最近在看Docker的网络,测试Macvlan部分时,发现Docker创建Macvlan与预期测试结果不一样。所以查阅了Linux下配置Macvlan,记录如下。
参考
2.图解几个与Linux网络虚拟化相关的虚拟网卡-VETH/MACVLAN/MACVTAP/IPVLAN
环境
Centos7.9
准备
1. 安装包
javascript
[root@centos7-10 ~]# yum install -y net-tools iputils telnet traceroute iproute bridge-utils - net-tools:netstat命令
- iputils:ping命令
- telnet:telnet命令
- traceroute:traceroute命令
- iproute:ip命令
- bridge-utils:brctl命令
创建Macvlan
1. 创建命令
1.1 创建命令
- 命令说明
javascript
[root@centos7-10 ~]# ip link help
Usage: ip link add [link DEV] [ name ] NAME
[ txqueuelen PACKETS ]
[ address LLADDR ]
[ broadcast LLADDR ]
[ mtu MTU ] [index IDX ]
[ numtxqueues QUEUE_COUNT ]
[ numrxqueues QUEUE_COUNT ]
type TYPE [ ARGS ]
ip link delete { DEVICE | dev DEVICE | group DEVGROUP } type TYPE [ ARGS ]
省略 ......
ip link afstats [ dev DEVICE ]
ip link help [ TYPE ]
TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | macvtap |
bridge | bond | team | ipoib | ip6tnl | ipip | sit | vxlan |
gre | gretap | ip6gre | ip6gretap | vti | nlmon | team_slave |
bond_slave | ipvlan | geneve | bridge_slave | vrf | macsec }
[root@centos7-10 ~]# - TYPE 说明
- macvlan 网络包括:private 、vepa 、bridge 、passthru 、source,概念参见 Linux Macvlan 和 图解几个与Linux网络虚拟化相关的虚拟网卡-VETH/MACVLAN/MACVTAP/IPVLAN
javascript
[root@centos7-10 ~]# ip link help macvlan // TYPE类型是macvlan
Usage: ... macvlan mode MODE [flag MODE_FLAG] MODE_OPTS
MODE: private | vepa | bridge | passthru | source
MODE_FLAG: null | nopromisc
MODE_OPTS: for mode "source":
macaddr { { add | del } <macaddr> | set [ <macaddr> [ <macaddr> ... ] ] | flush }
[root@centos7-10 ~]# 1.2 创建Macvlan
- 基于enp0s5创建两块macvlan网卡,分别是enp0s5.100
javascript
// 创建两个macvlan,模式bridge
[root@centos7-10 ~]# ip link add link enp0s5 name enp0s5.100 type macvlan mode bridge
[root@centos7-10 ~]#
[root@centos7-10 ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s5: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:1c:42:ae:b6:41 brd ff:ff:ff:ff:ff:ff
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:e7:1d:3a:b1 brd ff:ff:ff:ff:ff:ff
18: enp0s5.100@enp0s5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 9a:a3:e9:6d:aa:af brd ff:ff:ff:ff:ff:ff2. 设置命令
2.1 配置网卡
- 配置网卡 IP
javascript
// 配置IP,更多命令详见 ip address help
[root@centos7-10 ~]# ip addr add 10.211.55.129/24 dev enp0s5.100
[root@centos7-10 ~]#
[root@centos7-10 ~]# ip a | grep -A3 enp0s5.100@enp0s5
18: enp0s5.100@enp0s5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 9a:a3:e9:6d:aa:af brd ff:ff:ff:ff:ff:ff
inet 10.211.55.129/24 scope global enp0s5.100
valid_lft forever preferred_lft forever
[root@centos7-10 ~]# - 配置混杂模式(promisc)
javascript
// 配置Promisc,更多命令详见 ip link set help
[root@centos7-10 ~]# ip link set enp0s5.100 promisc on
[root@centos7-10 ~]# ip a | grep -A3 enp0s5.100@enp0s5
18: enp0s5.100@enp0s5: <BROADCAST,MULTICAST,PROMISC> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 9a:a3:e9:6d:aa:af brd ff:ff:ff:ff:ff:ff
inet 10.211.55.129/24 scope global enp0s5.100
valid_lft forever preferred_lft forever
[root@centos7-10 ~]# - 启用网卡
javascript
// 启动网卡,更多命令详见 ip link set help
[root@centos7-10 ~]# ip link set enp0s5.100 up
[root@centos7-10 ~]# ip a | grep -A3 enp0s5.100@enp0s5
18: enp0s5.100@enp0s5: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 9a:a3:e9:6d:aa:af brd ff:ff:ff:ff:ff:ff
inet 10.211.55.129/24 scope global enp0s5.100
valid_lft forever preferred_lft forever
[root@centos7-10 ~]# 3. 测试网络
3.1 测试网络
- 测试网络
javascript
// ping 自己,通
[root@centos7-10 ~]# ping -c3 10.211.55.129
PING 10.211.55.129 (10.211.55.129) 56(84) bytes of data.
64 bytes from 10.211.55.129: icmp_seq=1 ttl=64 time=0.044 ms
64 bytes from 10.211.55.129: icmp_seq=2 ttl=64 time=0.054 ms
64 bytes from 10.211.55.129: icmp_seq=3 ttl=64 time=0.126 ms
--- 10.211.55.129 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.044/0.074/0.126/0.037 ms
// ping 网关,通
[root@centos7-10 ~]# ping -c3 10.211.55.1
PING 10.211.55.1 (10.211.55.1) 56(84) bytes of data.
64 bytes from 10.211.55.1: icmp_seq=1 ttl=128 time=0.299 ms
64 bytes from 10.211.55.1: icmp_seq=2 ttl=128 time=0.313 ms
64 bytes from 10.211.55.1: icmp_seq=3 ttl=128 time=0.299 ms
--- 10.211.55.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.299/0.303/0.313/0.021 ms
// ping 网络其它IP,通
[root@centos7-10 ~]# ping -c3 10.211.55.18
PING 10.211.55.18 (10.211.55.18) 56(84) bytes of data.
64 bytes from 10.211.55.18: icmp_seq=1 ttl=64 time=0.570 ms
64 bytes from 10.211.55.18: icmp_seq=2 ttl=64 time=0.507 ms
64 bytes from 10.211.55.18: icmp_seq=3 ttl=64 time=0.471 ms
--- 10.211.55.18 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.471/0.516/0.570/0.040 ms
// ping 外网,通
[root@centos7-10 ~]# ping -c3 www.baidu.com
PING www.a.shifen.com (110.242.68.3) 56(84) bytes of data.
64 bytes from 110.242.68.3 (110.242.68.3): icmp_seq=1 ttl=128 time=12.5 ms
64 bytes from 110.242.68.3 (110.242.68.3): icmp_seq=2 ttl=128 time=14.2 ms
64 bytes from 110.242.68.3 (110.242.68.3): icmp_seq=3 ttl=128 time=12.6 ms
--- www.a.shifen.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 3035ms
rtt min/avg/max/mdev = 12.503/13.130/14.244/0.800 ms
[root@centos7-10 ~]#