访问外网,通过地址转换将私有网IP转换成外网gateway
首先,查看网络namespace
~$ sudo ip netns exec qrouter-0aeca8b7-8a38-41b1-ace7-ee9918e2b229 ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
11325: ha-8fb54dc0-ed: mtu 1500 qdisc noqueue state UNKNOWN group default
link/ether fa:16:3e:bd:d9:3a brd ff:ff:ff:ff:ff:ff
inet 10.180.64.27/23 brd 10.180.65.255 scope global ha-8fb54dc0-ed
valid_lft forever preferred_lft forever
inet 10.180.64.1/23 scope global secondary ha-8fb54dc0-ed
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:febd:d93a/64 scope link
valid_lft forever preferred_lft forever
11326: qg-0aeca8b7-8a: mtu 1500 qdisc noqueue state UNKNOWN group default
link/ether 00:16:3e:fe:04:db brd ff:ff:ff:ff:ff:ff
inet 169.254.4.219/24 brd 169.254.4.255 scope global qg-0aeca8b7-8a
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fefe:4db/64 scope link
valid_lft forever preferred_lft forever
3938: tun0: mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.180.66.1/23 scope global tun0
valid_lft forever preferred_lft forever
其中qg是挂载br-ex上的,也就是最终出去的地方
虚拟机里访问外网,然后同时通过tcpdump监听ha-8fb54dc0-ed和qg-0aeca8b7-8a
~$ sudo ip netns exec qrouter-0aeca8b7-8a38-41b1-ace7-ee9918e2b229 tcpdump -i ha-8fb54dc0-ed icmp -en tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ha-8fb54dc0-ed, link-type EN10MB (Ethernet), capture size 65535 bytes 12:54:31.375770 fa:16:3e:00:ac:68 > fa:16:3e:bd:d9:3a, ethertype IPv4 (0x0800), length 98: 10.180.64.87 > 114.114.114.114: ICMP echo request, id 4364, seq 1, length 64 12:54:31.383902 fa:16:3e:bd:d9:3a > fa:16:3e:00:ac:68, ethertype IPv4 (0x0800), length 98: 114.114.114.114 > 10.180.64.87: ICMP echo reply, id 4364, seq 1, length 64 12:54:32.377325 fa:16:3e:00:ac:68 > fa:16:3e:bd:d9:3a, ethertype IPv4 (0x0800), length 98: 10.180.64.87 > 114.114.114.114: ICMP echo request, id 4364, seq 2, length 64 12:54:32.385475 fa:16:3e:bd:d9:3a > fa:16:3e:00:ac:68, ethertype IPv4 (0x0800), length 98: 114.114.114.114 > 10.180.64.87: ICMP echo reply, id 4364, seq 2, length 64 12:54:33.378714 fa:16:3e:00:ac:68 > fa:16:3e:bd:d9:3a, ethertype IPv4 (0x0800), length 98: 10.180.64.87 > 114.114.114.114: ICMP echo request, id 4364, seq 3, length 64 12:54:33.386913 fa:16:3e:bd:d9:3a > fa:16:3e:00:ac:68, ethertype IPv4 (0x0800), length 98: 114.114.114.114 > 10.180.64.87: ICMP echo reply, id 4364, seq 3, length 64
这是在10.180.64.74这个网段上监控的结果
下面就是最终连接到114.114.114.114这个网段上的结果
~$ sudo ip netns exec qrouter-0aeca8b7-8a38-41b1-ace7-ee9918e2b229 tcpdump -i qg-0aeca8b7-8a icmp -en tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on qg-0aeca8b7-8a, link-type EN10MB (Ethernet), capture size 65535 bytes 12:54:31.375802 00:16:3e:fe:04:db > 00:16:3e:fe:04:01, ethertype IPv4 (0x0800), length 98: 169.254.4.219 > 114.114.114.114: ICMP echo request, id 4364, seq 1, length 64 12:54:31.383865 00:16:3e:fe:04:01 > 00:16:3e:fe:04:db, ethertype IPv4 (0x0800), length 98: 114.114.114.114 > 169.254.4.219: ICMP echo reply, id 4364, seq 1, length 64 12:54:32.377380 00:16:3e:fe:04:db > 00:16:3e:fe:04:01, ethertype IPv4 (0x0800), length 98: 169.254.4.219 > 114.114.114.114: ICMP echo request, id 4364, seq 2, length 64 12:54:32.385435 00:16:3e:fe:04:01 > 00:16:3e:fe:04:db, ethertype IPv4 (0x0800), length 98: 114.114.114.114 > 169.254.4.219: ICMP echo reply, id 4364, seq 2, length 64 12:54:33.378765 00:16:3e:fe:04:db > 00:16:3e:fe:04:01, ethertype IPv4 (0x0800), length 98: 169.254.4.219 > 114.114.114.114: ICMP echo request, id 4364, seq 3, length 64 12:54:33.386862 00:16:3e:fe:04:01 > 00:16:3e:fe:04:db, ethertype IPv4 (0x0800), length 98: 114.114.114.114 > 169.254.4.219: ICMP echo reply, id 4364, seq 3, length 64
因此可以看到,这里的数据包的SRC IP地址已经被转换成外网gateway ip了,通过这层地址转换与外部通信
