linuxのnetnsについての話

参考文献

LXCで学ぶコンテナ入門軽量仮想化環境を実現する技術  

vethケーブル作成

コード表示

[oracle@centos ~]$ ip addr show eth0
2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:d8:61:2c:f1:5b brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.109/24 brd 192.168.1.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::ccc0:20d4:3aed:ca75/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[oracle@centos ~]$ sudo ip link add name veth0-hst type veth peer name veth0-cot
[oracle@centos ~]$ ip a | grep veth
10: veth0-cot@veth0-hst:  mtu 1500 qdisc noop state DOWN group default qlen 1000
11: veth0-hst@veth0-cot:  mtu 1500 qdisc noop state DOWN group default qlen 1000

両端にIP振ってみる

コード表示

[oracle@centos ~]$ sudo ip addr add 192.168.1.2/24 dev veth0-hst
[oracle@centos ~]$ ip a | grep veth
10: veth0-cot@veth0-hst:  mtu 1500 qdisc noop state DOWN group default qlen 1000
11: veth0-hst@veth0-cot:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    inet 192.168.1.2/24 scope global veth0-hst
[oracle@centos ~]$ sudo ip addr add 192.168.1.3/24 dev veth0-cot
[oracle@centos ~]$ ip a | grep veth
10: veth0-cot@veth0-hst:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    inet 192.168.1.3/24 scope global veth0-cot
11: veth0-hst@veth0-cot:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    inet 192.168.1.2/24 scope global veth0-hst
[oracle@centos ~]$ ping -c 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=5.65 ms

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 5.659/5.659/5.659/0.000 ms

ケーブル活性化

コード表示

[oracle@centos ~]$ sudo ip link set up veth0-hst
[oracle@centos ~]$ ping -c 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=5.79 ms

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 5.796/5.796/5.796/0.000 ms
[oracle@centos ~]$ ip a | grep veth
10: veth0-cot@veth0-hst:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    inet 192.168.1.3/24 scope global veth0-cot
11: veth0-hst@veth0-cot:  mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
    inet 192.168.1.2/24 scope global veth0-hst
[oracle@centos ~]$ sudo ip link set up veth0-cot
[oracle@centos ~]$ ping -c 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

[oracle@centos ~]$ ip a | grep veth
10: veth0-cot@veth0-hst:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.1.3/24 scope global veth0-cot
11: veth0-hst@veth0-cot:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.1.2/24 scope global veth0-hst

host側からコンテナへ向けPingうつ

コード表示

[oracle@centos ~]$ ping -c 1 -I veth0-hst 192.168.1.3
PING 192.168.1.3 (192.168.1.3) from 192.168.1.2 veth0-hst: 56(84) bytes of data.

--- 192.168.1.3 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

ネットワーク名前空間の追加

コード表示

[oracle@centos ~]$ sudo ip netns add netns01
[oracle@centos ~]$ sudo ip netns list
netns01

コンテナの方のケーブルを作成したネットワーク空間に移動させる

コード表示

[oracle@centos ~]$ sudo ip link set veth0-cot netns netns01
[oracle@centos ~]$ ip a | grep veth
11: veth0-hst@if10:  mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
    inet 192.168.1.2/24 scope global veth0-hst

作成したネットワーク空間にはいり、ip振って確認

コード表示

[oracle@centos ~]$ sudo ip netns exec netns01 ip addr show
1: lo:  mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
10: veth0-cot@if11:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 6a:aa:62:c3:03:61 brd ff:ff:ff:ff:ff:ff link-netnsid 0
[oracle@centos ~]$ sudo ip netns exec netns01 ip addr add 192.168.1.3/24 dev veth0-cot
[oracle@centos ~]$ sudo ip netns exec netns01 ip addr show
1: lo:  mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
10: veth0-cot@if11:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 6a:aa:62:c3:03:61 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.3/24 scope global veth0-cot
       valid_lft forever preferred_lft forever
[oracle@centos ~]$ sudo ip netns exec netns01 ip link set veth0-cot up
[oracle@centos ~]$ sudo ip netns exec netns01 ip addr show
1: lo:  mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
10: veth0-cot@if11:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 6a:aa:62:c3:03:61 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.3/24 scope global veth0-cot
       valid_lft forever preferred_lft forever
    inet6 fe80::68aa:62ff:fec3:361/64 scope link 
       valid_lft forever preferred_lft forever

host側からコンテナへ向けPingうつもう一度

外でれないよなー

コード表示

[oracle@centos ~]$ ping -c 1 -I veth0-hst 192.168.1.3
PING 192.168.1.3 (192.168.1.3) from 192.168.1.2 veth0-hst: 56(84) bytes of data.
64 bytes from 192.168.1.3: icmp_seq=1 ttl=64 time=0.040 ms

--- 192.168.1.3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.040/0.040/0.040/0.000 ms
[oracle@centos ~]$ ping -c 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

コンテナ側からhost側へ向けPINGうつ

コンテナからも外でれないよなー

コード表示

[oracle@centos ~]$ sudo ip netns exec netns01 ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.039 ms
64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=0.083 ms
64 bytes from 192.168.1.2: icmp_seq=3 ttl=64 time=0.070 ms
^C
--- 192.168.1.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.039/0.064/0.083/0.018 ms
[oracle@centos ~]$ sudo ip netns exec netns01 ping -c 1 8.8.8.8
connect: ネットワークに届きません

あとかたづけ

コード表示

[oracle@centos ~]$ sudo ip link set down veth0-hst
[oracle@centos ~]$ sudo ip netns exec netns01 ip link set veth0-cot down
[oracle@centos ~]$ sudo ip netns del netns01
[oracle@centos ~]$ ip a | grep veth

第3おくてっとを100に変えたやつでやってみる

ホスト側のセグメント切り分けて置いた方がホスト側からそとにでていけるんだよな。セグメントかぶっているとつながらない。コンテナからはマスカレード機能がないので、NATできず、外と通信できない。Dockerとかはこういう機能を実装しているんだろうな。スクリプトで設定ファイル自動で作成しているんだろうな。

vethケーブル作成

コード表示

[oracle@centos ~]$ sudo ip link add name veth0-hst type veth peer name veth0-cot
[sudo] oracle のパスワード:
[oracle@centos ~]$ ip a | grep veth
12: veth0-cot@veth0-hst:  mtu 1500 qdisc noop state DOWN group default qlen 1000
13: veth0-hst@veth0-cot:  mtu 1500 qdisc noop state DOWN group default qlen 1000

両端にIP振ってみる

コード表示

[oracle@centos ~]$ sudo ip addr add 192.168.100.2/24 dev veth0-hst
[oracle@centos ~]$ ping -c 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=5.86 ms

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 5.868/5.868/5.868/0.000 ms
[oracle@centos ~]$ ip a | grep veth
12: veth0-cot@veth0-hst:  mtu 1500 qdisc noop state DOWN group default qlen 1000
13: veth0-hst@veth0-cot:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    inet 192.168.100.2/24 scope global veth0-hst
[oracle@centos ~]$ sudo ip addr add 192.168.100.3/24 dev veth0-cot
[oracle@centos ~]$ ip a | grep veth
12: veth0-cot@veth0-hst:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    inet 192.168.100.3/24 scope global veth0-cot
13: veth0-hst@veth0-cot:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    inet 192.168.100.2/24 scope global veth0-hst
[oracle@centos ~]$ ping -c 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=5.76 ms

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 5.767/5.767/5.767/0.000 ms


ケーブル活性化

コード表示

[oracle@centos ~]$ sudo ip link set up veth0-hst
[oracle@centos ~]$ ip a | grep veth
12: veth0-cot@veth0-hst:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    inet 192.168.100.3/24 scope global veth0-cot
13: veth0-hst@veth0-cot:  mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
    inet 192.168.100.2/24 scope global veth0-hst
[oracle@centos ~]$ ping -c 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=5.51 ms

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 5.514/5.514/5.514/0.000 ms
[oracle@centos ~]$ sudo ip link set up veth0-cot
[oracle@centos ~]$ ip a | grep veth
12: veth0-cot@veth0-hst:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.100.3/24 scope global veth0-cot
13: veth0-hst@veth0-cot:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.100.2/24 scope global veth0-hst
[oracle@centos ~]$ ping -c 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=5.54 ms

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 5.542/5.542/5.542/0.000 ms



host側からコンテナへ向けPingうつ

コード表示

[oracle@centos ~]$ ping -c 1 -I veth0-hst 192.168.100.3
PING 192.168.100.3 (192.168.100.3) from 192.168.100.2 veth0-hst: 56(84) bytes of data.

--- 192.168.100.3 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

ネットワーク名前空間の追加

コード表示

[oracle@centos ~]$ sudo ip netns add netns01
[oracle@centos ~]$ sudo ip netns list
netns01


コンテナの方のケーブルを作成したネットワーク空間に移動させる

コード表示

[oracle@centos ~]$ sudo ip link set veth0-cot netns netns01
[oracle@centos ~]$ ip a | grep veth
13: veth0-hst@if12:  mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
    inet 192.168.100.2/24 scope global veth0-hst
[oracle@centos ~]$ sudo ip netns exec netns01 ip addr show
1: lo:  mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
12: veth0-cot@if13:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 3a:78:6c:28:9e:76 brd ff:ff:ff:ff:ff:ff link-netnsid 0

作成したネットワーク空間にはいり、ip振って確認

コード表示

[oracle@centos ~]$ sudo ip netns exec netns01 ip addr add 192.168.100.3/24 dev veth0-cot
[oracle@centos ~]$ sudo ip netns exec netns01 ip addr show
1: lo:  mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
12: veth0-cot@if13:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 3a:78:6c:28:9e:76 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.100.3/24 scope global veth0-cot
       valid_lft forever preferred_lft forever
[oracle@centos ~]$ sudo ip netns exec netns01 ip link set veth0-cot up
[oracle@centos ~]$ sudo ip netns exec netns01 ip addr show
1: lo:  mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
12: veth0-cot@if13:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 3a:78:6c:28:9e:76 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.100.3/24 scope global veth0-cot
       valid_lft forever preferred_lft forever
    inet6 fe80::3878:6cff:fe28:9e76/64 scope link 
       valid_lft forever preferred_lft forever

host側からコンテナへ向けPingうつもう一度

コード表示

[oracle@centos ~]$ ping -c 1 -I veth0-hst 192.168.100.3
PING 192.168.100.3 (192.168.100.3) from 192.168.100.2 veth0-hst: 56(84) bytes of data.
64 bytes from 192.168.100.3: icmp_seq=1 ttl=64 time=0.054 ms

--- 192.168.100.3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.054/0.054/0.054/0.000 ms
[oracle@centos ~]$ ping -c 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=5.82 ms

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 5.821/5.821/5.821/0.000 ms

コンテナ側からhost側へ向けPINGうつ

コード表示

[oracle@centos ~]$ sudo ip netns exec netns01 ping 192.168.100.2
PING 192.168.100.2 (192.168.100.2) 56(84) bytes of data.
64 bytes from 192.168.100.2: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from 192.168.100.2: icmp_seq=2 ttl=64 time=0.085 ms
64 bytes from 192.168.100.2: icmp_seq=3 ttl=64 time=0.076 ms
64 bytes from 192.168.100.2: icmp_seq=4 ttl=64 time=0.075 ms
^C
--- 192.168.100.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.038/0.068/0.085/0.019 ms
[oracle@centos ~]$ sudo ip netns exec netns01 ping -c 1 8.8.8.8
connect: ネットワークに届きません

あとかたづけ

コード表示

[oracle@centos ~]$ sudo ip link set down veth0-hst
[oracle@centos ~]$ sudo ip netns exec netns01 ip link set veth0-cot down
[oracle@centos ~]$ sudo ip netns del netns01
[oracle@centos ~]$ ip a | grep veth