确定veth pair在容器和宿主机的对应关系

一、veth pair的对应关系

1、创建网络命名空间ns1

# ip netns add ns1 # ip netns list ns1

2、创建veth pair

# ip link add veth1 type veth peer name veth2
# ip a
21: veth2@veth1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 0a:73:e3:2e:49:08 brd ff:ff:ff:ff:ff:ff
22: veth1@veth2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether f2:20:e4:20:f6:ca brd ff:ff:ff:ff:ff:ff

从网卡名称veth2@veth1和veth1@veth2就可以看到他们的对应关系

 3、将veth2放入ns1命名空间

# ip link set veth2 netns ns1 up
# ip a
22: veth1@if21: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether f2:20:e4:20:f6:ca brd ff:ff:ff:ff:ff:ff link-netnsid 2
# ip netns list
ns1 (id: 2) //ns1的Id为2

veth1@if21：对端在所在网络命名空间的21号网卡

link-netnsid 2：对端在netnsid为2的网络命名空间里

# ip netns exec ns1 ip a
21: veth2@if22: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
    link/ether 0a:73:e3:2e:49:08 brd ff:ff:ff:ff:ff:ff link-netnsid 0

veth1@if22：对端在所在网络命名空间的22号网卡

link-netnsid 0：对端在netnsid为0的网络命名空间里

 

二、通过容器查找宿主机上的对应网卡

# kubectl get pod -o wide
NAME                               READY   STATUS    RESTARTS   AGE   IP             NODE           NOMINATED NODE   READINESS GATES
nginx-deployment-6dd86d77d-njhfk   1/1     Running   0          55m   10.2.199.3     10.30.20.106   <none>           <none>
# kubectl exec nginx-deployment-6dd86d77d-njhfk -it -- /bin/bash
root@nginx-deployment-6dd86d77d-njhfk:/# ip a 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
3: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP 
    link/ether 52:86:34:64:46:1c brd ff:ff:ff:ff:ff:ff
    inet 10.2.199.3/32 brd 10.2.199.3 scope global eth0
       valid_lft forever preferred_lft forever

eth0@if20：说明对应的为宿主机10.30.20.106上的20编号的网卡

在宿主机10.30.20.106

# ip a
......
20: calicde22b5f907@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netnsid 1

三、在宿主机上查询

1、查询网卡对应端所在的网络命名空间的id

# ip a
......
20: calicde22b5f907@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netnsid 1
...... 

link-netnsid 1：所在网络命名空间的id为1

2、查看对应网络命名空间

# ln -s /var/run/docker/netns /var/run/netns

# ip netns list
72c4d4eeedf0 (id: 1)
41bb71485c50 (id: 0)
default

# ip netns exec 72c4d4eeedf0 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
3: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 52:86:34:64:46:1c brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.2.199.3/32 brd 10.2.199.3 scope global eth0
       valid_lft forever preferred_lft forever

对应IP地址为10.2.199.3