network namespace is logically another copy of the network stack, with its own routes, firewall rules, and network devices.
netns是网络栈的一个逻辑副本,有自己的路由、防火墙规则和网络设备。

We can use network namespace to isolate networks.
我们用netns来隔离网络。

举个复杂的例子:

解释一下802.1q,就是vlan: 802.1q协议也就是“Virtual Bridged Local Area Networks”(虚拟桥接局域网,简称“虚拟局域网”)协议,主要规定了VLAN的实现方法

如上图,实现topo的脚本:

cat start-topo.sh  
#! /bin/bash

sudo modprobe 8021q  
sudo ip netns add h1  
sudo ip netns add h2  
sudo ip netns add h3  
sudo ip netns add h4  
sudo ip link add h1_eth0 type veth peer name s1_eth1  
sudo ip link add h2_eth0 type veth peer name s1_eth2  
sudo ip link add h3_eth0 type veth peer name s1_eth3  
sudo ip link add h4_eth0 type veth peer name s1_eth4  
sudo ip link set h1_eth0 netns h1  
sudo ip link set h2_eth0 netns h2  
sudo ip link set h3_eth0 netns h3  
sudo ip link set h4_eth0 netns h4  
sudo ip netns exec h1 ifconfig lo up  
sudo ip netns exec h2 ifconfig lo up  
sudo ip netns exec h3 ifconfig lo up  
sudo ip netns exec h4 ifconfig lo up  
sudo ip netns exec h1 ifconfig h1_eth0 up  
sudo ip netns exec h2 ifconfig h2_eth0 up  
sudo ip netns exec h3 ifconfig h3_eth0 up  
sudo ip netns exec h4 ifconfig h4_eth0 up  
sudo ip netns exec h1 vconfig add h1_eth0 101  
sudo ip netns exec h2 vconfig add h2_eth0 101  
sudo ip netns exec h3 vconfig add h3_eth0 102  
sudo ip netns exec h4 vconfig add h4_eth0 102  
sudo ip netns exec h1 ifconfig h1_eth0.101 192.168.0.101/24 up  
sudo ip netns exec h2 ifconfig h2_eth0.101 192.168.0.102/24 up  
sudo ip netns exec h3 ifconfig h3_eth0.102 192.168.0.103/24 up  
sudo ip netns exec h4 ifconfig h4_eth0.102 192.168.0.104/24 up  
sudo ovs-vsctl add-br s1  
sudo ovs-vsctl add-port s1 eth0  
sudo ovs-vsctl set port eth0 trunks=101,102  
sudo ovs-vsctl add-port s1 s1_eth1 -- set Interface s1_eth1 ofport_request=101  
sudo ovs-vsctl add-port s1 s1_eth2 -- set Interface s1_eth2 ofport_request=102  
sudo ovs-vsctl add-port s1 s1_eth3 -- set Interface s1_eth3 ofport_request=103  
sudo ovs-vsctl add-port s1 s1_eth4 -- set Interface s1_eth4 ofport_request=104  
sudo ifconfig s1_eth1 up  
sudo ifconfig s1_eth2 up  
sudo ifconfig s1_eth3 up  
sudo ifconfig s1_eth4 up  

查看ovs网桥

# sudo ovs-vsctl show
97300b24-0486-4520-aae9-13a4b940a2be  
    Bridge "s1"
        Controller "tcp:127.0.0.1"
        Port "s1"
            Interface "s1"
                type: internal
        Port "s1_eth2"
            Interface "s1_eth2"
        Port "s1_eth4"
            Interface "s1_eth4"
        Port "s1_eth3"
            Interface "s1_eth3"
        Port "eth0"
            trunks: [101, 102]
            Interface "eth0"
        Port "s1_eth1"
            Interface "s1_eth1"
    ovs_version: "2.4.90"

查看流量:

sudo ovs-ofctl show s1  
OFPT_FEATURES_REPLY (xid=0x2): dpid:000050e54942f540  
n_tables:254, n_buffers:256  
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP  
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst  
 1(eth0): addr:50:e5:49:42:f5:40
     config:     0
     state:      0
     current:    1GB-FD AUTO_NEG
     advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-HD 1GB-FD COPPER AUTO_NEG AUTO_PAUSE AUTO_PAUSE_ASYM
     supported:  10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-HD 1GB-FD COPPER AUTO_NEG
     speed: 1000 Mbps now, 1000 Mbps max
 101(s1_eth1): addr:fa:26:b7:71:2a:50
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 102(s1_eth2): addr:26:b1:a4:a9:ee:44
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 103(s1_eth3): addr:6a:04:c0:61:94:75
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 104(s1_eth4): addr:9e:a2:3d:e4:95:ff
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 LOCAL(s1): addr:50:e5:49:42:f5:40
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0  

弄完后清除痕迹:

sudo ovs-vsctl del-br s1  
sudo ip netns del h1  
sudo ip netns del h2  
sudo ip netns del h3  
sudo ip netns del h4  
sudo rmmod 8021q  
comments powered by Disqus