Linux 操作系统内核提供的网络虚拟化方案之一,是网卡虚拟化解决方案。macvlan 可以将一张物理网卡设置多个 mac 地址,相当于将物理网卡实施分身术,要求物理网卡打开混杂模式。针对每个 mac 地址,都可以设置 IP 地址。因此,本来是一块物理网卡连接到交换机,现在可以是多块虚拟网卡连接到交换机了。
macvlan 并不创建网络,只是创建虚拟网卡,而通过 macvlan 虚拟出多个虚拟网卡,目的是在多租户场景下,在统一的底层网络基础上,单独为每一个租户虚拟出自己的网络,从而实现网络隔离的目的。
物理网卡设置混杂模式
对于物理网络,需要打开混杂模式。在打开混杂模式之前,eth0 接口,状态为:<BROADCAST,MULTICAST,UP,LOWER_UP>
[root@vac_master0 ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:00 brd ff:ff:ff:ff:ff:ff
3: eth20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:20 brd ff:ff:ff:ff:ff:ff
4: eth21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:21 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT
link/ether 02:42:02:92:51:fa brd ff:ff:ff:ff:ff:ff
6: docker_gwbridge: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT
link/ether 02:42:9f:6e:6a:5d brd ff:ff:ff:ff:ff:ff
60: vethe5c91d3@if59: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT
link/ether c6:8b:1b:b9:1f:fd brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@vac_master0 ~]#
通过命令,打开混杂模式,eth0 端口状态为 <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP>,多出来的 PROMISC 表示已经打开混杂模式:
[root@vac_master0 ~]# ifconfig eth0 promisc
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:00 brd ff:ff:ff:ff:ff:ff
3: eth20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:20 brd ff:ff:ff:ff:ff:ff
4: eth21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:21 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT
link/ether 02:42:02:92:51:fa brd ff:ff:ff:ff:ff:ff
6: docker_gwbridge: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT
link/ether 02:42:9f:6e:6a:5d brd ff:ff:ff:ff:ff:ff
60: vethe5c91d3@if59: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT
link/ether c6:8b:1b:b9:1f:fd brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@vac_master0 ~]#
如果需要关闭混杂模式,执行以下命令:
[root@vac_master0 ~]# ifconfig eth0 -promisc
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:00 brd ff:ff:ff:ff:ff:ff
3: eth20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:20 brd ff:ff:ff:ff:ff:ff
4: eth21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:21 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT
link/ether 02:42:02:92:51:fa brd ff:ff:ff:ff:ff:ff
6: docker_gwbridge: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT
link/ether 02:42:9f:6e:6a:5d brd ff:ff:ff:ff:ff:ff
60: vethe5c91d3@if59: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT
link/ether c6:8b:1b:b9:1f:fd brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@vac_master0 ~]#
内核加载 macvlan 驱动模块
macvlan 是 Linux 内核提供的一种网络驱动类型。如果内核没有加载 macvlan,可以通过命令加载:
[root@vac_master0 ~]# lsmod | grep macvlan
[root@vac_master0 ~]#
[root@vac_master0 ~]# modprobe macvlan
[root@vac_master0 ~]#
[root@vac_master0 ~]# lsmod | grep macvlan
macvlan 19233 0
[root@vac_master0 ~]#
如果卸载 macvlan,可以执行以下命令:
[root@vac_master0 ~]# lsmod | grep macvlan
macvlan 19233 0
[root@vac_master0 ~]#
[root@vac_master0 ~]# modprobe -r macvlan
[root@vac_master0 ~]#
[root@vac_master0 ~]# lsmod | grep macvlan
[root@vac_master0 ~]#
创建配置 macvlan 网络
创建两个虚拟网卡,macvlan 模式:
[root@vac_master0 ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:00 brd ff:ff:ff:ff:ff:ff
3: eth20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:20 brd ff:ff:ff:ff:ff:ff
4: eth21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:21 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT
link/ether 02:42:02:92:51:fa brd ff:ff:ff:ff:ff:ff
6: docker_gwbridge: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT
link/ether 02:42:9f:6e:6a:5d brd ff:ff:ff:ff:ff:ff
60: vethe5c91d3@if59: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT
link/ether c6:8b:1b:b9:1f:fd brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip link add link eth0 name eth0.01 type macvlan mode bridge
[root@vac_master0 ~]# ip link add link eth0 name eth0.02 type macvlan mode bridge
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:00 brd ff:ff:ff:ff:ff:ff
3: eth20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:20 brd ff:ff:ff:ff:ff:ff
4: eth21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:21 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT
link/ether 02:42:02:92:51:fa brd ff:ff:ff:ff:ff:ff
6: docker_gwbridge: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT
link/ether 02:42:9f:6e:6a:5d brd ff:ff:ff:ff:ff:ff
60: vethe5c91d3@if59: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT
link/ether c6:8b:1b:b9:1f:fd brd ff:ff:ff:ff:ff:ff link-netnsid 0
61: eth0.01@eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether 3e:fc:ba:a6:af:68 brd ff:ff:ff:ff:ff:ff
62: eth0.02@eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether ba:ea:35:91:37:2a brd ff:ff:ff:ff:ff:ff
[root@vac_master0 ~]#
可以看出,多出了两个虚拟网卡,名称分别为 eth0.01@eth0 与 eth0.02@eth0,但是虚拟网卡的状态没有 UP,需要激活虚拟网卡:
[root@vac_master0 ~]# ip link set eth0.01 up
[root@vac_master0 ~]# ip link set eth0.02 up
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:00 brd ff:ff:ff:ff:ff:ff
3: eth20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:20 brd ff:ff:ff:ff:ff:ff
4: eth21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:21 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT
link/ether 02:42:02:92:51:fa brd ff:ff:ff:ff:ff:ff
6: docker_gwbridge: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT
link/ether 02:42:9f:6e:6a:5d brd ff:ff:ff:ff:ff:ff
60: vethe5c91d3@if59: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT
link/ether c6:8b:1b:b9:1f:fd brd ff:ff:ff:ff:ff:ff link-netnsid 0
61: eth0.01@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000
link/ether 3e:fc:ba:a6:af:68 brd ff:ff:ff:ff:ff:ff
62: eth0.02@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1000
link/ether ba:ea:35:91:37:2a brd ff:ff:ff:ff:ff:ff
[root@vac_master0 ~]#
[root@vac_master0 ~]# ifconfig eth0.01
eth0.01: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::3cfc:baff:fea6:af68 prefixlen 64 scopeid 0x20<link>
ether 3e:fc:ba:a6:af:68 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@vac_master0 ~]#
[root@vac_master0 ~]# ifconfig eth0.02
eth0.02: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::b8ea:35ff:fe91:372a prefixlen 64 scopeid 0x20<link>
ether ba:ea:35:91:37:2a txqueuelen 1000 (Ethernet)
RX packets 2 bytes 168 (168.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@vac_master0 ~]#
虚拟网卡已经 UP,但是只有 mac 地址,还没有 ip 地址。
创建两个网络命名空间:
[root@vac_master0 ~]# ip netns
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip netns add ns01
[root@vac_master0 ~]# ip netns add ns02
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip netns
ns02
ns01
[root@vac_master0 ~]#
将虚拟网卡 eth0.01 添加到网络命名空间 ns01 中,将虚拟网卡 eth0.02 添加到网络命名空间 ns02 中
[root@vac_master0 ~]# ip link set eth0.01 netns ns01
[root@vac_master0 ~]# ip link set eth0.02 netns ns02
[root@vac_master0 ~]#
给两个虚拟网卡配置 ip 地址:
[root@vac_master0 ~]# ip netns exec ns01 ip addr add 192.168.83.101/24 dev eth0.01
[root@vac_master0 ~]# ip netns exec ns02 ip addr add 192.168.83.102/24 dev eth0.02
[root@vac_master0 ~]#
查看 ip 地址的配置情况,从结果可以看出,只有在命令空间 ns01 中才能看到虚拟网卡 eth0.01,也只有在命令空间 ns02 中才能看到虚拟网卡 eth0.02:
[root@vac_master0 ~]# ifconfig eth0.01
eth0.01: error fetching interface information: Device not found
[root@vac_master0 ~]#
[root@vac_master0 ~]# ifconfig eth0.02
eth0.02: error fetching interface information: Device not found
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip netns exec ns01 ifconfig eth0.01
eth0.01: flags=4098<BROADCAST,MULTICAST> mtu 1500
inet 192.168.83.101 netmask 255.255.255.0 broadcast 0.0.0.0
ether 3e:fc:ba:a6:af:68 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip netns exec ns02 ifconfig eth0.02
eth0.02: flags=4098<BROADCAST,MULTICAST> mtu 1500
inet 192.168.83.102 netmask 255.255.255.0 broadcast 0.0.0.0
ether ba:ea:35:91:37:2a txqueuelen 1000 (Ethernet)
RX packets 2 bytes 168 (168.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip netns exec ns01 ifconfig eth0.02
eth0.02: error fetching interface information: Device not found
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip netns exec ns02 ifconfig eth0.01
eth0.01: error fetching interface information: Device not found
[root@vac_master0 ~]#
设置虚拟网卡 up:
[root@vac_master0 ~]# ip netns exec ns01 ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
61: eth0.01@if2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether 3e:fc:ba:a6:af:68 brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip netns exec ns01 ip link set lo up
[root@vac_master0 ~]# ip netns exec ns01 ip link set eth0.01 up
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip netns exec ns01 ifconfig
eth0.01: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.83.101 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::3cfc:baff:fea6:af68 prefixlen 64 scopeid 0x20<link>
ether 3e:fc:ba:a6:af:68 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16 bytes 1296 (1.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip netns exec ns02 ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
62: eth0.02@if2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether ba:ea:35:91:37:2a brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip netns exec ns02 ip link set lo up
[root@vac_master0 ~]# ip netns exec ns02 ip link set eth0.02 up
[root@vac_master0 ~]#
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip netns exec ns02 ifconfig
eth0.02: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.83.102 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::b8ea:35ff:fe91:372a prefixlen 64 scopeid 0x20<link>
ether ba:ea:35:91:37:2a txqueuelen 1000 (Ethernet)
RX packets 2 bytes 168 (168.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 15 bytes 1226 (1.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@vac_master0 ~]#
PING 测试
ping 宿主 eth0 端口,以及宿主机的网桥端口,macvlan 网络 bridge 模式下,与物理网卡端口无法 ping 通,与交换机网桥可以 ping 通
[root@vac_master0 ~]# ip netns exec ns01 ping 192.168.83.83
PING 192.168.83.83 (192.168.83.83) 56(84) bytes of data.
^Z
[4]+ Stopped ip netns exec ns01 ping 192.168.83.83
[root@vac_master0 ~]# ip netns exec ns02 ping 192.168.83.83
PING 192.168.83.83 (192.168.83.83) 56(84) bytes of data.
^Z
[5]+ Stopped ip netns exec ns02 ping 192.168.83.83
[root@vac_master0 ~]#
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip netns exec ns01 ping 192.168.83.1
PING 192.168.83.1 (192.168.83.1) 56(84) bytes of data.
64 bytes from 192.168.83.1: icmp_seq=1 ttl=64 time=0.510 ms
64 bytes from 192.168.83.1: icmp_seq=2 ttl=64 time=0.235 ms
64 bytes from 192.168.83.1: icmp_seq=3 ttl=64 time=0.356 ms
^Z
[6]+ Stopped ip netns exec ns01 ping 192.168.83.1
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip netns exec ns02 ping 192.168.83.1
PING 192.168.83.1 (192.168.83.1) 56(84) bytes of data.
64 bytes from 192.168.83.1: icmp_seq=1 ttl=64 time=0.287 ms
64 bytes from 192.168.83.1: icmp_seq=2 ttl=64 time=0.219 ms
64 bytes from 192.168.83.1: icmp_seq=3 ttl=64 time=0.377 ms
^Z
[7]+ Stopped ip netns exec ns02 ping 192.168.83.1
[root@vac_master0 ~]#
不同命名空间,同物理网卡的虚拟网卡之间,是可以 ping 通的。
[root@vac_master0 ~]# ip netns exec ns02 ping 192.168.83.101
PING 192.168.83.101 (192.168.83.101) 56(84) bytes of data.
64 bytes from 192.168.83.101: icmp_seq=1 ttl=64 time=1.44 ms
64 bytes from 192.168.83.101: icmp_seq=2 ttl=64 time=0.101 ms
64 bytes from 192.168.83.101: icmp_seq=3 ttl=64 time=0.106 ms
64 bytes from 192.168.83.101: icmp_seq=4 ttl=64 time=0.107 ms
^Z
[8]+ Stopped ip netns exec ns02 ping 192.168.83.101
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip netns exec ns02 ping 192.168.83.102
PING 192.168.83.102 (192.168.83.102) 56(84) bytes of data.
64 bytes from 192.168.83.102: icmp_seq=1 ttl=64 time=0.041 ms
64 bytes from 192.168.83.102: icmp_seq=2 ttl=64 time=0.103 ms
64 bytes from 192.168.83.102: icmp_seq=3 ttl=64 time=0.051 ms
64 bytes from 192.168.83.102: icmp_seq=4 ttl=64 time=0.099 ms
^Z
[9]+ Stopped ip netns exec ns02 ping 192.168.83.102
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip netns exec ns01 ping 192.168.83.102
PING 192.168.83.102 (192.168.83.102) 56(84) bytes of data.
64 bytes from 192.168.83.102: icmp_seq=1 ttl=64 time=0.051 ms
64 bytes from 192.168.83.102: icmp_seq=2 ttl=64 time=0.063 ms
64 bytes from 192.168.83.102: icmp_seq=3 ttl=64 time=0.062 ms
64 bytes from 192.168.83.102: icmp_seq=4 ttl=64 time=0.061 ms
^Z
[10]+ Stopped ip netns exec ns01 ping 192.168.83.102
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip netns exec ns01 ping 192.168.83.101
PING 192.168.83.101 (192.168.83.101) 56(84) bytes of data.
64 bytes from 192.168.83.101: icmp_seq=1 ttl=64 time=0.032 ms
64 bytes from 192.168.83.101: icmp_seq=2 ttl=64 time=0.050 ms
64 bytes from 192.168.83.101: icmp_seq=3 ttl=64 time=0.049 ms
64 bytes from 192.168.83.101: icmp_seq=4 ttl=64 time=0.049 ms
^Z
[11]+ Stopped ip netns exec ns01 ping 192.168.83.101
[root@vac_master0 ~]#
删除虚拟网卡与网络命名空间
删除虚拟网卡:
[root@vac_master0 ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:00 brd ff:ff:ff:ff:ff:ff
3: eth20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:20 brd ff:ff:ff:ff:ff:ff
4: eth21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:21 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT
link/ether 02:42:02:92:51:fa brd ff:ff:ff:ff:ff:ff
6: docker_gwbridge: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT
link/ether 02:42:9f:6e:6a:5d brd ff:ff:ff:ff:ff:ff
60: vethe5c91d3@if59: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT
link/ether c6:8b:1b:b9:1f:fd brd ff:ff:ff:ff:ff:ff link-netnsid 0
63: eth0.01@eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether f2:75:b6:f9:af:5e brd ff:ff:ff:ff:ff:ff
64: eth0.02@eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether 76:1c:5a:15:50:35 brd ff:ff:ff:ff:ff:ff
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip link delete eth0.01
[root@vac_master0 ~]# ip link delete eth0.02
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:00 brd ff:ff:ff:ff:ff:ff
3: eth20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:20 brd ff:ff:ff:ff:ff:ff
4: eth21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:83:aa:bb:21 brd ff:ff:ff:ff:ff:ff
5: docker0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT
link/ether 02:42:02:92:51:fa brd ff:ff:ff:ff:ff:ff
6: docker_gwbridge: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT
link/ether 02:42:9f:6e:6a:5d brd ff:ff:ff:ff:ff:ff
60: vethe5c91d3@if59: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT
link/ether c6:8b:1b:b9:1f:fd brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@vac_master0 ~]#
删除网络命名空间:
[root@vac_master0 ~]# ip netns help
Usage: ip netns list
ip netns add NAME
ip netns set NAME NETNSID
ip [-all] netns delete [NAME]
ip netns identify [PID]
ip netns pids NAME
ip [-all] netns exec [NAME] cmd ...
ip netns monitor
ip netns list-id
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip netns
ns02
ns01
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip netns delete ns01
[root@vac_master0 ~]# ip netns delete ns02
[root@vac_master0 ~]#
[root@vac_master0 ~]# ip netns
[root@vac_master0 ~]#
