- 环境:
安装centos 8.1
安装libvirt 相关工具
- 实验1:
理解命名空间,测试不同namespace 通讯
目标拓扑:
192.168.10.1 192.168.10.2
veth1.1 < ----------> veth1.2
ns1 ns2
1 copy vm1.img to /kvm-os
2 编辑 vm01.xml , xml 如下
3 virsh creat 01.xml
4 同理 创建vm02
5 vish list 查看虚拟机启动
6 virt-viewer -c qemu:///system vm01 & 进入虚拟机
7 配置ip
sudo su -
vi /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.122.101 #vm02 为102
netmask 255.255.255.0
测试连通性 192.168.122.1/101/102
8 取消默认nat网络模式
# mv /etc/libvirt/qemu/networks/default.xml /etc/libvirt/qemu/networks/default.xml_bak
# systemctl restart libvirtd
9 测试连通性,vm01 ,vm02 ,virbr0 仍然通。。。。。 ,重启vm 仍然通, 不管了,不用br0 了
10 创建net namespace: 里面可以创造路由器
# ip netns add ns1
# ip netns add ns2
# ip netns list
ns1
ns2
# ip netns exec ns1 ifconfig -a
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# ip netns exec ns1 route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
# ip netns exec ns1 ifconfig lo 127.1.1.1/8 up
# ip netns exec ns1 ifconfig -a
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.1.1.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
11 创建veth 对
# ip link add veth1.1 type veth peer name veth1.2
# ip link show
38: [email protected]: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 72:fe:30:bf:11:4a brd ff:ff:ff:ff:ff:ff
39: [email protected]: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 5a:73:79:1a:74:1d brd ff:ff:ff:ff:ff:ff
12 把veth 对 ,一个放在 ns1 ,一个放在ns2
# ip link set veth1.1 netns ns1
# ip link set veth1.2 netns ns2
13 ip link show 查看:
主机中没有了 veth1
已经在namespace 中
[root@MyHost networks]# ip netns exec ns1 ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
39: veth1.1@if38: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 5a:73:79:1a:74:1d brd ff:ff:ff:ff:ff:ff link-netns ns2
[root@MyHost networks]# ip netns exec ns2 ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
38: veth1.2@if39: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 72:fe:30:bf:11:4a brd ff:ff:ff:ff:ff:ff link-netns ns1
14 为veth1.1 和 veth1.2 设置ip
# ip netns exec ns1 ifconfig veth1.1 192.168.10.1/24
# ip netns exec ns1 ifconfig
veth1.1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.10.1 netmask 255.255.255.0 broadcast 192.168.10.255
ether 5a:73:79:1a:74:1d txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# ip netns exec ns2 ifconfig veth1.2 192.168.10.2/24
# ip netns exec ns1 ping 192.168.10.2
PING 192.168.10.2 (192.168.10.2) 56(84) bytes of data.
64 bytes from 192.168.10.2: icmp_seq=1 ttl=64 time=0.036 ms
64 bytes from 192.168.10.2: icmp_seq=2 ttl=64 time=0.025 ms
^C
--- 192.168.10.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 20ms
rtt min/avg/max/mdev = 0.025/0.030/0.036/0.007 ms
[root@MyHost networks]#
- 实验二:
目标:为vm 创建namespace ,并与物理网络连通
目标拓扑:
vm1 ip地址为192.168.11.102/24
物理网络为: 172.26.1.0/24 ,网关 为172.26.1.1
思路 vm1网卡启动后,网卡对另一半在host中名字为 vnet1
vmnet1 在网桥virbr0 中
创建ns1 ,相当于在ns1中创造了一个路由器,分别连接vm和host
创建veth 对 inter_s ,inter_r (前者要加到网桥,后者要放入到ns1中)
inter_s add到virbr0 , 此时 virbr0上存在两个网卡,一个为vmnet1 ,一个inter1
inter_r set 到ns1 并设置ip地址为 192.168.11.1/24
创建veth对 out_r ,out_p (前者到ns1, 后者brex)
out_r set 到ns1 配置ip 为 172.26.1.10 ,想相当于虚拟网络的出口)
out_p 添加到网桥brex上 (brex 是物理网卡所在的网桥)
在ns1中配置路由或者nat,dhcp
ns1中有两个接口分别为 inter_r 192.168.11.1 和 out_r 172.26.1.10
命令参考:
创建网桥
nmcli connection add type bridge con-name virbr0 ifname virbr0 autoconnect yes
-------------------------------------------------
vm.xml
<domain type='qemu' id='23'>
<name>host11-cirros</name>
<memory unit='KiB'>524288</memory>
<currentMemory unit='KiB'>524288</currentMemory>
<vcpu placement='static'>1</vcpu>
<resource>
<partition>/machine</partition>
</resource>
<os>
<type arch='x86_64' machine='cirros'>hvm</type>
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
<vmport state='off'/>
</features>
<clock offset='utc'>
<timer name='rtc' tickpolicy='catchup'/>
<timer name='pit' tickpolicy='delay'/>
<timer name='hpet' present='no'/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<pm>
<suspend-to-mem enabled='no'/>
<suspend-to-disk enabled='no'/>
</pm>
<devices>
<emulator>/usr/libexec/qemu-kvm</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/kvm-os/vm01.img'/>
<backingStore/>
<target dev='hda' bus='ide'/>
<alias name='ide0-0-0'/>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
<controller type='usb' index='0' model='ich9-ehci1'>
<alias name='usb'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x7'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci1'>
<alias name='usb'/>
<master startport='0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0' multifunction='on'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci2'>
<alias name='usb'/>
<master startport='2'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x1'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci3'>
<alias name='usb'/>
<master startport='4'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pci-root'>
<alias name='pci.0'/>
</controller>
<controller type='ide' index='0'>
<alias name='ide'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<controller type='virtio-serial' index='0'>
<alias name='virtio-serial0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</controller>
<interface type='network'>
<source network='default' bridge='virbr0'/>
</interface>
<serial type='pty'>
<source path='/dev/pts/2'/>
<target type='isa-serial' port='0'>
<model name='isa-serial'/>
</target>
<alias name='serial0'/>
</serial>
<console type='pty' tty='/dev/pts/2'>
<source path='/dev/pts/2'/>
<target type='serial' port='0'/>
<alias name='serial0'/>
</console>
<channel type='spicevmc'>
<target type='virtio' name='com.redhat.spice.0' state='disconnected'/>
<alias name='channel0'/>
<address type='virtio-serial' controller='0' bus='0' port='1'/>
</channel>
<input type='tablet' bus='usb'>
<alias name='input0'/>
<address type='usb' bus='0' port='1'/>
</input>
<input type='mouse' bus='ps2'>
<alias name='input1'/>
</input>
<input type='keyboard' bus='ps2'>
<alias name='input2'/>
</input>
<graphics type='spice' port='5900' autoport='yes' listen='0.0.0.0'>
<listen type='address' address='0.0.0.0'/>
<image compression='off'/>
</graphics>
<sound model='ich6'>
<alias name='sound0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</sound>
<video>
<model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
<alias name='video0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<redirdev bus='usb' type='spicevmc'>
<alias name='redir0'/>
<address type='usb' bus='0' port='2'/>
</redirdev>
<redirdev bus='usb' type='spicevmc'>
<alias name='redir1'/>
<address type='usb' bus='0' port='3'/>
</redirdev>
<memballoon model='virtio'>
<alias name='balloon0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</memballoon>
</devices>
<seclabel type='dynamic' model='dac' relabel='yes'>
<label>+0:+0</label>
<imagelabel>+0:+0</imagelabel>
</seclabel>
</domain>