To support multiple instances of the network protocol stack, Linux introduces a network command space in the network stack. Network stacks in different namespaces are completely isolated and cannot communicate with each other. By isolating network resources, multiple different network environments can be virtualized on a host. Docker uses network namespace to achieve network isolation between different containers.
Network namespace operations
IP netns add <name> Run IP netns exec <name> <command>Copy the codeDemo namespace
Add test1, test2 network namespaces
ip netns add test1
ip netns add test2
Copy the code
View network adapters test1 and test2
[root@gundy ~]# ip netns exec test1 ip a 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 [root@gundy ~]# ip netns exec test2 ip a 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00Copy the codeOnly the LO local loopback port is in DOWN state
The two namespaces are connected through a Veth device pair. Veth device pairs come in pairs, much like a pair of Ethernet cards, and there is a network cable directly connected in the middle, making one end the peer of the other end.
Operation of Veth device pairs
Create a Veth device pair
[root@gundy ~]# ip link add veth-test1 type veth peer name veth-test2
Copy the codeAfter the creation, you can view the information about the Veth device pair
[root@gundy ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 00:16:3e:0c:20:db brd ff:ff:ff:ff:ff:ff
3: veth-test2@veth-test1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 76:dd:e3:28:a2:46 brd ff:ff:ff:ff:ff:ff
4: veth-test1@veth-test2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 7a:42:dd:ee:76:46 brd ff:ff:ff:ff:ff:ff
Copy the codeAdd veth-test1 to namespace test1
ip link set veth-test1 netns test1
Copy the code[root@gundy ~]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 link/ether 00:16:3e:0c:20:db brd ff:ff:ff:ff:ff:ff 3: veth-test2@if4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 76:dd:e3:28:a2:46 BRD ff:ff:ff:ff:ff:ff :ff link-netns test1 [root@gundy ~]# IP netns exec test1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 4: veth-test1@if3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 7a:42:dd:ee:76:46 brd ff:ff:ff:ff:ff:ff link-netnsid 0Copy the codeAdd veth-test2 to namespace test2
ip link set veth-test2 netns test2
Copy the codeCurrently, there are only MAC addresses, but no IP addresses. The status is down. Now assign IP addresses to them
IP netns exec test1 IP addr add 192.168.1.1/24 dev veth-test1 IP netns exec test2 IP addr add 192.168.1.2/24 dev veth-test2
Start them
ip netns exec test1 ip link set dev veth-test1 up
ip netns exec test2 ip link set dev veth-test2 up
Copy the code[root@gundy ~]# ip netns exec test1 ip link set dev veth-test1 up
[root@gundy ~]# ip netns exec test2 ip link set dev veth-test2 up
[root@gundy ~]# ip netns exec test1 ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4: veth-test1@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 7a:42:dd:ee:76:46 brd ff:ff:ff:ff:ff:ff link-netns test2
[root@gundy ~]# ip netns exec test2 ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: veth-test2@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 76:dd:e3:28:a2:46 brd ff:ff:ff:ff:ff:ff link-netns test1
Copy the codeThe status is up now. Check the IP address
[root@gundy ~]# ip netns exec test1 ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host LO valid_lft forever preferred_lft forever Inet6 ::1/128 scope host valid_lft forever preferred_lft forever 4: veth-test1@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 7a:42:dd:ee:76:46 BRD ff:ff:ff:ff:ff:ff :ff link-netns test2 inet 192.168.1.1/24 scope global veth-test1 valid_lft forever preferred_lft forever inet6 fe80::7842:ddff:feee:7646/64 scope link valid_lft forever preferred_lft forever [root@gundy ~]# ip netns exec test2 ip a 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 3: veth-test2@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 76:dd:e3:28:a2:46 BRD ff:ff:ff:ff:ff:ff :ff link-netns test1 inet 192.168.1.2/24 scope global veth-test2 valid_lft forever preferred_lft forever inet6 fe80::74dd:e3ff:fe28:a246/64 scope link valid_lft forever preferred_lft foreverCopy the codePing test1; ping test2; ping test1; ping
[root@gundy ~]# IP netns exec test1 ping 192.168.1.2 ping 192.168.1.2 (192.168.1.2) 56(84) bytes of data.64 bytes from 192.168.1.2: ICmp_seq =1 TTL =64 time=0.041 ms 64 bytes from 192.168.1.2: Icmp_seq =2 TTL =64 time=0.043 ms 64 bytes from 192.168.1.2: ICmp_seq =3 TTL =64 time=0.033 ms 64 bytes from 192.168.1.2: Icmp_seq =4 TTL =64 time= 0.03ms -- 192.168.1.2 ping statistics -- 4 packets transmitted, 4 received, 0% packet loss Time 63ms RTT min/avg/ Max /mdev = 0.030/0.036/0.043/0.009ms [root@gundy ~]# IP netns exec test2 ping 192.168.1.1 ping 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 64 bytes from 192.168.1.1: Icmp_seq =1 TTL =64 time=0.020 ms 64 bytes from 192.168.1.1: ICmp_seq =2 TTL =64 time=0.037 ms 64 bytes from 192.168.1.1: Icmp_seq =3 TTL =64 time=0.033 ms 64 bytes from 192.168.1.1: ICmp_seq =4 TTL =64 time=0.036 ms 64 bytes from 192.168.1.1: icmp_seq=4 TTL =64 time=0.036 ms 64 bytes from 192.168.1.1: Icmp_seq =5 TTL =64 time= 0.03ms -- 192.168.1.1 ping statistics -- 5 packets transmitted, 5 received, 0% packet loss Time 104ms RTT min/avg/ Max /mdev = 0.020/0.034/0.046/0.009msCopy the codeThe current state is as follows:
