docker之网络命名空间

Docker之网络命名空间 原创

2019-12-02 14:54:08

 

一.测试两个容器是否互通

1.先运行两个容器 test1 与test2

docker run -d  --name test1 busybox /bin/sh -c "while true; do sleep 3600; done"

docker run -d  --name test2 busybox /bin/sh -c "while true; do sleep 3600; done"

生成两个容器test1和test2，分别进入容器test1和test2，查看他们的ip地址

docker exec test1 ip a
docker exec test2 ip a

得到test1和test2的ip分别为172.17.0.2和172.17.0.3

我们在test1容器中执行

docker exec test1 ping 172.17.0.2

结果显示两个容器是可以互相通信的，

底层原理

通过下面这个图简单的理解一下：

简单来说，容器1中的网络命名空间（namespace1）和容器2中的网络命名空间（namespace2）通过一对叫做veth的东西（可以理解成接口）进行通信。

二.ip netns相关命令

1. 显示所有的虚拟网络命名空间

sudo ip netns list

也可通过查看/var/run/netns目录下的文件来list

ls /var/run/netns/

2. 增加虚拟网络命名空间test1

sudo ip netns add test1

3. 删除虚拟网络命名空间test1

sudo ip netns delete test1

4.进入虚拟机网络环境

ip netns exec net0 command

如
打开虚拟网络环境net0的bash窗口

ip netns exec net0 bash

显示所有虚拟网络环境的设备

ip addr

退出该网络虚拟环境

exit

5. 增加一对veth虚拟网卡

ip link add type veth

6. 将veth0添加到net0虚拟网络环境

ip link set veth0 netns net0

7.将虚拟网卡veth1改名并添加到net1虚拟网络环境中

ip link set dev veth1 name net1-bridge netns net1

8. 设置虚拟网络环境net0的veth0设备处于激活状态

ip netns exec net0 ip link set veth0 up

9. 为虚拟网络环境net0的veth0设备增加IP地址

ip netns exec net0 ip address add 10.0.1.1/24 dev veth0

三.实例(建立两个命名空间，并实现互相ping通)

1.先建立两个虚拟空间namespace，分别为test3和test4

sudo ip netns add test3
sudo ip netns add test4

查看当前虚拟网络空间

[root@localhost ~]# ip netns list
test4
test3

2.建立一对veth，分别命名为veth-test3 和veth-test4

sudo ip link add veth-test3 type veth peer name veth-test4

此时我们使用ip link命令查看一下当前宿主机中的信息:

[root@localhost ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:0c:29:88:4d:9e brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:fb:1c:42 brd ff:ff:ff:ff:ff:ff
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:fb:1c:42 brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:eb:92:75:9a brd ff:ff:ff:ff:ff:ff
8: veth-test4@veth-test3: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether b2:05:0d:4e:a9:e4 brd ff:ff:ff:ff:ff:ff
9: veth-test3@veth-test4: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether e6:d8:aa:4d:67:6d brd ff:ff:ff:ff:ff:ff

可以看到，我们已经成功的创建了一对veth,veth-test4@veth-test3与veth-test3@veth-test4

3.将创建的veth分别添加到命名空间test3和test4

添加到test3与test4

sudo ip link set veth-test3 netns test3
sudo ip link set veth-test4 netns test4

在test3查看是否已经添加veth,在test3执行ip link,

[root@localhost ~]# sudo ip netns exec test3 ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
9: veth-test3@if8: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether e6:d8:aa:4d:67:6d brd ff:ff:ff:ff:ff:ff link-netnsid 1

在test4查看是否已经添加veth,在test4执行ip link,

[root@localhost ~]# sudo ip netns exec test4 ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
8: veth-test4@if9: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether b2:05:0d:4e:a9:e4 brd ff:ff:ff:ff:ff:ff link-netnsid 0

此时创建的veth已经成功添加到了两个命名空间中。此时还需要最后两个步骤，一个就是给veth添加ip，另个就是让其状态置为UP

4.为veth添加ip地址

[root@localhost ~]# sudo ip netns exec test3 ip addr add 192.168.1.3/24 dev veth-test3
[root@localhost ~]# sudo ip netns exec test4 ip addr add 192.168.1.4/24 dev veth-test4

再次查看test3与test4的ip link状态

[root@localhost ~]# sudo ip netns exec test3 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
9: veth-test3@if8: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
    link/ether e6:d8:aa:4d:67:6d brd ff:ff:ff:ff:ff:ff link-netnsid 1
    inet 192.168.1.3/24 scope global veth-test3
       valid_lft forever preferred_lft forever
       
[root@localhost ~]#  sudo ip netns exec test4 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
8: veth-test4@if9: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether b2:05:0d:4e:a9:e4 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.4/24 scope global veth-test4
       valid_lft forever preferred_lft forever

发现ip地址已分别为其设置上

4.将test3与test4状态设置为UP

sudo ip netns exec test3 ip link set dev veth-test3 up
 sudo ip netns exec test3 ip link set dev veth-test4 up

5.测试两个命名空间是否已经可以ping通

 sudo ip netns exec test3 ping 192.168.1.4

结果,连接成功

[root@localhost ~]# sudo ip netns exec test3 ping 192.168.1.4
PING 192.168.1.4 (192.168.1.4) 56(84) bytes of data.
64 bytes from 192.168.1.4: icmp_seq=1 ttl=64 time=0.232 ms
64 bytes from 192.168.1.4: icmp_seq=2 ttl=64 time=0.183 ms
64 bytes from 192.168.1.4: icmp_seq=3