Linux Namespace(网络命名空间)系列二 --- 使用 Open vSwitch 和网络命名空间搭建虚拟网络
文章目录
- 步骤 1:查看初始网络接口
- 步骤 2:创建网络命名空间
- 步骤 3:检查命名空间网络接口并创建 OVS 桥
- 步骤 4:创建虚拟以太网对(veth)
- 步骤 5:将 veth 接口分配到命名空间
- 步骤 6:将 veth 接口连接到 OVS 桥
- 步骤 7:配置命名空间中的接口
- 步骤 8:启用主机端的 veth 接口
- 步骤 9:测试连通性
- 总结
在这篇文章中,我将分享一个基于 Linux 网络命名空间(network namespace)和 Open vSwitch(OVS)搭建简单虚拟网络的实验过程。通过这个实验,我们可以创建一个桥接网络,并在两个独立的命名空间中实现通信。以下是我的实验步骤和相关输出,供大家参考。
以下将是我们将利用namespace结合open vSwitch实现的拓扑图:
+---------------------------------------+
| Host |
| |
| +---------------------+ |
| | OVS1 | |
| | (Open vSwitch Bridge)| |
| +---------------------+ |
| | | |
| | Port: veth-r Port: veth-g |
| +----------+ +----------+ |
| | | |
+---------------------------------------+
| |
| |
| |
+--------------------+ +--------------------+
| red Namespace | | green Namespace |
| | | |
| +-------------+ | | +-------------+ |
| | eth0-r | | | | eth0-g | |
| | 10.0.0.1/24 | | | | 10.0.0.2/24 | |
| +-------------+ | | +-------------+ |
| (veth pair end) | | (veth pair end) |
+---------------------+ +--------------------+
步骤 1:查看初始网络接口
首先,我使用 ip link 查看了主机的初始网络接口状态:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 08:00:27:aa:ab:98 brd ff:ff:ff:ff:ff:ff
可以看到,主机有一个环回接口 lo 和一个物理接口 enp0s3,状态正常。
步骤 2:创建网络命名空间
接下来,我创建了两个网络命名空间,分别命名为 red 和 green:
ip netns add red
ip netns add green
ip netns list
输出显示:
red
green
通过 ls /var/run/netns 确认命名空间已创建成功:
green red
步骤 3:检查命名空间网络接口并创建 OVS 桥
在每个命名空间中运行 ip link,查看初始网络接口:
ip netns exec red ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
ip netns exec green ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
此时,每个命名空间只有一个未启用的环回接口 lo。
然后,我使用 Open vSwitch 创建了一个名为 OVS1 的桥:
ovs-vsctl add-br OVS1
ovs-vsctl list-br
输出:
OVS1
通过 ovs-vsctl show 查看桥的详细信息:
b1223b21-2efa-4147-bea2-8faa93333652
Bridge OVS1
Port OVS1
Interface OVS1
type: internal
ovs_version: "3.3.0"
b1223b21-2efa-4147-bea2-8faa93333652
Bridge OVS1
Port OVS1
Interface OVS1
type: internal
ovs_version: "3.3.0"
此时,主机上的 ip link 输出多了 OVS 相关接口:
ip link
.....
7: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 62:a1:7e:64:33:91 brd ff:ff:ff:ff:ff:ff
8: OVS1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 1a:ec:89:a4:14:4a brd ff:ff:ff:ff:ff:ff
步骤 4:创建虚拟以太网对(veth)
我创建了两对虚拟以太网(veth)接口,分别用于 red 和 green 命名空间:
ip link add eth0-r type veth peer name veth-r
ip link add eth0-g type veth peer name veth-g
运行 ip link 查看:
9: veth-r@eth0-r: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether ba:bc:94:a6:03:78 brd ff:ff:ff:ff:ff:ff
10: eth0-r@veth-r: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 16:41:f4:6c:6e:2c brd ff:ff:ff:ff:ff:ff
11: veth-g@eth0-g: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 12:2b:52:27:b7:a8 brd ff:ff:ff:ff:ff:ff
12: eth0-g@veth-g: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether ea:21:4a:e2:eb:20 brd ff:ff:ff:ff:ff:ff
每对 veth 接口包含两个端点,例如 veth-r 和 eth0-r 是互连的。
步骤 5:将 veth 接口分配到命名空间
将 eth0-r 和 eth0-g 分别移动到 red 和 green 命名空间:
ip link set eth0-r netns red
ip link set eth0-g netns green
主机上的 ip link 输出显示:
9: veth-r@if10: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether ba:bc:94:a6:03:78 brd ff:ff:ff:ff:ff:ff link-netns red
11: veth-g@if12: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 12:2b:52:27:b7:a8 brd ff:ff:ff:ff:ff:ff link-netns green
在命名空间中检查:
ip netns exec red ip link
10: eth0-r@if9: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 16:41:f4:6c:6e:2c brd ff:ff:ff:ff:ff:ff link-netnsid 0
ip netns exec green ip link
12: eth0-g@if11: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether ea:21:4a:e2:eb:20 brd ff:ff:ff:ff:ff:ff link-netnsid 0
步骤 6:将 veth 接口连接到 OVS 桥
将主机端的 veth-r 和 veth-g 添加到 OVS1 桥:
ovs-vsctl add-port OVS1 veth-r
ovs-vsctl add-port OVS1 veth-g
查看 OVS 配置:
b1223b21-2efa-4147-bea2-8faa93333652
Bridge OVS1
Port veth-g
Interface veth-g
Port veth-r
Interface veth-r
Port OVS1
Interface OVS1
type: internal
主机 ip link 输出显示接口已绑定到 ovs-system:
9: veth-r@if10: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master ovs-system state DOWN mode DEFAULT group default qlen 1000
link/ether ba:bc:94:a6:03:78 brd ff:ff:ff:ff:ff:ff link-netns red
11: veth-g@if12: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master ovs-system state DOWN mode DEFAULT group default qlen 1000
link/ether 12:2b:52:27:b7:a8 brd ff:ff:ff:ff:ff:ff link-netns green
步骤 7:配置命名空间中的接口
在 red 命名空间中启用接口并分配 IP:
ip netns exec red ip link set dev eth0-r up
ip netns exec red ip address add 10.0.0.1/24 dev eth0-r
检查:
ip netns exec red ip a
10: eth0-r@if9: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
inet 10.0.0.1/24 scope global eth0-r
在 green 命名空间中执行类似操作:
ip netns exec green ip link set dev lo up
ip netns exec green ip link set dev eth0-g up
ip netns exec green ip address add 10.0.0.2/24 dev eth0-g
检查:
ip netns exec green ip a
12: eth0-g@if11: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
inet 10.0.0.2/24 scope global eth0-g
步骤 8:启用主机端的 veth 接口
在主机上启用 veth-r 和 veth-g:
ip link set veth-r up
ip link set veth-g up
检查状态:
9: veth-r@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master ovs-system state UP mode DEFAULT group default qlen 1000
11: veth-g@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master ovs-system state UP mode DEFAULT group default qlen 1000
命名空间中的接口状态也变为 UP:
ip netns exec red ip link
10: eth0-r@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
ip netns exec green ip link
12: eth0-g@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
步骤 9:测试连通性
在 green 命名空间中 ping 10.0.0.2(自身 IP),验证接口正常:
ip netns exec red ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.546 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.082 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.089 ms
结果显示 ping 成功。
总结
通过以上步骤,我成功搭建了一个基于 OVS 和网络命名空间的简单虚拟网络。red 和 green 两个命名空间通过 veth 接口和 OVS 桥连接,接口状态正常。