网络命名空间和网桥的基本操作命令

一。6种名称空间

　　1. UTS：主机名和域名

　　2. User：用户

　　3. Mount：挂载文件系统

　　4. IPC：进程间通信

　　5. Pid：进程ID

　　6. Net：网络

二。网络名称空间

　　1. 查看是否有 iproute

[gh@localhost ~]$ rpm -q iproute
iproute-3.10.0-87.el7.x86_64
[gh@localhost ~]$ 

　　2. 创建n1，n2网络名称空间

[root@localhost ~]# ip netns add n1
[root@localhost ~]# ip netns add n2
[root@localhost ~]# 

---- 这种方式创建只有网络名称空间是独立的，其他名称空间不是独立的

[root@localhost ~]# mkdir /var/testNS                                // 主机创建的文件夹n1名称空间可用
[root@localhost ~]# ls /var/ |grep "testNS"
testNS
[root@localhost ~]# ip netns exec n1 ls /var/ |grep "testNS"
testNS
[root@localhost ~]# ip netns exec n1 mkdir /var/testNS1              // n1名称空间创建的文件夹主机可用
[root@localhost ~]# ip netns exec n1 ls /var/ |grep "testNS"
testNS
testNS1
[root@localhost ~]# ls /var/ |grep "testNS"
testNS
testNS1
[root@localhost ~]# 

　　3. 查看网络名称空间

[root@localhost ~]# ip netns list
n2
n1
[root@localhost ~]# 

　　4. n1网络空间里执行查看网卡接口命令

[root@localhost ~]# ip netns exec n1 ifconfig
[root@localhost ~]# ip netns exec n1 ifconfig -a
lo: flags=8<LOOPBACK>  mtu 65536
        loop  txqueuelen 1  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# 

　　5. 创建两个以太网网卡对并查看设备

[root@localhost ~]# ip link add name veth1.1 type veth peer name veth1.2
[root@localhost ~]# ip link show |grep "veth"
7: veth1.2@veth1.1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
    link/ether 3e:5c:76:42:02:21 brd ff:ff:ff:ff:ff:ff
8: veth1.1@veth1.2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
    link/ether 16:a9:17:44:6b:cf brd ff:ff:ff:ff:ff:ff
[root@localhost ~]# 

　　6. 把veth1.2放到n1里

[root@localhost ~]# ip link set dev veth1.2 netns n1
[root@localhost ~]# ip link show |grep "veth"
8: veth1.1@if7: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
[root@localhost ~]# 

　　7. 查看n1

[root@localhost ~]# ip netns exec n1 ifconfig -a |grep "veth"
veth1.2: flags=4098<BROADCAST,MULTICAST>  mtu 1500
[root@localhost ~]# 

　　8. 在n1把veth1.2改成eth0

[root@localhost ~]# ip netns exec n1 ip link set dev veth1.2 name eth0
[root@localhost ~]# ip netns exec n1 ifconfig -a |grep "veth"
[root@localhost ~]# ip netns exec n1 ifconfig -a |grep "eth0"
eth0: flags=4098<BROADCAST,MULTICAST>  mtu 1500
[root@localhost ~]# 

　　9. 启动veth1.1并赋予ip

[root@localhost ~]# ifconfig |grep "veth"
[root@localhost ~]# ifconfig -a |grep "veth"
veth1.1: flags=4098<BROADCAST,MULTICAST>  mtu 1500
[root@localhost ~]# ifconfig veth1.1 10.1.0.1/24 up
[root@localhost ~]# ifconfig |grep "veth"
veth1.1: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
[root@localhost ~]# 

　　10. 把n1里的也启动并赋予ip

[root@localhost ~]# ip netns exec n1 ifconfig eth0 10.1.0.2/24 up
[root@localhost ~]# ip netns exec n1 ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.1.0.2  netmask 255.255.255.0  broadcast 10.1.0.255
        inet6 fe80::3c5c:76ff:fe42:221  prefixlen 64  scopeid 0x20<link>
        ether 3e:5c:76:42:02:21  txqueuelen 1000  (Ethernet)
        RX packets 8  bytes 648 (648.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# 

　　11. 主机和n1通信

[root@localhost ~]# ping -c3 10.1.0.2
PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data.
64 bytes from 10.1.0.2: icmp_seq=1 ttl=64 time=0.037 ms
64 bytes from 10.1.0.2: icmp_seq=2 ttl=64 time=0.034 ms
64 bytes from 10.1.0.2: icmp_seq=3 ttl=64 time=0.040 ms

--- 10.1.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.034/0.037/0.040/0.002 ms
[root@localhost ~]# 

　　12. 把veth1.1放到n2

[root@localhost ~]# ip link set dev veth1.1 netns n2
[root@localhost ~]# ip netns exec n2 ifconfig veth1.1 10.1.0.1/24 up
[root@localhost ~]# ip netns exec n2 ifconfig
veth1.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.1.0.1  netmask 255.255.255.0  broadcast 10.1.0.255
        inet6 fe80::14a9:17ff:fe44:6bcf  prefixlen 64  scopeid 0x20<link>
        ether 16:a9:17:44:6b:cf  txqueuelen 1000  (Ethernet)
        RX packets 15  bytes 1222 (1.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 22  bytes 1800 (1.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# 

　　13. n2通信n1

[root@localhost ~]# ip netns exec n2 ping -c3 10.1.0.2
PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data.
64 bytes from 10.1.0.2: icmp_seq=1 ttl=64 time=0.057 ms
64 bytes from 10.1.0.2: icmp_seq=2 ttl=64 time=0.035 ms
64 bytes from 10.1.0.2: icmp_seq=3 ttl=64 time=0.036 ms

--- 10.1.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.035/0.042/0.057/0.012 ms
[root@localhost ~]# 

　　14. 主机通信n1或者n2都不通

[root@localhost ~]# ping -c3 10.1.0.2
PING 10.1.0.2 (10.1.0.2) 56(84) bytes of data.

--- 10.1.0.2 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2000ms

[root@localhost ~]# 

三。网桥（参考：https://segmentfault.com/a/1190000009491002）

　　1. 创建br0网桥并启动

[root@localhost ~]# ip link add name br0 type bridge
[root@localhost ~]# ip link set br0 up
[root@localhost ~]# ifconfig br0
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::c84b:56ff:fe15:5897  prefixlen 64  scopeid 0x20<link>
        ether ca:4b:56:15:58:97  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# 

 　　2. 创建以太网（veth）类型的网卡对veth0和veth1

[root@localhost ~]# ip link add veth0 type veth peer name veth1
[root@localhost ~]# ip addr add 10.20.1.10/24 dev veth0
[root@localhost ~]# ip link set veth0 up
[root@localhost ~]# ifconfig |grep -A 2 "veth"
veth0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 10.20.1.10  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::e833:53ff:fe7f:c089  prefixlen 64  scopeid 0x20<link>
[root@localhost ~]# 

　　3. 创建ns1网络名称空间并把veth1加入

[root@localhost ~]# ip netns add n1
[root@localhost ~]# ip link set dev veth1 netns n1
[root@localhost ~]# ip netns exec n1 ip addr add 10.20.1.20/24 dev veth1
[root@localhost ~]# ip netns exec n1 ip link set veth1 up
[root@localhost ~]# ip netns exec n1 ifconfig
veth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.20.1.20  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::c0c7:24ff:fe52:6397  prefixlen 64  scopeid 0x20<link>
        ether c2:c7:24:52:63:97  txqueuelen 1000  (Ethernet)
        RX packets 8  bytes 648 (648.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 15  bytes 1226 (1.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# 

　　4. veth0和veth1通信成功

[root@localhost ~]# ping -c1 10.20.1.20
PING 10.20.1.20 (10.20.1.20) 56(84) bytes of data.
64 bytes from 10.20.1.20: icmp_seq=1 ttl=64 time=0.082 ms

--- 10.20.1.20 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.082/0.082/0.082/0.000 ms
[root@localhost ~]# 

　　5. 把veth0连接上网桥br0

[root@localhost ~]# ip link set dev veth0 master br0
[root@localhost ~]# bridge link
7: veth0 state UP @(null): <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 2 
[root@localhost ~]# 

---- 此时br0的mac地址为veth0的mac地址且veth0不再转发数据给内核（协议栈），而是br0来转发。

　　6. veth0和veth1通信失败

[root@localhost ~]# ping -c1 10.20.1.20
PING 10.20.1.20 (10.20.1.20) 56(84) bytes of data.

--- 10.20.1.20 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
[root@localhost ~]# 

　　7. 给br0配置ip来转发数据给内核（协议栈），接着通信还是失败

[root@localhost ~]# ip addr add 10.20.1.15/24 dev br0
[root@localhost ~]# ifconfig br0
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.20.1.15  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::c84b:56ff:fe15:5897  prefixlen 64  scopeid 0x20<link>
        ether ea:33:53:7f:c0:89  txqueuelen 1000  (Ethernet)
        RX packets 5  bytes 196 (196.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# ping -c1 10.20.1.20
PING 10.20.1.20 (10.20.1.20) 56(84) bytes of data.
From 10.20.1.10 icmp_seq=1 Destination Host Unreachable

--- 10.20.1.20 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms

[root@localhost ~]# 

　　8. 删除veth0的默认路由，接着通信成功

[root@localhost ~]# ip route show |grep "10.20.1.0"
10.20.1.0/24 dev veth0 proto kernel scope link src 10.20.1.10 
10.20.1.0/24 dev br0 proto kernel scope link src 10.20.1.15 
[root@localhost ~]# ip route del 10.20.1.0/24 dev veth0
[root@localhost ~]# ip route show |grep "10.20.1.0"
10.20.1.0/24 dev br0 proto kernel scope link src 10.20.1.15 
[root@localhost ~]# ping -c1 10.20.1.20
PING 10.20.1.20 (10.20.1.20) 56(84) bytes of data.
64 bytes from 10.20.1.20: icmp_seq=1 ttl=64 time=0.059 ms

--- 10.20.1.20 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.059/0.059/0.059/0.000 ms
[root@localhost ~]# 

　　9.同理可把物理网卡桥接到网桥