一、ip命令介绍
ip命令是iproute软件的程序
[root@host1 ~]# yum install iproute -y
[root@host1 ~]# rpm -q iproute
iproute-4.11.0-25.el7_7.2.x86_64
通过ip可以实现管理网络名称空间
[root@host1 ~]# ip
Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename
where OBJECT := { link | address | addrlabel | route | rule | neigh | ntable |
tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |
netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila |
vrf }
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |
-h[uman-readable] | -iec |
-f[amily] { inet | inet6 | ipx | dnet | mpls | bridge | link } |
-4 | -6 | -I | -D | -B | -0 |
-l[oops] { maximum-addr-flush-attempts } | -br[ief] |
-o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] |
-rc[vbuf] [size] | -n[etns] name | -a[ll] | -c[olor]}
netns的使用帮助如下
[root@host1 ~]# ip netns help
Usage: ip netns list
ip netns add NAME
ip netns set NAME NETNSID
ip [-all] netns delete [NAME]
ip netns identify [PID]
ip netns pids NAME
ip [-all] netns exec [NAME] cmd ...
ip netns monitor
ip netns list-id
二、ip命令的使用
创建两个名称空间并查看一下
[root@host1 ~]# ip netns add r1
[root@host1 ~]# ip netns add r2
[root@host1 ~]# ip netns list
r2
r1
查看网络名称空间中有几个网卡
[root@host1 ~]# ip netns exec r1 ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
创建网卡对
[root@host1 ~]# ip link help
Usage: ip link add [link DEV] [ name ] NAME
[ txqueuelen PACKETS ]
[ address LLADDR ]
[ broadcast LLADDR ]
[ mtu MTU ] [index IDX ]
[ numtxqueues QUEUE_COUNT ]
[ numrxqueues QUEUE_COUNT ]
type TYPE [ ARGS ]
创建一对网卡,两端分别为veth2.1和veth2.2
[root@host1 ~]# ip link add name veth2.1 type veth peer name veth2.2
[root@host1 ~]# ip link show | grep veth2.*
7: veth2.2@veth2.1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
8: veth2.1@veth2.2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
为名称空间分配虚拟网卡
将veth2.1保留在物理机,将veth2.2分配到r1名称空间
[root@host1 ~]# ip link set veth2.2 netns r1
[root@host1 ~]# ip netns exec r1 ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
7: veth2.2@if8: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 4e:f2:68:33:47:a1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@host1 ~]# ip link show | grep veth2.*
8: veth2.1@if7: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
也可以修改虚拟网卡的名称,例如将r1中的veth2.2改名为eth0
[root@host1 ~]# ip netns exec r1 ip link set dev veth2.2 name eth0
[root@host1 ~]# ip netns exec r1 ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
7: eth0@if8: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 4e:f2:68:33:47:a1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
将veth2.1地址设置为10.0.0.1/8,将r1中的eth0地址地址设置为10.0.0.2/8
[root@host1 ~]# ip addr add 10.0.0.1/8 dev veth2.1
[root@host1 ~]# ip netns exec r1 ip addr add 10.0.0.2/8 dev eth0
[root@host1 ~]# ip addr show veth2.1
8: veth2.1@if7: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 1e:62:af:a2:bc:6d brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet 10.0.0.1/8 scope global veth2.1
valid_lft forever preferred_lft forever
[root@host1 ~]# ip netns exec r1 ip addr show eth0
7: eth0@if8: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 4e:f2:68:33:47:a1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.0.0.2/8 scope global eth0
valid_lft forever preferred_lft forever
此时两个网卡都是down状态,解决方法如下
[root@host1 ~]# ip link set veth2.1 up
[root@host1 ~]# ip netns exec r1 ip link set eth0 up
也可以将veth2.1放入另一个名称空间,这样两个名称空间就可以通信了
[root@host1 ~]# ip link set veth2.1 netns r2
[root@host1 ~]# ip netns exec r2 ip link set veth2.1 up