Linux网络工具学习之:IP命令学习14

leiiwang

Linux网络工具学习之:IP命令学习14

标签(空格分隔): 网络

本文旨在通过IP命令介绍和学习Linux网络的相关知识

1. 概述

3. ip addr

4 ip addrlabel

5 ip route

6 ip rule

7 ip neighbour

8 ip ntable

9 ip tunnel

10 ip tuntap

11 ip maddr/mroute/mrule

12 ip monitor

13 ip xfrm

14 ip netns

14.1 概述

process network namespace management

这一节的技术其实在前面的章节里面已经使用了很多了,在这篇文章里面有比较完整的实验例子,其他参考文献也很多,比如Introducing Linux Network NamespacesLinux网络名字空间(Network Namespace)介绍(同前一篇)linux network namespace 学习网络名字空间,下面是来自帮助文档的一段有用的概述。

    A network namespace is logically another copy of the network stack,with its own routes, firewall rules, and network devices.

    By default a process inherits its network namespace from its parent.Initially all the processes share the same default network namespace from the init process.

    By convention a named network namespace is an object at /var/run/netns/NAME that can be opened. The file descriptor resulting from opening /var/run/netns/NAME refers to the specified network namespace. Holding that file descriptor open keeps the network namespace alive. The file descriptor can be used with the setns(2) system call to change the network namespace associated with a task.

    For applications that are aware of network namespaces, the convention is to look for global network configuration files first in /etc/netns/NAME/ then in /etc/.  For example, if you want a different version of /etc/resolv.conf for a network namespace used to isolate your vpn you would name it /etc/netns/myvpn/resolv.conf.

    ip netns exec automates handling of this configuration, file convention for network namespace unaware applications, by creating a mount namespace and bind mounting all of the per network namespace configure files into their traditional location in /etc.

14.2 使用

Usage: 
ip netns list 
>> show all of the named network namespaces This command displays all of the network namespaces in /var/run/netns

ip netns add NAME 
>> create a new named network namespace, If NAME is available in /var/run/netns/ this command creates a new network namespace and assigns NAME.

ip netns delete NAME 
>>ip [-all] netns delete [ NAME ] - delete the name of a network namespace(s)

ip netns identify PID 
>> Report network namespaces names for process

ip netns pids NAME
>> Report processes in the named network namespace

ip netns exec NAME cmd ...
>> ip [-all] netns exec [ NAME ] cmd ... - Run cmd in the named network namespace

ip netns monitor 
>>Report as network namespace names are added and deleted


# 命令是和/var/run/netns/紧密联系的,执行方式也是围绕这些文件
[root@10-9-151-160 ~]# ll /var/run/netns/
total 0
-r--r--r-- 1 root root 0 Sep 19 12:07 net1
-r--r--r-- 1 root root 0 Sep 19 12:07 net2

除了2.4.7的例子,这里给了另一个类似的例子

net server 192.168.1.1
    |svr-veth
    |vrgw-veth
net gateway 192.168.1.254 10.0.100.254 -> NAT
    |cli-veth 
    |cligw-veth
net client 10.0.100.1

# 1. add net add veth pair 
ip netns add server
ip netns add gateway
ip netns add client

ip link add svr-veth type veth peer name svrgw-veth
ip link add cli-veth type veth peer name cligw-veth

ip link set svr-veth netns server
ip link set svrgw-veth netns gateway
ip link set cligw-veth netns gateway
ip link set cli-veth netns client

# 2. 配置server
ip netns exec server ifconfig svr-veth 192.168.1.1
ip netns exec server route add default gw 192.168.1.254

# 3. 配置client
ip netns exec client ifconfig cli-veth 10.0.100.1
ip netns exec client route add default gw 10.0.100.254


# 4. 配置gateway
ip netns exec gateway ifconfig svrgw-veth 192.168.1.254
ip netns exec gateway ifconfig cligw-veth 10.0.100.254
ip netns exec gateway sysctl net.ipv4.ip_forward=1

# 5. 测试
ip netns exec gateway ping 192.168.1.1 -I 192.168.1.254
ip netns exec gateway ping 10.0.100.1 -I 10.0.100.254
ip netns exec client ping 192.168.1.1 -I 10.0.100.1
comments powered by Disqus