Ip Netns Br


原文链接: Ip Netns Br

虚拟网络设备

Linux提供了许多虚拟设备,这些虚拟设备有助于构建复杂的网络拓扑,满足各种网络需求。

网桥(bridge)

网桥是一个二层设备,工作在链路层,主要是根据MAC学习来转发数据到不同的port。

# 创建网桥
brctl addbr br0
# 添加设备到网桥
brctl addif br0 eth1
# 查询网桥mac表
brctl showmacs br0

veth

veth pair是一对虚拟网络设备,一端发送的数据会由另外一端接受,常用于不同的网络命名空间。

# 创建veth pair
ip link add veth0 type veth peer name veth1

# 将veth1放入另一个netns
ip link set veth1 netns newns

TAP/TUN

TAP/TUN设备是一种让用户态程序向内核协议栈注入数据的设备,TAP等同于一个以太网设备,工作在二层;而TUN则是一个虚拟点对点设备,工作在三层。

ip tuntap add tap0 mode tap
ip tuntap add tun0 mode tun

Topology

communicate between 2 namespaces through a Linux bridge

ns2 tap2 ----------br-tap2 br88 br-tap3-------------tap3 ns3

Prerequisite

  • VirtualBox Network on Internal mode

Manipulation

  • create 2 network namespaces:

    ip netns add ns2
    ip netns add ns3
    ip netns list
    
  • create 2 veth pairs:

    ip link add dev tap2 type veth peer name br-tap2
    ip link add dev tap3 type veth peer name br-tap3
    
  • set veth to the namespaces:

    ip link set tap2 netns ns2
    ip link set tap3 netns ns3
    
  • create and setup a Linux bridge br88:

    brctl addbr br88
    brctl showmacs br88
    brctl addif br88 br-tap2
    brctl addif br88 br-tap3
    brctl showmacs br88
    
  • activate all the devices:

    ip link set dev br-tap2 up
    ip link set dev br-tap3 up
    ip link set dev br88 up
    ip netns exec ns2 ip link set dev lo up
    ip netns exec ns2 ip link set dev tap2 up
    ip netns exec ns3 ip link set dev lo up
    ip netns exec ns3 ip link set dev tap3 up
    brctl showmacs br88
    
  • associate IP addresses to the devices:

    ip netns exec ns2 ip addr add 192.168.88.2/24 dev tap2
    ip netns exec ns3 ip addr add 192.168.88.3/24 dev tap3
    

The script can be found here and the cleanup script is here

Test

ip netns exec ns2 ping 192.168.88.3

Bug

In VirtualBox with NAT or Bridge network mode, maybe the ping doesn't work

  • solution: activate forwarding in the VM: iptables -P FORWARD ACCEPT
`