溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊(cè)×
其他方式登錄
點(diǎn)擊 登錄注冊(cè) 即表示同意《億速云用戶服務(wù)條款》

Docker系列5:網(wǎng)絡(luò)名稱空間管理

發(fā)布時(shí)間:2020-06-21 19:43:06 來源:網(wǎng)絡(luò) 閱讀:228 作者:zxhk 欄目:云計(jì)算

一、ip命令介紹

ip命令是iproute軟件的程序

[root@host1?~]#?yum?install?iproute?-y?
[root@host1?~]#?rpm?-q?iproute
iproute-4.11.0-25.el7_7.2.x86_64

通過ip可以實(shí)現(xiàn)管理網(wǎng)絡(luò)名稱空間

[root@host1?~]#?ip
Usage:?ip?[?OPTIONS?]?OBJECT?{?COMMAND?|?help?}
???????ip?[?-force?]?-batch?filename
where??OBJECT?:=?{?link?|?address?|?addrlabel?|?route?|?rule?|?neigh?|?ntable?|
???????????????????tunnel?|?tuntap?|?maddress?|?mroute?|?mrule?|?monitor?|?xfrm?|
???????????????????netns?|?l2tp?|?fou?|?macsec?|?tcp_metrics?|?token?|?netconf?|?ila?|
???????????????????vrf?}
???????OPTIONS?:=?{?-V[ersion]?|?-s[tatistics]?|?-d[etails]?|?-r[esolve]?|
????????????????????-h[uman-readable]?|?-iec?|
????????????????????-f[amily]?{?inet?|?inet6?|?ipx?|?dnet?|?mpls?|?bridge?|?link?}?|
????????????????????-4?|?-6?|?-I?|?-D?|?-B?|?-0?|
????????????????????-l[oops]?{?maximum-addr-flush-attempts?}?|?-br[ief]?|
????????????????????-o[neline]?|?-t[imestamp]?|?-ts[hort]?|?-b[atch]?[filename]?|
????????????????????-rc[vbuf]?[size]?|?-n[etns]?name?|?-a[ll]?|?-c[olor]}

  • OBJECT中的netns可以用來設(shè)置網(wǎng)絡(luò)名稱空間

netns的使用幫助如下

[root@host1?~]#?ip?netns?help
Usage:?ip?netns?list
???????ip?netns?add?NAME
???????ip?netns?set?NAME?NETNSID
???????ip?[-all]?netns?delete?[NAME]
???????ip?netns?identify?[PID]
???????ip?netns?pids?NAME
???????ip?[-all]?netns?exec?[NAME]?cmd?...
???????ip?netns?monitor
???????ip?netns?list-id

二、ip命令的使用

創(chuàng)建兩個(gè)名稱空間并查看一下

[root@host1?~]#?ip?netns?add?r1
[root@host1?~]#?ip?netns?add?r2
[root@host1?~]#?ip?netns?list
r2
r1

查看網(wǎng)絡(luò)名稱空間中有幾個(gè)網(wǎng)卡

  • 其實(shí)就是在網(wǎng)絡(luò)名稱空間中執(zhí)行ip addr命令,需要加選項(xiàng)-a

  • 在網(wǎng)絡(luò)名稱空間執(zhí)行命令是用exec

[root@host1?~]#?ip?netns?exec?r1?ip?addr
1:?lo:?<LOOPBACK>?mtu?65536?qdisc?noop?state?DOWN?group?default?qlen?1000
????link/loopback?00:00:00:00:00:00?brd?00:00:00:00:00:00

創(chuàng)建網(wǎng)卡對(duì)

  • 用的命令是ip link?

[root@host1?~]#?ip?link?help
Usage:?ip?link?add?[link?DEV]?[?name?]?NAME
???????????????????[?txqueuelen?PACKETS?]
???????????????????[?address?LLADDR?]
???????????????????[?broadcast?LLADDR?]
???????????????????[?mtu?MTU?]?[index?IDX?]
???????????????????[?numtxqueues?QUEUE_COUNT?]
???????????????????[?numrxqueues?QUEUE_COUNT?]
???????????????????type?TYPE?[?ARGS?]

創(chuàng)建一對(duì)網(wǎng)卡,兩端分別為veth2.1和veth2.2

[root@host1?~]#?ip?link?add?name?veth2.1?type?veth?peer?name?veth2.2

[root@host1?~]#?ip?link?show?|?grep?veth2.*
7:?veth2.2@veth2.1:?<BROADCAST,MULTICAST,M-DOWN>?mtu?1500?qdisc?noop?state?DOWN?mode?DEFAULT?group?default?qlen?1000
8:?veth2.1@veth2.2:?<BROADCAST,MULTICAST,M-DOWN>?mtu?1500?qdisc?noop?state?DOWN?mode?DEFAULT?group?default?qlen?1000

  • type veth:指定創(chuàng)建的是虛擬以太網(wǎng)卡

為名稱空間分配虛擬網(wǎng)卡

  • 用的命令是ip link set

  • 一旦將某個(gè)虛擬網(wǎng)卡分配到某個(gè)名稱空間,在物理機(jī)中就看不到這個(gè)網(wǎng)卡了

將veth2.1保留在物理機(jī),將veth2.2分配到r1名稱空間

[root@host1?~]#?ip?link?set?veth2.2?netns?r1

[root@host1?~]#?ip?netns?exec?r1?ip?addr
1:?lo:?<LOOPBACK>?mtu?65536?qdisc?noop?state?DOWN?group?default?qlen?1000
????link/loopback?00:00:00:00:00:00?brd?00:00:00:00:00:00
7:?veth2.2@if8:?<BROADCAST,MULTICAST>?mtu?1500?qdisc?noop?state?DOWN?group?default?qlen?1000
????link/ether?4e:f2:68:33:47:a1?brd?ff:ff:ff:ff:ff:ff?link-netnsid?0

[root@host1?~]#?ip?link?show?|?grep?veth2.*
8:?veth2.1@if7:?<BROADCAST,MULTICAST>?mtu?1500?qdisc?noop?state?DOWN?mode?DEFAULT?group?default?qlen?1000

也可以修改虛擬網(wǎng)卡的名稱,例如將r1中的veth2.2改名為eth0

[root@host1?~]#?ip?netns?exec?r1?ip?link?set?dev?veth2.2?name?eth0
[root@host1?~]#?ip?netns?exec?r1?ip?addr
1:?lo:?<LOOPBACK>?mtu?65536?qdisc?noop?state?DOWN?group?default?qlen?1000
????link/loopback?00:00:00:00:00:00?brd?00:00:00:00:00:00
7:?eth0@if8:?<BROADCAST,MULTICAST>?mtu?1500?qdisc?noop?state?DOWN?group?default?qlen?1000
????link/ether?4e:f2:68:33:47:a1?brd?ff:ff:ff:ff:ff:ff?link-netnsid?0

將veth2.1地址設(shè)置為10.0.0.1/8,將r1中的eth0地址地址設(shè)置為10.0.0.2/8

[root@host1?~]#?ip?addr?add?10.0.0.1/8?dev?veth2.1
[root@host1?~]#?ip?netns?exec?r1?ip?addr?add?10.0.0.2/8?dev?eth0
[root@host1?~]#?ip?addr?show?veth2.1
8:?veth2.1@if7:?<BROADCAST,MULTICAST>?mtu?1500?qdisc?noop?state?DOWN?group?default?qlen?1000
????link/ether?1e:62:af:a2:bc:6d?brd?ff:ff:ff:ff:ff:ff?link-netnsid?1
????inet?10.0.0.1/8?scope?global?veth2.1
???????valid_lft?forever?preferred_lft?forever
???????
[root@host1?~]#?ip?netns?exec?r1?ip?addr?show?eth0
7:?eth0@if8:?<BROADCAST,MULTICAST>?mtu?1500?qdisc?noop?state?DOWN?group?default?qlen?1000
????link/ether?4e:f2:68:33:47:a1?brd?ff:ff:ff:ff:ff:ff?link-netnsid?0
????inet?10.0.0.2/8?scope?global?eth0
???????valid_lft?forever?preferred_lft?forever

此時(shí)兩個(gè)網(wǎng)卡都是down狀態(tài),解決方法如下

[root@host1?~]#?ip?link?set?veth2.1?up
[root@host1?~]#?ip?netns?exec?r1?ip?link?set?eth0?up

也可以將veth2.1放入另一個(gè)名稱空間,這樣兩個(gè)名稱空間就可以通信了

[root@host1?~]#?ip?link?set?veth2.1?netns?r2
[root@host1?~]#?ip?netns?exec?r2?ip?link?set?veth2.1?up



向AI問一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場,如果涉及侵權(quán)請(qǐng)聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI