network namespace is logically another copy of the network stack, with its own routes, firewall rules, and network devices.
ns是网络栈的一个逻辑副本,有自己的路由、防火墙规则和网络设备。
We can use network namespace to isolate networks.
我们用ns来隔离网络。
举例:
复杂的例子,802.1q:
802.1q协议也就是“Virtual Bridged Local Area Networks”(虚拟桥接局域网,简称“虚拟局域网”)协议,主要规定了VLAN的实现方法
cat start-topo.sh
#! /bin/bash
sudo modprobe 8021q
sudo ip netns add h1
sudo ip netns add h2
sudo ip netns add h3
sudo ip netns add h4
sudo ip link add h1_eth0 type veth peer name s1_eth1
sudo ip link add h2_eth0 type veth peer name s1_eth2
sudo ip link add h3_eth0 type veth peer name s1_eth3
sudo ip link add h4_eth0 type veth peer name s1_eth4
sudo ip link set h1_eth0 netns h1
sudo ip link set h2_eth0 netns h2
sudo ip link set h3_eth0 netns h3
sudo ip link set h4_eth0 netns h4
sudo ip netns exec h1 ifconfig lo up
sudo ip netns exec h2 ifconfig lo up
sudo ip netns exec h3 ifconfig lo up
sudo ip netns exec h4 ifconfig lo up
sudo ip netns exec h1 ifconfig h1_eth0 up
sudo ip netns exec h2 ifconfig h2_eth0 up
sudo ip netns exec h3 ifconfig h3_eth0 up
sudo ip netns exec h4 ifconfig h4_eth0 up
sudo ip netns exec h1 vconfig add h1_eth0 101
sudo ip netns exec h2 vconfig add h2_eth0 101
sudo ip netns exec h3 vconfig add h3_eth0 102
sudo ip netns exec h4 vconfig add h4_eth0 102
sudo ip netns exec h1 ifconfig h1_eth0.101 192.168.0.101/24 up
sudo ip netns exec h2 ifconfig h2_eth0.101 192.168.0.102/24 up
sudo ip netns exec h3 ifconfig h3_eth0.102 192.168.0.103/24 up
sudo ip netns exec h4 ifconfig h4_eth0.102 192.168.0.104/24 up
sudo ovs-vsctl add-br s1
sudo ovs-vsctl add-port s1 eth0
sudo ovs-vsctl set port eth0 trunks=101,102
sudo ovs-vsctl add-port s1 s1_eth1 -- set Interface s1_eth1 ofport_request=101
sudo ovs-vsctl add-port s1 s1_eth2 -- set Interface s1_eth2 ofport_request=102
sudo ovs-vsctl add-port s1 s1_eth3 -- set Interface s1_eth3 ofport_request=103
sudo ovs-vsctl add-port s1 s1_eth4 -- set Interface s1_eth4 ofport_request=104
sudo ifconfig s1_eth1 up
sudo ifconfig s1_eth2 up
sudo ifconfig s1_eth3 up
sudo ifconfig s1_eth4 up
查看ovs网桥
# sudo ovs-vsctl show
97300b24-0486-4520-aae9-13a4b940a2be
Bridge "s1"
Controller "tcp:127.0.0.1"
Port "s1"
Interface "s1"
type: internal
Port "s1_eth2"
Interface "s1_eth2"
Port "s1_eth4"
Interface "s1_eth4"
Port "s1_eth3"
Interface "s1_eth3"
Port "eth0"
trunks: [101, 102]
Interface "eth0"
Port "s1_eth1"
Interface "s1_eth1"
ovs_version: "2.4.90"
查看流量:
sudo ovs-ofctl show s1
OFPT_FEATURES_REPLY (xid=0x2): dpid:000050e54942f540
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
1(eth0): addr:50:e5:49:42:f5:40
config: 0
state: 0
current: 1GB-FD AUTO_NEG
advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-HD 1GB-FD COPPER AUTO_NEG AUTO_PAUSE AUTO_PAUSE_ASYM
supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-HD 1GB-FD COPPER AUTO_NEG
speed: 1000 Mbps now, 1000 Mbps max
101(s1_eth1): addr:fa:26:b7:71:2a:50
config: 0
state: 0
current: 10GB-FD COPPER
speed: 10000 Mbps now, 0 Mbps max
102(s1_eth2): addr:26:b1:a4:a9:ee:44
config: 0
state: 0
current: 10GB-FD COPPER
speed: 10000 Mbps now, 0 Mbps max
103(s1_eth3): addr:6a:04:c0:61:94:75
config: 0
state: 0
current: 10GB-FD COPPER
speed: 10000 Mbps now, 0 Mbps max
104(s1_eth4): addr:9e:a2:3d:e4:95:ff
config: 0
state: 0
current: 10GB-FD COPPER
speed: 10000 Mbps now, 0 Mbps max
LOCAL(s1): addr:50:e5:49:42:f5:40
config: PORT_DOWN
state: LINK_DOWN
speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
弄完后清除痕迹:
sudo ovs-vsctl del-br s1
sudo ip netns del h1
sudo ip netns del h2
sudo ip netns del h3
sudo ip netns del h4
sudo rmmod 8021q