namespace通过GRE tunnel交互

既然只要封装,就能够通过隧道进行交互,那么namespace里假如已经有网卡通过Linux Bridge进行通信,其他网卡应该都可以通过隧道进行传输,做个小的测试

创建两个namespace

lihui@Debian8:~$ sudo ip netns add ns0
lihui@Debian8:~$ sudo ip netns add ns1

创建两对veth网卡

lihui@Debian8:~$ sudo ip link add name veth0 type veth peer name veth00
lihui@Debian8:~$ sudo ip link add name veth1 type veth peer name veth11

两个namespace里一边塞一个网卡

lihui@Debian8:~$ sudo ip link set veth0 netns ns0
lihui@Debian8:~$ sudo ip link set veth1 netns ns1

分别配置一个IP地址

lihui@Debian8:~$ sudo ip netns exec ns0 ifconfig veth0 10.10.10.10/24 up
lihui@Debian8:~$ sudo ip netns exec ns1 ifconfig veth1 10.10.10.11/24 up

创建Linux bridge

lihui@Debian8:~$ sudo brctl addbr newbr

将上面一边塞的一个网卡peer的另一半绑到Linux bridge上,并都UP

lihui@Debian8:~$ sudo brctl addif newbr veth00
lihui@Debian8:~$ sudo brctl addif newbr veth11
lihui@Debian8:~$ sudo ifconfig veth00 up
lihui@Debian8:~$ sudo ifconfig veth11 up

给bridge分配IP地址

ihui@Debian8:~$ sudo ifconfig newbr 10.10.10.1

这样两个namespace里的两个网卡都能够借助bridge进行通信了

lihui@Debian8:~$ sudo ip netns exec ns0 ping 10.10.10.11
PING 10.10.10.11 (10.10.10.11) 56(84) bytes of data.
64 bytes from 10.10.10.11: icmp_seq=1 ttl=64 time=0.075 ms
64 bytes from 10.10.10.11: icmp_seq=2 ttl=64 time=0.058 ms
^C
--- 10.10.10.11 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.058/0.066/0.075/0.011 ms

 

下面两个namespace里的其它任意网卡,也可以通过创建GRE隧道,来进行通信

加载内核模块

lihui@Debian8:~$ lsmod | grep gre
gre                    12777  1 openvswitch
lihui@Debian8:~$ sudo modprobe ip_gre
lihui@Debian8:~$ lsmod | grep gre
ip_gre                 17563  0
ip_tunnel              21463  1 ip_gre
gre                    12777  2 ip_gre,openvswitch

随意创建两对veth网卡

lihui@Debian8:~$ sudo ip link add name veth000 type veth peer name veth0000
lihui@Debian8:~$ sudo ip link add name veth111 type veth peer name veth1111

每对里塞一个到namespace里

lihui@Debian8:~$ sudo ip link set veth000 netns ns0
lihui@Debian8:~$ sudo ip link set veth111 netns ns1

给两个网卡分配IP地址

lihui@Debian8:~$ sudo ip netns exec ns0 ifconfig veth000 1.2.3.4/24 up
lihui@Debian8:~$ sudo ip netns exec ns1 ifconfig veth111 4.3.2.1/24 up

下面目的就是要1.2.3.4和4.3.2.1进行通信,当前肯定是无法通信的

lihui@Debian8:~$ sudo ip netns exec ns0 ping 4.3.2.1
connect: Network is unreachable

ns0里创建GRE隧道

lihui@Debian8:~$ sudo ip netns exec ns0 ip tunnel add tun0 mode gre remote 10.10.10.11 local 10.10.10.10 ttl 255
lihui@Debian8:~$ sudo ip netns exec ns0 ip link set tun0 up
lihui@Debian8:~$ sudo ip netns exec ns0 ip addr add 1.2.3.4 peer 4.3.2.1 dev tun0

ns1里创建GRE隧道

lihui@Debian8:~$ sudo ip netns exec ns1 ip tunnel add tun0 mode gre remote 10.10.10.10 local 10.10.10.11 ttl 255
lihui@Debian8:~$ sudo ip netns exec ns1 ip link set tun0 up
lihui@Debian8:~$ sudo ip netns exec ns1 ip addr add 4.3.2.1 peer 1.2.3.4 dev tun0

最后互ping就都OK了

lihui@Debian8:~$ sudo ip netns exec ns0 ping 4.3.2.1
PING 4.3.2.1 (4.3.2.1) 56(84) bytes of data.
64 bytes from 4.3.2.1: icmp_seq=1 ttl=64 time=0.080 ms
64 bytes from 4.3.2.1: icmp_seq=2 ttl=64 time=0.075 ms
^C
--- 4.3.2.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.075/0.077/0.080/0.009 ms
lihui@Debian8:~$ sudo ip netns exec ns1 ping 1.2.3.4
PING 1.2.3.4 (1.2.3.4) 56(84) bytes of data.
64 bytes from 1.2.3.4: icmp_seq=1 ttl=64 time=0.059 ms
64 bytes from 1.2.3.4: icmp_seq=2 ttl=64 time=0.072 ms
64 bytes from 1.2.3.4: icmp_seq=3 ttl=64 time=0.075 ms
^C

 

如此一来,两个namespace里任意网卡,任意IP都可以进行通信了

这里仅仅是做个测试,实际用途到另当别论

发表评论