# 实验目的
理解docker是如何实现容器内和宿主机的网络通信的。
# 实验步骤
创建一个veth pair对,一个端口连接到容器内,一个端口连接到宿主机。实现容器和宿主机之间的通信。
# 1.准备命名空间
创建并查看网络命名空间
[root@master ~]# ip netns add myns
[root@master ~]# ip netns ls
myns
1
2
3
2
3
查看命名空间中的网卡信息
[root@master ~]# ip netns exec myns ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
1
2
3
2
3
查看当前宿主机的网卡信息
[root@master ~]# ip netns exec myns ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
[root@master ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 00:1c:42:5f:ad:1b brd ff:ff:ff:ff:ff:ff
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
# 2.创建veth pair,并且将一个端口连接到容器内,一个端口连接到宿主机。
创建并查看veth pair对
[root@master ~]# ip link add veth0 type veth peer name veth1
[root@master ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 00:1c:42:5f:ad:1b brd ff:ff:ff:ff:ff:ff
5: veth1@veth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 72:c8:02:52:3f:c6 brd ff:ff:ff:ff:ff:ff
6: veth0@veth1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether ce:72:c3:43:e1:e6 brd ff:ff:ff:ff:ff:ff
1
2
3
4
5
6
7
8
9
10
2
3
4
5
6
7
8
9
10
将veth1迁移到命名空间myns
[root@master ~]# ip link set veth1 netns myns
1
查看命名空间中的网卡信息,发现veth1已经迁移到myns命名空间
[root@master ~]# ip netns exec myns ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
5: veth1@if6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 72:c8:02:52:3f:c6 brd ff:ff:ff:ff:ff:ff link-netnsid 0
1
2
3
4
5
2
3
4
5
查看宿主机的网卡信息,已经看不见veth1了
[root@master ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 00:1c:42:5f:ad:1b brd ff:ff:ff:ff:ff:ff
6: veth0@if5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether ce:72:c3:43:e1:e6 brd ff:ff:ff:ff:ff:ff link-netns myns
1
2
3
4
5
6
7
2
3
4
5
6
7
# 3.配置veth0和veth1的ip地址,进行联通测试
配置veth0的ip地址
[root@master ~]# ip addr add 192.168.50.2/24 dev veth0
[root@master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:1c:42:5f:ad:1b brd ff:ff:ff:ff:ff:ff
inet 10.211.55.4/24 brd 10.211.55.255 scope global dynamic noprefixroute enp0s5
valid_lft 951sec preferred_lft 951sec
inet6 fdb2:2c26:f4e4:0:21c:42ff:fe5f:ad1b/64 scope global dynamic noprefixroute
valid_lft 2591877sec preferred_lft 604677sec
inet6 fe80::21c:42ff:fe5f:ad1b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
6: veth0@if5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether ce:72:c3:43:e1:e6 brd ff:ff:ff:ff:ff:ff link-netns myns
inet 192.168.50.2/24 scope global veth0
valid_lft forever preferred_lft forever
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
配置veth0的ip地址
[root@master ~]# ip netns exec myns ip addr add 192.168.50.3/24 dev veth1
[root@master ~]# ip netns exec myns ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
5: veth1@if6: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 72:c8:02:52:3f:c6 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.50.3/24 scope global veth1
valid_lft forever preferred_lft forever
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
目前veth0和myns中的veth1和lo都是down的状态,启用一下
ip netns exec myns ip link set dev veth1 up
ip netns exec myns ip link set dev lo up
ip link set dev veth0 up
1
2
3
2
3
查看一下,都是UP状态
[root@master ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 00:1c:42:5f:ad:1b brd ff:ff:ff:ff:ff:ff
6: veth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether ce:72:c3:43:e1:e6 brd ff:ff:ff:ff:ff:ff link-netns myns
[root@master ~]# ip netns exec myns ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
5: veth1@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 72:c8:02:52:3f:c6 brd ff:ff:ff:ff:ff:ff link-netnsid 0
1
2
3
4
5
6
7
8
9
10
11
12
2
3
4
5
6
7
8
9
10
11
12
互相ping一下,测试联通性
[root@master ~]# ip netns exec myns ping -c 3 192.168.50.2
PING 192.168.50.2 (192.168.50.2) 56(84) bytes of data.
64 bytes from 192.168.50.2: icmp_seq=1 ttl=64 time=0.044 ms
64 bytes from 192.168.50.2: icmp_seq=2 ttl=64 time=0.087 ms
64 bytes from 192.168.50.2: icmp_seq=3 ttl=64 time=0.206 ms
--- 192.168.50.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2052ms
rtt min/avg/max/mdev = 0.044/0.112/0.206/0.068 ms
[root@master ~]# ping -c 3 192.168.50.3
PING 192.168.50.3 (192.168.50.3) 56(84) bytes of data.
64 bytes from 192.168.50.3: icmp_seq=1 ttl=64 time=0.061 ms
64 bytes from 192.168.50.3: icmp_seq=2 ttl=64 time=1.09 ms
64 bytes from 192.168.50.3: icmp_seq=3 ttl=64 time=0.234 ms
--- 192.168.50.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2059ms
rtt min/avg/max/mdev = 0.061/0.460/1.087/0.448 ms
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# 4.从命名空间myns内ping宿主机
从命名空间ping宿主机ip,发现网络不通
[root@master ~]# ip netns exec myns ping -c 3 10.211.55.4
ping: connect: Network is unreachable
1
2
2
在命名空间中添加默认路由
ip netns exec myns ip route add default via 192.168.50.3
1
再ping宿主机,可以ping通了
[root@master ~]# ip netns exec myns ping -c 3 10.211.55.4
PING 10.211.55.4 (10.211.55.4) 56(84) bytes of data.
64 bytes from 10.211.55.4: icmp_seq=1 ttl=64 time=0.057 ms
64 bytes from 10.211.55.4: icmp_seq=2 ttl=64 time=0.157 ms
64 bytes from 10.211.55.4: icmp_seq=3 ttl=64 time=0.141 ms
--- 10.211.55.4 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2109ms
rtt min/avg/max/mdev = 0.057/0.118/0.157/0.043 ms
1
2
3
4
5
6
7
8
9
2
3
4
5
6
7
8
9
实验结束,最后记得删除命名空间。删除命名空间后,veth0和veth1会自动删除
ip netns delete myns
1