1.建立个namespace 名字为test
2.简历个veth peer,一个放入test里面
3.使test里面的网络能ping到外面的veth peer
4.设置ip route使test里面的网络能ping到外面的ip
创建一个namespace
[root@centos7 ~]# ip netns add test [root@centos7 ~]# ip netns test [root@centos7 ~]# ip netns exec test ip a 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[root@centos7 ~]# ip netns exec test bash [root@centos7 ~]# ip a 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 [root@centos7 ~]# ip netns identify $$ test [root@centos7 ~]# exit exit
在namespace里面使用普通linux网络命令
[root@centos7 ~]# ip netns exec test ip a 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 [root@centos7 ~]# ip netns exec test ip link set dev lo up [root@centos7 ~]# ip netns exec test ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever
ping
[root@centos7 ~]# ip netns exec test ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.093 ms 64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.054 ms ^C --- 127.0.0.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.054/0.073/0.093/0.021 ms
增加一对veth peer ,把veth1扔进namespace
[root@centos7 ~]# ip link add type veth [root@centos7 ~]# [root@centos7 ~]# [root@centos7 ~]# ip link set veth1 netns test [root@centos7 ~]# ip netns exec test ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 6: veth1@if5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000 link/ether ba:3f:cf:12:23:5d brd ff:ff:ff:ff:ff:ff link-netnsid 0 查看配对的veth peer [root@centos7 ~]# ethtool -S veth0 NIC statistics: peer_ifindex: 6 [root@centos7 ~]# ip netns exec test ethtool -S veth1 NIC statistics: peer_ifindex: 5
把namespace中的veth启动起来
[root@centos7 ~]# ip netns exec test ip link set veth1 up [root@centos7 ~]# ip netns exec test ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 6: veth1@if5: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state LOWERLAYERDOWN qlen 1000 link/ether ba:3f:cf:12:23:5d brd ff:ff:ff:ff:ff:ff link-netnsid 0
设置namespace里面的veth1的ip,和namespace外面的veth0的ip
[root@centos7 ~]# ip netns exec test ip addr add dev veth1 192.168.3.2/29 [root@centos7 ~]# ip route default via 192.168.128.1 dev eth0 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 192.168.128.0/20 dev eth0 proto kernel scope link src 192.168.139.55 [root@centos7 ~]# ip addr add dev veth0 192.168.3.1/29 [root@centos7 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 50:50:18:aa:80:17 brd ff:ff:ff:ff:ff:ff inet 192.168.139.55/20 brd 192.168.143.255 scope global dynamic eth0 valid_lft 2823sec preferred_lft 2823sec inet6 fe80::5250:18ff:feaa:8017/64 scope link valid_lft forever preferred_lft forever 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN link/ether 52:54:00:71:94:cc brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 4: virbr0-nic: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500 link/ether 52:54:00:71:94:cc brd ff:ff:ff:ff:ff:ff 5: veth0@if6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000 link/ether be:ab:06:b0:59:fa brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 192.168.3.1/29 scope global veth0 valid_lft forever preferred_lft forever
查看路由表
[root@centos7 ~]# ip route default via 192.168.128.1 dev eth0 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 192.168.128.0/20 dev eth0 proto kernel scope link src 192.168.139.55
启动外面的veth0
[root@centos7 ~]# ip link set veth0 up [root@centos7 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 50:50:18:aa:80:17 brd ff:ff:ff:ff:ff:ff inet 192.168.139.55/20 brd 192.168.143.255 scope global dynamic eth0 valid_lft 2788sec preferred_lft 2788sec inet6 fe80::5250:18ff:feaa:8017/64 scope link valid_lft forever preferred_lft forever 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN link/ether 52:54:00:71:94:cc brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 4: virbr0-nic: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500 link/ether 52:54:00:71:94:cc brd ff:ff:ff:ff:ff:ff 5: veth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether be:ab:06:b0:59:fa brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 192.168.3.1/29 scope global veth0 valid_lft forever preferred_lft forever inet6 fe80::bcab:6ff:feb0:59fa/64 scope link valid_lft forever preferred_lft forever
再次查看路由表
[root@centos7 ~]# ip route default via 192.168.128.1 dev eth0 192.168.3.0/29 dev veth0 proto kernel scope link src 192.168.3.1 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 192.168.128.0/20 dev eth0 proto kernel scope link src 192.168.139.55 [root@centos7 ~]# ip netns exec test ip route 192.168.3.0/29 dev veth1 proto kernel scope link src 192.168.3.2 [root@centos7 ~]# ping 192.168.3.2 PING 192.168.3.2 (192.168.3.2) 56(84) bytes of data. 64 bytes from 192.168.3.2: icmp_seq=1 ttl=64 time=0.091 ms 64 bytes from 192.168.3.2: icmp_seq=2 ttl=64 time=0.076 ms ^C --- 192.168.3.2 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.076/0.083/0.091/0.011 ms
设置路由之后就通了
[root@centos7 ~]# [root@centos7 ~]# [root@centos7 ~]# ping 192.168.3.2 PING 192.168.3.2 (192.168.3.2) 56(84) bytes of data. 64 bytes from 192.168.3.2: icmp_seq=1 ttl=64 time=0.117 ms 64 bytes from 192.168.3.2: icmp_seq=2 ttl=64 time=0.073 ms 64 bytes from 192.168.3.2: icmp_seq=3 ttl=64 time=0.045 ms 64 bytes from 192.168.3.2: icmp_seq=4 ttl=64 time=0.050 ms 64 bytes from 192.168.3.2: icmp_seq=5 ttl=64 time=0.057 ms ^C --- 192.168.3.2 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4000ms rtt min/avg/max/mdev = 0.045/0.068/0.117/0.027 ms [root@centos7 ~]#
★★换另一个ssh终端
[root@centos7 ~]# ip netns exec test tcpdump -i veth1 -l tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on veth1, link-type EN10MB (Ethernet), capture size 65535 bytes 08:01:59.180834 IP 192.168.3.1 > centos7: ICMP echo request, id 4142, seq 1, length 64 08:01:59.180899 IP centos7 > 192.168.3.1: ICMP echo reply, id 4142, seq 1, length 64 08:02:00.181087 IP 192.168.3.1 > centos7: ICMP echo request, id 4142, seq 2, length 64 ^C 10 packets captured 10 packets received by filter 0 packets dropped by kernel
[root@centos7 ~]# [root@centos7 ~]# [root@centos7 ~]# ip netns exec test ping 192.168.139.55 connect: Network is unreachable [root@centos7 ~]# ip netns exec test ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 6: veth1@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether ba:3f:cf:12:23:5d brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 192.168.3.2/29 scope global veth1 valid_lft forever preferred_lft forever inet6 fe80::b83f:cfff:fe12:235d/64 scope link valid_lft forever preferred_lft forever
[root@centos7 ~]# ip netns exec test ip route 192.168.3.0/29 dev veth1 proto kernel scope link src 192.168.3.2 [root@centos7 ~]# ip netns exec test ip route add default via 192.168.3.1 [root@centos7 ~]# [root@centos7 ~]# ip netns exec test ping 192.168.139.55 PING 192.168.139.55 (192.168.139.55) 56(84) bytes of data. 64 bytes from 192.168.139.55: icmp_seq=1 ttl=64 time=0.074 ms ^C --- 192.168.139.55 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.074/0.074/0.074/0.000 ms [root@centos7 ~]#