Linux network devices Veth pair and netns

I'm in the opposite corner 2020-11-07 20:56:06
linux network devices veth pair


Linux Network devices veth pair and netns

The realization of virtual network topology cannot be separated from the participation of virtual network devices , Today we will introduce Linux Network devices on veth pair and netns.

Veth Pair Virtual network interface

veth pari It is a virtual network device interface that appears in pairs , One end is connected to the network protocol stack , One end is connected to each other . As shown in the figure below :

virtual-device-veth-1

Because of this characteristic , It's often used to build virtual network topologies . For example, connect two different network namespace (Network Namespace), Connect docker Container, etc , One of the most common cases is OpenStack Neutron The bottom layer uses it to build very complex network topologies .

To configure veth pair

  1. Create a pair of veth pair

    ip link add veth0 type veth peer name veth1
  2. Start and set the two virtual network cards separately IP

    ip link set veth0 up
    ip addr add 10.0.0.1/24 dev veth0
    ip link set veth1 up
    ip addr add 10.0.0.2/24 dev veth1
  3. The network configuration is shown in the figure below

    veth-pair

Verify the network

  1. Confirm that the network card is started correctly

    # View NIC
    ifconfig
    # Output
    veth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 10.0.0.1 netmask 255.255.255.0 broadcast 0.0.0.0
    inet6 fe80::4880:cff:fe37:b9de prefixlen 64 scopeid 0x20<link>
    ether 4a:80:0c:37:b9:de txqueuelen 1000 (Ethernet)
    RX packets 7 bytes 578 (578.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 7 bytes 578 (578.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
    veth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 10.0.0.2 netmask 255.255.255.0 broadcast 0.0.0.0
    inet6 fe80::c094:68ff:feed:451d prefixlen 64 scopeid 0x20<link>
    ether c2:94:68:ed:45:1d txqueuelen 1000 (Ethernet)
    RX packets 7 bytes 578 (578.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 7 bytes 578 (578.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
  2. test Veth Pair The connectivity of

    # On the host machine ping veth0
    ping 10.0.0.1
    # Output
    PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
    64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.051 ms
    64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.039 ms
    64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.038 ms
    64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=0.044 ms
    ^C
    --- 10.0.0.1 ping statistics ---
    4 packets transmitted, 4 received, 0% packet loss, time 2999ms
    rtt min/avg/max/mdev = 0.038/0.043/0.051/0.005 ms
    # On the host machine ping veth1
    ping 10.0.0.2
    # Output
    PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
    64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.056 ms
    64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.043 ms
    64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.039 ms
    64 bytes from 10.0.0.2: icmp_seq=4 ttl=64 time=0.039 ms
    ^C
    --- 10.0.0.2 ping statistics ---
    4 packets transmitted, 4 received, 0% packet loss, time 2999ms
    rtt min/avg/max/mdev = 0.039/0.044/0.056/0.008 ms

    After taking the above test, you may think :“ What the hell? ? They are all on the same machine. Of course, they can communicate .”
    take it easy , Let's start with another technology ,Network Namespace, Find a way to put it in a different place .

Network Namespce Network namespace

Linux 3.8 The kernel includes 6 Name space :

Namespace describe
Mount(mnt) Isolate mount points
Process ID(process) Separation process ID
Network(net) Isolate network devices 、 Protocol stack 、 Port, etc
InterProcess Communication(ipc) Isolate interprocess communication
UTS Isolation Hostname and NIS domain name
User ID(user) Isolate users and group ID

Among them, the network namespace is what we want to learn today .

Configure network namespace

  1. Create two network namespace

    ip netns add ns0
    ip netns add ns1
  2. Virtual network card veth0 and veth1 Move to ns0 and ns1 In the network namespace

    ip link set veth0 netns ns0
    ip link set veth1 netns ns1
  3. The network configuration is shown in the figure below , It's not visible on the host machine veth0 and veth1 Of course.

    netns0

Verify the network

  1. Test network connectivity

    # On the host machine ping veth0
    ping 10.0.0.1
    # Output
    PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
    From 10.0.0.1 icmp_seq=1 Destination Host Unreachable
    From 10.0.0.1 icmp_seq=2 Destination Host Unreachable
    From 10.0.0.1 icmp_seq=3 Destination Host Unreachable
    From 10.0.0.1 icmp_seq=4 Destination Host Unreachable
    # On the host machine ping veth1
    ping 10.0.0.2
    # Output
    PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
    From 10.0.0.2 icmp_seq=1 Destination Host Unreachable
    From 10.0.0.2 icmp_seq=2 Destination Host Unreachable
    From 10.0.0.2 icmp_seq=3 Destination Host Unreachable
    From 10.0.0.2 icmp_seq=4 Destination Host Unreachable
    # stay ns0 in ping own
    ip netns exec ns0 ping 10.0.0.1
    # Output
    connect: The network is not accessible
    # stay ns0 in ping veth1
    ip netns exec ns0 ping 10.0.0.2
    # Output
    connect: The network is not accessible 

    But I found that no matter what ping no , Why is that ? Let's take a look at the network namespace ns0 and ns1 Network information in .

  2. Query the network information of network name space

    # stay ns0 View in ip
    ip netns exec ns0 ip a
    # Output
    1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    11: veth0@if10: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 4a:80:0c:37:b9:de brd ff:ff:ff:ff:ff:ff link-netnsid 1
    # stay ns1 View in ip
    ip netns exec ns1 ip a
    # Output
    1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    10: veth1@if11: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether c2:94:68:ed:45:1d brd ff:ff:ff:ff:ff:ff link-netnsid 0

You can see that not only local loopback and veth All of the states DOWN, Even veth Of IP There's no information , This is because moving a virtual network interface in a different network namespace will reset the state of the virtual network interface .

It's used here ip a Command to view the network card , because ifconfig The command does not display a status of down Network card of

modify veth pair To configure

Give the veth To configure IP And start the relevant network card

# To configure ns0
ip netns exec ns0 ip addr add 10.0.0.1/24 dev veth0
ip netns exec ns0 ip link set lo up
ip netns exec ns0 ip link set veth0 up
# To configure ns1
ip netns exec ns1 ip addr add 10.0.0.2/24 dev veth1
ip netns exec ns1 ip link set lo up
ip netns exec ns1 ip link set veth1 up

Verify network again

# stay ns0 in ping own
ip netns exec ns0 ping 10.0.0.1
# Output
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.033 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.069 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.065 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=0.067 ms
^C
--- 10.0.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3060ms
rtt min/avg/max/mdev = 0.033/0.058/0.069/0.016 ms
# stay ns0 in ping veth1
ip netns exec ns0 ping 10.0.0.2
# Output
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.105 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.050 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.046 ms
64 bytes from 10.0.0.2: icmp_seq=4 ttl=64 time=0.046 ms
^C
--- 10.0.0.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.046/0.061/0.105/0.026 ms
# On the host machine ping veth1
ping 10.0.0.1
# Output
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
^C
--- 10.0.0.1 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
# On the host machine ping veth1
ping 10.0.0.2
# Output
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
^C
--- 10.0.0.2 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 999ms

You can see that the host machine cannot connect to any network namespace , This paper proves the isolation feature of network namespace .

At the same time, the two network namespace can communicate , Proved veth pair Connectivity properties of .

You may have this idea when you see it here , Can I have one veth Set to netns in , the other one veth What about keeping it on the host machine ?

The answer is yes , We're going to finish the idea .

Modify network configuration

  1. take veth0 Move back to the host machine , And configure the network card information

    because veth0 It's not visible on the host machine , Of course, it can't be operated , So we need to ns0 In the operation , By default, in the root network command space PID yes 1
    # take veth0 Move back to the host machine
    ip netns exec ns0 ip link set veth0 netns 1
    # Delete ns0
    ip netns del ns0
    # start-up veth0 And configuration ip
    ip link set veth0 up
    ip addr add 10.0.0.1/24 dev veth0
  2. The network configuration is shown in the figure below

netns1

Test network connectivity

# On the host machine ping veth0
ping 10.0.0.1
# Output
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.053 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.039 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.034 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=0.038 ms
^C
--- 10.0.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.034/0.041/0.053/0.007 ms
# On the host machine ping veth1
ping 10.0.0.2
# Output
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.068 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.048 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.045 ms
64 bytes from 10.0.0.2: icmp_seq=4 ttl=64 time=0.040 ms
^C
--- 10.0.0.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.040/0.050/0.068/0.011 ms
# stay ns1 in ping veth0
ip netns exec ns1 ping 10.0.0.1
# Output
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.071 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.055 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.046 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=0.045 ms
^C
--- 10.0.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.045/0.054/0.071/0.011 ms

Use veth pair We have successfully broken the isolation between the host machine and the network namespace , A network that can be interconnected is established . This scenario is equivalent to connecting two network devices with a single cable , and veth pair This is it ” Ethernet cable “. This approach has also been widely used docker In the network , We will also talk about how to play as you please docker The Internet .

Next we'll talk about learning Linux Bridge Virtual Bridge .

First article Linux Network devices veth pair and netns Without permission , Do not reprint .
版权声明
本文为[I'm in the opposite corner]所创,转载请带上原文链接,感谢

  1. 【计算机网络 12(1),尚学堂马士兵Java视频教程
  2. 【程序猿历程,史上最全的Java面试题集锦在这里
  3. 【程序猿历程(1),Javaweb视频教程百度云
  4. Notes on MySQL 45 lectures (1-7)
  5. [computer network 12 (1), Shang Xuetang Ma soldier java video tutorial
  6. The most complete collection of Java interview questions in history is here
  7. [process of program ape (1), JavaWeb video tutorial, baidu cloud
  8. Notes on MySQL 45 lectures (1-7)
  9. 精进 Spring Boot 03:Spring Boot 的配置文件和配置管理,以及用三种方式读取配置文件
  10. Refined spring boot 03: spring boot configuration files and configuration management, and reading configuration files in three ways
  11. 精进 Spring Boot 03:Spring Boot 的配置文件和配置管理,以及用三种方式读取配置文件
  12. Refined spring boot 03: spring boot configuration files and configuration management, and reading configuration files in three ways
  13. 【递归,Java传智播客笔记
  14. [recursion, Java intelligence podcast notes
  15. [adhere to painting for 386 days] the beginning of spring of 24 solar terms
  16. K8S系列第八篇(Service、EndPoints以及高可用kubeadm部署)
  17. K8s Series Part 8 (service, endpoints and high availability kubeadm deployment)
  18. 【重识 HTML (3),350道Java面试真题分享
  19. 【重识 HTML (2),Java并发编程必会的多线程你竟然还不会
  20. 【重识 HTML (1),二本Java小菜鸟4面字节跳动被秒成渣渣
  21. [re recognize HTML (3) and share 350 real Java interview questions
  22. [re recognize HTML (2). Multithreading is a must for Java Concurrent Programming. How dare you not
  23. [re recognize HTML (1), two Java rookies' 4-sided bytes beat and become slag in seconds
  24. 造轮子系列之RPC 1:如何从零开始开发RPC框架
  25. RPC 1: how to develop RPC framework from scratch
  26. 造轮子系列之RPC 1:如何从零开始开发RPC框架
  27. RPC 1: how to develop RPC framework from scratch
  28. 一次性捋清楚吧,对乱糟糟的,Spring事务扩展机制
  29. 一文彻底弄懂如何选择抽象类还是接口,连续四年百度Java岗必问面试题
  30. Redis常用命令
  31. 一双拖鞋引发的血案,狂神说Java系列笔记
  32. 一、mysql基础安装
  33. 一位程序员的独白:尽管我一生坎坷,Java框架面试基础
  34. Clear it all at once. For the messy, spring transaction extension mechanism
  35. A thorough understanding of how to choose abstract classes or interfaces, baidu Java post must ask interview questions for four consecutive years
  36. Redis common commands
  37. A pair of slippers triggered the murder, crazy God said java series notes
  38. 1、 MySQL basic installation
  39. Monologue of a programmer: despite my ups and downs in my life, Java framework is the foundation of interview
  40. 【大厂面试】三面三问Spring循环依赖,请一定要把这篇看完(建议收藏)
  41. 一线互联网企业中,springboot入门项目
  42. 一篇文带你入门SSM框架Spring开发,帮你快速拿Offer
  43. 【面试资料】Java全集、微服务、大数据、数据结构与算法、机器学习知识最全总结,283页pdf
  44. 【leetcode刷题】24.数组中重复的数字——Java版
  45. 【leetcode刷题】23.对称二叉树——Java版
  46. 【leetcode刷题】22.二叉树的中序遍历——Java版
  47. 【leetcode刷题】21.三数之和——Java版
  48. 【leetcode刷题】20.最长回文子串——Java版
  49. 【leetcode刷题】19.回文链表——Java版
  50. 【leetcode刷题】18.反转链表——Java版
  51. 【leetcode刷题】17.相交链表——Java&python版
  52. 【leetcode刷题】16.环形链表——Java版
  53. 【leetcode刷题】15.汉明距离——Java版
  54. 【leetcode刷题】14.找到所有数组中消失的数字——Java版
  55. 【leetcode刷题】13.比特位计数——Java版
  56. oracle控制用户权限命令
  57. 三年Java开发,继阿里,鲁班二期Java架构师
  58. Oracle必须要启动的服务
  59. 万字长文!深入剖析HashMap,Java基础笔试题大全带答案
  60. 一问Kafka就心慌?我却凭着这份,图灵学院vip课程百度云