• 容器网络专题(一)


    本期重点 认识 

    veth - Virtual Ethernet Device

    The veth devices are virtual Ethernet devices. They can act as tunnels between network namespaces to create a bridge to a physical network device in another namespace, but can also be used as standalone network devices.

    像隧道一样连接 不同的 netns 。隧道中不会对数据包进行修改

    自内核3.8以后 linux 定义了6大命名空间  

    UTS    主机和域名

    IPC     信号量、消息队列和共享内容

    PID     进程编号

    network   网络设备、网络栈、端口等

    mount    挂载点(文件系统)

    user     用户和用户组

    clone()  setns()  unshare()  三个 系统函数定义了 命名空间三个基础操作

    veth 与其中 network ns 紧密相关

    实操

    创建一对veth  进行绑定 其中一组放入 netns song中  操作如下

    ip link add veth0 type veth peer name veth1 ip link list ip link set dev veth0 up ip link set dev veth1 up
    ifconfig veth0 192.168.122.101/24 ip netns add song ip link set veth1 netns song
    ip netns exec song
    ifconfig veth1 192.168.122.102/24
    创建桥连网卡 br0

      ip link add name br0 type bridge   |  brctl  addbr  br0
      ip link set br0 up
      把veth0 网卡连接到br0

        方法一

          ip link set dev veth0 master br0

        方法二

          brctl addif br0 veth0


    
    

    [root@kuberspary ~]# ip a
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
    valid_lft forever preferred_lft forever
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:3c:51:f0 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.10/24 brd 192.168.122.255 scope global noprefixroute eth0
    valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe3c:51f0/64 scope link
    valid_lft forever preferred_lft forever
    3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:58:6f:81:e5 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
    valid_lft forever preferred_lft forever
    8: veth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default qlen 1000
    link/ether 3e:78:e0:5b:4a:85 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.122.101/24 brd 192.168.122.10255 scope global veth0
    valid_lft forever preferred_lft forever
    inet6 fe80::3c78:e0ff:fe5b:4a85/64 scope link
    valid_lft forever preferred_lft forever
    9: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 3e:78:e0:5b:4a:85 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::8039:68ff:fee4:fb6a/64 scope link
    valid_lft forever preferred_lft forever
      

    [root@kuberspary ~]# ip netns exec song ip a

    1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    7: veth1@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether f2:05:c3:82:ae:5e brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.122.102/24 brd 192.168.122.10255 scope global veth1
    valid_lft forever preferred_lft forever
    inet6 fe80::f005:c3ff:fe82:ae5e/64 scope link
    valid_lft forever preferred_lft forever

     这时 发现 ping 不通 veth1, 通过抓包我们看一下原因

    [root@kuberspary ~]# tcpdump -n -i veth0
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on veth0, link-type EN10MB (Ethernet), capture size 262144 bytes
    19:00:01.566262 ARP, Request who-has 192.168.122.102 tell 192.168.122.101, length 28
    19:00:01.566345 ARP, Reply 192.168.122.102 is-at f2:05:c3:82:ae:5e, length 28
    19:00:02.568159 ARP, Request who-has 192.168.122.102 tell 192.168.122.101, length 28
    19:00:02.568213 ARP, Reply 192.168.122.102 is-at f2:05:c3:82:ae:5e, length 28
    ^C
    4 packets captured
    4 packets received by filter
    0 packets dropped by kernel
    [root@kuberspary ~]# tcpdump -n -i br0
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on br0, link-type EN10MB (Ethernet), capture size 262144 bytes
    19:00:06.572026 ARP, Reply 192.168.122.102 is-at f2:05:c3:82:ae:5e, length 28
    19:00:08.572488 ARP, Reply 192.168.122.102 is-at f2:05:c3:82:ae:5e, length 28
    ^C
    2 packets captured
    2 packets received by filter
    0 packets dropped by kernel
    [root@kuberspary ~]# ip netns exec song tcpdump -n -i veth1
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on veth1, link-type EN10MB (Ethernet), capture size 262144 bytes
    19:00:29.590284 ARP, Request who-has 192.168.122.102 tell 192.168.122.101, length 28
    19:00:29.590356 ARP, Reply 192.168.122.102 is-at f2:05:c3:82:ae:5e, length 28
    19:00:30.592064 ARP, Request who-has 192.168.122.102 tell 192.168.122.101, length 28
    19:00:30.592096 ARP, Reply 192.168.122.102 is-at f2:05:c3:82:ae:5e, length 28^C

    通过分析以下报文可以看出,包的去和回的流程都没有问题,问题就出在veth0收到应答包后没有给协议栈,而是给了br0,于是协议栈得不到veth1的MAC地址,导致通信失败。

     进行第二步操作 把 veth0 的ip 分配给br0

     ip addr del 192.168.122.101/24 dev veth0

     ip addr add 192.168.122.101/24 dev br0

     这个阶段 br0  无法ping 通网关

     进行第三步操作 把 eth0 分配给br0

     最后一步把eth0 的IP 分配给br0

      逻辑示意图是   br0 连接协议栈和物理网络  veth0 和 eth0 挂载到  br0 上进行通信

  • 相关阅读:
    写一个输入两位数,实现加减乘除的程序。并和同学比较一下各种的功能、实现方法的异同等等。写出自己程序存在的缺陷,以及比别人做的好的地方。
    请下载铁路12306的手机APP,通过使用这款软件,写一篇软件的评测(300字以上),评测内容可以是这个软件的优势,或是你觉得特别好的地方,软件的缺陷、软件可以改进的地方等等
    个人简介
    (1)把一个英语句子中的单词次序颠倒后输出。例如输入“how are you”,输出“you are how”; (2)编写单元测试进行测试; (3)用ElcEmma查看代码覆盖率,要求覆盖率达到100%。
    2、学习单元测试和代码覆盖率工具的使用 (1)写一个程序,用于分析一个字符串中各个单词出现的频率,并将单词和它出现的频率输出显示。(单词之间用空格隔开,如“Hello World My First Unit Test”); (2)编写单元测试进行测试; (3)用ElcEmma查看代码覆盖率,要求覆盖率达到100%。
    实验5
    实验4
    实验3
    实验2
    个人简介
  • 原文地址:https://www.cnblogs.com/leleyao/p/13268962.html
Copyright © 2020-2023  润新知