Linux虚拟网络基础——namespace
程序员文章站
2022-07-09 23:02:40
...
一 介绍
namespace是Linux虚拟网络中一个重要概念。传统的Linux的许多资源是全局的,比如进程ID资源。而namespace的目的首先就是将这些资源做资源隔离。Linux可以在一个Host内创建许多namespace,于是那些原本是Linux全局的资源,就变成了namespace范围的“全局”资源,而且不同namespace的资源互相不可见、彼此透明。
Linux具体将哪些全局资源做了隔离呢?看Linux相应的代码最直接,最直观。
struct nsproxy {
atomic_t count;
struct uts_namespace *uts_ns;
struct ipc_namespace *ipc_ns;
struct mnt_namespace *mnt_ns;
struct pid_namespace *pid_ns;
struct user_namespace *user_ns;
struct net *net_ns;
};以上6个资源,就是Linux namespace所隔离的资源,其基本含义如下表
从资源隔离的角度,Linux namespace的示意图如下
每个namespace里面将来是全局资源进行了隔离,彼此互相不可见。同时在Linux的Host或者VM中,当然也会有一套相关资源。
单纯从网络的视角来看,一个namespace提供了一份独立的网络协议栈(网络设备接口、IPv4、IPv6、IP路由、防火墙、sockets等)。一个设备(Linux Device)只能位于一个namespace中,不同namespace中的设备可以利用veth pair进行桥接。
二 实战
#Linux操作namespace的命令是ip netns。这个命令的帮助如下:
[[email protected] ~]# ip netns help
Usage: ip netns list
ip netns add NAME
ip netns set NAME NETNSID
ip [-all] netns delete [NAME]
ip netns identify [PID]
ip netns pids NAME
ip [-all] netns exec [NAME] cmd ...
ip netns monitor
ip netns list-id
#首先查看一下当前的namespace列表,输出为空
[[email protected] ~]# ip netns list
#创建一个namespace,名字为ns_test
[[email protected] ~]# ip netns add ns_test
#再次查看
[[email protected] ~]# ip netns list
ns_test
#把创建好的虚拟设备tap_test迁移到这个namespace里去
[[email protected] ~]# ip link set tap_test netns ns_test
#原来host中的tap_test消失了
[[email protected] ~]# ip link list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 08:00:27:12:f4:ac brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 500
link/ether 52:54:00:1b:2a:d5 brd ff:ff:ff:ff:ff:ff
#在ns_test里执行ip link list
[[email protected] ~]# ip netns exec ns_test ip link list
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
5: tap_test: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 500
link/ether c2:b2:b9:0e:6e:ec brd ff:ff:ff:ff:ff:ff
#在ns_test里执行ifconfig -a
[[email protected] ~]# ip netns exec ns_test ifconfig -a
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tap_test: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether c2:b2:b9:0e:6e:ec txqueuelen 500 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#绑定IP地址
[[email protected] ~]# ip netns exec ns_test ifconfig tap_test 192.168.50.1/24 up
#查看IP地址
[[email protected] ~]# ip netns exec ns_test ifconfig -a
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tap_test: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.50.1 netmask 255.255.255.0 broadcast 192.168.50.255
ether c2:b2:b9:0e:6e:ec txqueuelen 500 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0上一篇: 浅谈namespace
下一篇: Java零基础入门学习!