http://www.ibm.com/developerworks/cn/linux/1310_xiawc_networkdevice/
VLANs management
ip link add link eth0 name eth0.2 type vlan id 2
ip link add link eth0 name myvlan type vlan id 2 loose_binding on
ip link delete myvlan type vlan
ip link add foo type vlan help
This replaces the obsolete vconfig(8) program and adds new features.
The loose_binding flag stops the VLAN interface from tracking the line protocol status of the underlying device.
Creation of TUN/TAP interfaces
ip tuntap add dev mytap mode tap user md
This replaces the obsolete tunctl(8) program.
Creation of dummy interfaces
ip link add mydummy type dummy
The only way to create more dummy interfaces after the dummy module has been loaded used to be loading it again with a different name, and they were all named dummyN. Since module-init-tools does not support anymore loading the same module multiple times, iproute fully replaced this method.
Ethernet in GRE tunnels
ip link add mygretun type gretap remote 192.0.2.1
ip link add foo type gretap help
A practical way to remotely bridge two Ethernet networks. The IP MTU is reduced of the expected 20 (IP) + 4 (GRE) + 14 (Ethernet II) bytes.
Veth pair 是一对虚拟网卡,从一张veth网卡发出的数据包可以直接到达它的peer veth,两者之间存在着虚拟链路。
Veth 网卡和常规的以太网区别仅在于xmit接口:将数据发送到其peer,触发peer的Rx 过程。
Veth 的原理示意图如下:
实验:
#!/bin/sh
echo "create net namespace net0 and net1"
ip netns add net0
ip netns add net1
echo "list net namespace"
ip netns list
echo "add veth pair v1 and vp1"
ip link add veth_0 type veth peer name veth_0_peer
ip link
echo "set veth_0 in net0"
ip link set veth_0 netns net0
echo "set veth_0_peer in net1"
ip link set veth_0_peer netns net1
ip netns exec net0 ip addr add local 10.0.78.3/24 dev veth_0
ip netns exec net0 ifconfig veth_0 up
ip netns exec net1 ip addr add local 10.0.78.4/24 dev veth_0_peer
ip netns exec net1 ifconfig veth_0_peer up
echo "show ip netns net0"
ip netns exec net0 ip addr
echo "show ip netns net1"
ip netns exec net1 ip addr
ip netns exec net1 ping 10.0.78.3
veth pair是用于不同network namespace间进行通信的方式,veth pair将一个network namespace数据发往另一个network namespace的veth。如下:
操作
# add the namespaces
ip netns add ns1
ip netns add ns2
# create the veth pair
ip link add tap1 type veth peer name tap2
# move the interfaces to the namespaces
ip link set tap1 netns ns1
ip link set tap2 netns ns2
# bring up the links
ip netns exec ns1 ip link set dev tap1 up
ip netns exec ns2 ip link set dev tap2 up
如果多个network namespace需要进行通信,则需要借助bridge:
操作:
# add the namespaces
ip netns add ns1
ip netns add ns2
# create the switch
BRIDGE=br-test
brctl addbr $BRIDGE
brctl stp $BRIDGE off
ip link set dev $BRIDGE up
#
#### PORT 1
# create a port pair
ip link add tap1 type veth peer name br-tap1
# attach one side to linuxbridge
brctl addif br-test br-tap1
# attach the other side to namespace
ip link set tap1 netns ns1
# set the ports to up
ip netns exec ns1 ip link set dev tap1 up
ip link set dev br-tap1 up
#
#### PORT 2
# create a port pair
ip link add tap2 type veth peer name br-tap2
# attach one side to linuxbridge
brctl addif br-test br-tap2
# attach the other side to namespace
ip link set tap2 netns ns2
# set the ports to up
ip netns exec ns2 ip link set dev tap2 up
ip link set dev br-tap2 up
#
内核实现,veth的实现与loopback interface类似,比较简单:
//drivers/net/veth.c
static netdev_tx_t veth_xmit(struct sk_buff *skb, struct net_device *dev)
{
struct net_device *rcv = NULL;
struct veth_priv *priv, *rcv_priv;
priv = netdev_priv(dev);
rcv = priv->peer;
rcv_priv = netdev_priv(rcv);
stats = this_cpu_ptr(priv->stats);
length = skb->len;
//转发给peer
if (dev_forward_skb(rcv, skb) != NET_RX_SUCCESS)
goto rx_drop;
参考:
1 http://backreference.org/2010/03/26/tuntap-interface-tutorial/
2 http://blog.csdn.net/zhaihaifei/article/details/23168621
参考:
http://blog.csdn.net/zhaihaifei/article/details/38581247
参考: http://blog.csdn.net/zhaihaifei/article/details/38562047
创建network namespace
# ip netns add blue
# ip netns list
添加网口到namespace
先创建veth
# ip link add veth0 type veth peer name veth1
在当前namespace可以看到veth0和veth1
# ip link list
1: lo: mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:b2:cf:72 brd ff:ff:ff:ff:ff:ff
3: veth1: mtu 1500 qdisc noop state DOWN qlen 1000
link/ether ae:0d:00:e1:11:38 brd ff:ff:ff:ff:ff:ff
4: veth0: mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 42:e7:50:d4:bb:c5 brd ff:ff:ff:ff:ff:ff
将veth1加到namespace “blue”
# ip link set veth1 netns blue
此时,当前namepapce只能看到veth0。
通过如下命令可以查看blue namespace的网口
# ip netns exec blue ip link list
配置network namespace的网口
通过ip netns exec可以配置namespace的网口
# ip netns exec blue ifconfig veth1 172.17.42.2/16 up
network namespace的网口与物理网卡的通信
通过bridge来实现。参见veth pair一节。
参考 :http://blog.scottlowe.org/2013/09/04/introducing-linux-network-namespaces/