veth pair实战
veth pair作用veth pair用于同一主机不同命名空间通信,其原理为向veth pair设备的一端输入数据,数据通过内核协议栈后从veth pair的另一端出来netns帮助# ip netns helpUsage: ip netns listip netns add NAMEip netns attach NAME PIDip netns set NAME NETNSIDip [-al
·
veth pair作用
veth pair用于同一主机不同命名空间通信,其原理为向veth pair设备的一端输入数据,数据通过内核协议栈后从veth pair的另一端出来
veth pair使用
netns帮助
# ip netns help
Usage: ip netns list
ip netns add NAME
ip netns attach NAME PID
ip netns set NAME NETNSID
ip [-all] netns delete [NAME]
ip netns identify [PID]
ip netns pids NAME
ip [-all] netns exec [NAME] cmd ...
ip netns monitor
ip netns list-id [target-nsid POSITIVE-INT] [nsid POSITIVE-INT]
NETNSID := auto | POSITIVE-INT创建network namespace
ip netns add ns1删除network namespace
ip netns del ns1创建veth pair
ip link add veth0 type veth peer name veth1查看veth pair
# ip a
...
8: veth1@veth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether ea:1c:85:27:14:ca brd ff:ff:ff:ff:ff:ff
9: veth0@veth1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 72:74:8e:30:ac:7d brd ff:ff:ff:ff:ff:ff
将veth1移动到ns1中
ip link set veth1 netns ns1注:如果要将ns1中的veth1移动到根命名空间(宿主机),可使用以下命令,1即表示宿主机命名空间
ip netns exec ns1 ip link set veth1 netns 1
给veth0和veth1配上IP
ip addr add 192.168.1.100/24 dev veth0
ip netns exec ns1 ip addr add 192.168.1.101/24 dev veth1启动网卡
ip link set veth0 up
ip netns exec ns1 ip link set veth1 up查看ns1中的网卡信息
# ip netns exec ns1 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
8: veth1@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ea:1c:85:27:14:ca brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.1.101/24 scope global veth1
valid_lft forever preferred_lft forever
inet6 fe80::e81c:85ff:fe27:14ca/64 scope link
valid_lft forever preferred_lft forever测试连通性
# ping 192.168.1.101
PING 192.168.1.101 (192.168.1.101) 56(84) bytes of data.
64 bytes from 192.168.1.101: icmp_seq=1 ttl=64 time=0.102 ms
^C
--- 192.168.1.101 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.102/0.102/0.102/0.000 ms
# ip netns exec ns1 ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
64 bytes from 192.168.1.100: icmp_seq=1 ttl=64 time=0.076 ms
64 bytes from 192.168.1.100: icmp_seq=2 ttl=64 time=0.055 ms
^C
--- 192.168.1.100 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1075ms
rtt min/avg/max/mdev = 0.055/0.065/0.076/0.010 ms模拟k8s calico网络
k8s使用calico会有如下现象
# ifconfig cali52cd9f5b6c4
cali52cd9f5b6c4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::ecee:eeff:feee:eeee prefixlen 64 scopeid 0x20<link>
ether ee:ee:ee:ee:ee:ee txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0该veth并没有配IP,而是添加了如下一条路由规则,宿主机命名空间就能和容器内的命名空间通信了
# ip route
10.233.97.1 dev cali52cd9f5b6c4 scope link
删除veth0的IP
ip addr del 192.168.1.100/24 dev veth0添加如calico的路由规则
ip route add 192.168.1.101/32 dev veth0查看路由规则
# ip route
...
192.168.1.101 dev veth0 scope link尝试ping ns1中的IP
# ping 192.168.1.101
PING 192.168.1.101 (192.168.1.101) 56(84) bytes of data.
^C
--- 192.168.1.101 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2089ms不能ping通,尝试使用tcpdump抓包
# ping 192.168.1.101
PING 192.168.1.101 (192.168.1.101) 56(84) bytes of data.
From 172.20.42.70 icmp_seq=1 Destination Host Unreachable
From 172.20.42.70 icmp_seq=2 Destination Host Unreachable
From 172.20.42.70 icmp_seq=3 Destination Host Unreachable
From 172.20.42.70 icmp_seq=4 Destination Host Unreachable
From 172.20.42.70 icmp_seq=5 Destination Host Unreachable
From 172.20.42.70 icmp_seq=6 Destination Host Unreachable
# ip netns exec ns1 tcpdump -i veth1
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on veth1, link-type EN10MB (Ethernet), capture size 262144 bytes
17:20:14.809648 ARP, Request who-has master1 tell deploy, length 28
17:20:15.832062 ARP, Request who-has master1 tell deploy, length 28
17:20:16.872071 ARP, Request who-has master1 tell deploy, length 28
17:20:17.912265 ARP, Request who-has master1 tell deploy, length 28
17:20:18.952076 ARP, Request who-has master1 tell deploy, length 28
17:20:19.992079 ARP, Request who-has master1 tell deploy, length 28
17:20:21.032265 ARP, Request who-has master1 tell deploy, length 28
17:20:22.072065 ARP, Request who-has master1 tell deploy, length 28查看ns1内路由
ns1内已经接收到了请求,但是并没有回,查看ns1内路由规则,只有192.168.1.0/24网段的地址才会从veth1发出,其他地址的包都被丢弃了
# ip netns exec ns1 ip route
192.168.1.0/24 dev veth1 proto kernel scope link src 192.168.1.101添加默认路由
# ip netns exec ns1 ip route add default via 192.168.1.101 dev veth1再次ping ns1
# ping 192.168.1.101
PING 192.168.1.101 (192.168.1.101) 56(84) bytes of data.
64 bytes from 192.168.1.101: icmp_seq=1 ttl=64 time=0.067 ms
64 bytes from 192.168.1.101: icmp_seq=2 ttl=64 time=0.051 ms
^C
--- 192.168.1.101 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1025ms
rtt min/avg/max/mdev = 0.051/0.059/0.067/0.008 ms
腾讯云面向开发者汇聚海量精品云计算使用和开发经验,营造开放的云计算技术生态圈。
更多推荐
0
0- 0
已为社区贡献1条内容
所有评论(0)