使用ip netns操作network namespace

創(chuàng)建一個network namespace

1. 創(chuàng)建一個network namespace

ip netns add nstest
ip netns list 

2. 刪除一個network namespace

ip netns delete nstest 
ip netns list 

3.在network namespace 中執(zhí)行一條命令,如顯示nstest中的網(wǎng)卡信息

ip netns exec nstest ip addr 

或直接打開一個Bash,在里面執(zhí)行命令,用exit退出

ip netns exec nstest bash

配置network namespace

1. 配置網(wǎng)卡
   啟動默認添加的網(wǎng)絡(luò)回環(huán)設(shè)備,回環(huán)設(shè)備默認是關(guān)閉的

ip netns exec nstest ip link set dev lo up

在主機上添加兩塊虛擬網(wǎng)卡veth-a和veth-b

ip link add veth-a type  veth peer name veth-b
ip addr 

將veth-b加入到nstest這個network namespace中,veth-a留在主機中

ip link set veth-b netns nstest
ip netns exec nstest ip link

為網(wǎng)卡分配IP地址

#為主機的veth-a分配ip
ip addr add 10.0.0.1/24 dev veth-a
ip link set dev veth-a up
# 為nstest中的veth-b配置ip并啟動
ip netns exec nstest ip addr add 10.0.0.2/24 dev veth-b
ip netns exec nstest ip link set dev veth-b up
#驗證連通性
[root@cyt-aliyun-test ~]# ping 10.0.0.2 
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.065 ms
[root@cyt-aliyun-test ~]# ip netns exec nstest ping 10.0.0.1 
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.048 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.054 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.060 ms

使用ip命令配置docker容器網(wǎng)絡(luò)

# 查看容器的pid
[root@cyt-aliyun-test ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                  NAMES
354e7442c0b1        php-apache:5.6.31   "docker-php-entrypoin"   6 weeks ago         Up 6 weeks          0.0.0.0:8080->80/tcp   kod
[root@cyt-aliyun-test ~]# docker inspect --format '{{.State.Pid}}' kod
16289
#若不存在/var/run/netns目錄,則創(chuàng)建目錄
mkdir -p /var/run/netns
#在/var/run/netns/目錄下創(chuàng)建軟鏈接,指向kod容器的network namespace
[root@cyt-aliyun-test netns]# ln -s /proc/16289/ns/net /var/run/netns/kod
#測試
[root@cyt-aliyun-test netns]# ip netns exec kod ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
34: eth0@if35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe11:2/64 scope link 
       valid_lft forever preferred_lft forever
[root@cyt-aliyun-test netns]# ip netns list
kod (id: 1)
nstest (id: 0)