Linux网络

Linux网络可以通过命名空间进行网络隔离，本文记录一下相应的创建命令。

网络命名空间

创建

ip netns add netns0
ip netns add netns1

#不加ip netns exec netns0 会在默认的root空间创建
ip netns exec netns0 ip link add veth0 type veth peer name veth1

查看ip

[root@k8s1 ~]$ ip netns exec netns0 ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: veth1@veth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
    link/ether a6:b1:72:af:2d:a1 brd ff:ff:ff:ff:ff:ff
3: veth0@veth1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
    link/ether 42:90:6e:1e:e6:b9 brd ff:ff:ff:ff:ff:ff

将veth1给netns1空间

[root@k8s1 ~]$ ip netns exec netns0 ip link set veth1 netns netns1
[root@k8s1 ~]$ ip netns exec netns0 ip link show 
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: veth0@if2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
    link/ether 42:90:6e:1e:e6:b9 brd ff:ff:ff:ff:ff:ff link-netnsid 0

[root@k8s1 ~]$ ip netns exec netns1 ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: veth1@if3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
    link/ether a6:b1:72:af:2d:a1 brd ff:ff:ff:ff:ff:ff link-netnsid 0

添加ip

ip netns exec netns0 ip addr add 10.1.1.2/24 dev veth0
ip netns exec netns0 ip link set dev veth0 up

ip netns exec netns1 ip addr add 10.1.1.1/24 dev veth1
ip netns exec netns1 ip link set dev veth1 up

ping

[root@k8s1 ~]$ ip netns exec netns0 ifconfig
veth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.1.1.2  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::4090:6eff:fe1e:e6b9  prefixlen 64  scopeid 0x20<link>
        ether 42:90:6e:1e:e6:b9  txqueuelen 1000  (Ethernet)
        RX packets 13  bytes 1026 (1.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 13  bytes 1026 (1.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@k8s1 ~]$ ip netns exec netns1 ifconfig
veth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.1.1.1  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::a4b1:72ff:feaf:2da1  prefixlen 64  scopeid 0x20<link>
        ether a6:b1:72:af:2d:a1  txqueuelen 1000  (Ethernet)
        RX packets 13  bytes 1026 (1.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 13  bytes 1026 (1.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@k8s1 ~]$ ip netns exec netns1 ping 10.1.1.2
PING 10.1.1.2 (10.1.1.2) 56(84) bytes of data.
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.035 ms
64 bytes from 10.1.1.2: icmp_seq=2 ttl=64 time=0.055 ms

查看配对

[root@k8s1 ~]$ ip netns exec netns1 ethtool -S veth1
NIC statistics:
     peer_ifindex: 3
[root@k8s1 ~]$ ip netns exec netns0 ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: veth0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 42:90:6e:1e:e6:b9 brd ff:ff:ff:ff:ff:ff link-netnsid 0

网桥

参考: http://fp-moon.iteye.com/blog/1468650

yum -y install bridge-utils
brctl addbr br0
brctl addif br0 enp0s8 && ifconfig enp0s8 0.0.0.0 && ifconfig br0 192.168.10.6
注意：brctl addif br0 enp0s8执行后断网，所以后面的命令需要一起执行。

[root@k8s1 ~]$ ifconfig
#192.168.10.6已经转移到br0中了
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.6  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::a00:27ff:fec4:969a  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:c4:96:9a  txqueuelen 0  (Ethernet)
        RX packets 28  bytes 2821 (2.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 23  bytes 2826 (2.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0