我用的parallels Desktop 10.2.0 模拟机,可能是因为版本太老,我各种测试都无法解决Linux 跨主机Vlan通讯问题。索性在一台虚机上使用Linux bridge模拟测试,记录如下:

参考

环境

Ubuntu22.04

测试

1. 测试步骤

  • 阶段1: 在一台宿主机上创建4个独立的命名空间,并在命名空间中分别创建vlan 1和vlan 2。测试不同命名空间中相同vlan的通讯情况。
  • 阶段2: 阶段1基础上,在宿主机中也创建vlan 1和vlan 2,做为vlan的网关,开启NAT转发功能。测试不同命名空间中不同vlan的通讯情况。

2. 测试不同命名空间中相同vlan的通讯情况

Linux bridge模拟测试同Vlan与跨Vlan通讯-LMLPHP

  • 测试不同命名空间中相同vlan的通讯情况(同vlan通讯)
    • 创建4个命名空间(namespace),ns1、ns2、ns3、ns4
    • 创建4对veth pair:veth1veth1_brveth2veth2_brveth3veth3_brveth4veth4_br
    • 创建Linux bridge br0,虚拟网卡veth1_brveth2_brveth3_brveth4_br,加入br0
    • 虚拟网卡veth1加入ns1veth2加入ns2veth3加入ns3veth4加入ns4
    • ns1中创建veth1的子网卡veth1.1,vlan id设置为1ns2中创建veth2的子网卡veth2.1,vlan id设置为1
    • ns3中创建veth3的子网卡veth3.2,vlan id设置为2ns4中创建veth4的子网卡veth4.2,vlan id设置为2
    • ns1中子网卡veth1.1配置IP 192.168.10.100/24并启用;ns2中子网卡veth2.1配置IP 192.168.10.200/24并启用
    • ns3中子网卡veth3.2配置IP 172.16.1.100/24并启用;ns4中子网卡veth2.1配置IP 172.16.1.200/24并启用
    • 测试ns1Ping ns2的192.168.10.200通(相同vlan1)Ping ns3的172.16.1.100不通(vlan1与vlan2隔离)

2.1 创建4个命名空间(namespace),ns1、ns2、ns3、ns4
// 创建namespace
root@ubuntu22-25:~# ip netns add ns1
root@ubuntu22-25:~# ip netns add ns2
root@ubuntu22-25:~# ip netns add ns3
root@ubuntu22-25:~# ip netns add ns4
// 查看结果
root@ubuntu22-25:~# ip netns list
ns4
ns3
ns2
ns1
root@ubuntu22-25:~# 
2.2 创建4对veth pair:veth1和veth1_br、veth2和veth2_br、veth3和veth3_br、veth4和veth4_br
// 创建veth pair
root@ubuntu22-25:~# ip link add name veth1 type veth peer veth1_br
root@ubuntu22-25:~# ip link add name veth2 type veth peer veth2_br
root@ubuntu22-25:~# ip link add name veth3 type veth peer veth3_br
root@ubuntu22-25:~# ip link add name veth4 type veth peer veth4_br
// 启用veth
root@ubuntu22-25:~# ip link set veth1 up
root@ubuntu22-25:~# ip link set veth1_br up
root@ubuntu22-25:~# ip link set veth2 up
root@ubuntu22-25:~# ip link set veth2_br up
root@ubuntu22-25:~# ip link set veth3 up
root@ubuntu22-25:~# ip link set veth4_br up
root@ubuntu22-25:~# ip link set veth3_br up
root@ubuntu22-25:~# ip link set veth4 up
root@ubuntu22-25:~# ip link set veth4_br up
root@ubuntu22-25:~# 
2.3 创建Linux bridge br0,虚拟网卡veth1_br、veth2_br、veth3_br、veth4_br,加入br0
// 创建br0
root@ubuntu22-25:~# brctl addbr br0
root@ubuntu22-25:~# ip link set br0 up
// 虚拟网卡加入br0
root@ubuntu22-25:~# brctl addif br0 veth1_br
root@ubuntu22-25:~# brctl addif br0 veth2_br
root@ubuntu22-25:~# brctl addif br0 veth3_br
root@ubuntu22-25:~# brctl addif br0 veth4_br
// 查看结果
root@ubuntu22-25:~# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.ca19426b60e5       no   			veth1_br  
                                                        veth2_br
                                                        veth3_br
                                                        veth4_br
docker0         8000.0242131c4e62       no
root@ubuntu22-25:~# 
2.4 虚拟网卡veth1加入ns1、veth2加入ns2、veth3加入ns3、veth4加入ns4
// veth加入namespace
root@ubuntu22-25:~# ip link set veth1 netns ns1
root@ubuntu22-25:~# ip link set veth2 netns ns2
root@ubuntu22-25:~# ip link set veth3 netns ns3
root@ubuntu22-25:~# ip link set veth4 netns ns4
root@ubuntu22-25:~# 
2.5 ns1中创建veth1的子网卡veth1.1,vlan id设置为1;ns2中创建veth2的子网卡veth2.1,vlan id设置为1
  • ns1中创建veth1的子网卡veth1.1,vlan id设置为1
// ns1中创建veth1的子网卡veth1.1,vlan id设置为1
root@ubuntu22-25:~# ip netns exec ns1 ip link add link veth1 name veth1.1 type vlan id 1
// 启用网卡,不启用lo无法ping通
root@ubuntu22-25:~# ip netns exec ns1 ip link set lo up
root@ubuntu22-25:~# ip netns exec ns1 ip link set veth1 up
root@ubuntu22-25:~# ip netns exec ns1 ip link set veth1.1 up
// 配置IP 192.168.10.100/24
root@ubuntu22-25:~# ip netns exec ns1 ip addr add 192.168.10.100/24 dev veth1.1
root@ubuntu22-25:~# ip netns exec ns1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: veth1.1@veth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9a:72:89:8d:28:29 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.100/24 scope global veth1.1
       valid_lft forever preferred_lft forever
    inet6 fe80::9872:89ff:fe8d:2829/64 scope link 
       valid_lft forever preferred_lft forever
8: veth1@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9a:72:89:8d:28:29 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::9872:89ff:fe8d:2829/64 scope link 
       valid_lft forever preferred_lft forever
root@ubuntu22-25:~# 
  • ns2中创建veth2的子网卡veth2.1,vlan id设置为1
// s2中创建veth2的子网卡veth2.1,vlan id设置为1
root@ubuntu22-25:~# ip netns exec ns2 ip link add link veth2 name veth2.1 type vlan id 1
// 配置IP
root@ubuntu22-25:~# ip netns exec ns2 ip addr add 192.168.10.200/24 dev veth2.1
root@ubuntu22-25:~# ip netns exec ns2 ip link set lo up
root@ubuntu22-25:~# ip netns exec ns2 ip link set veth2 up
root@ubuntu22-25:~# ip netns exec ns2 ip link set veth2.1 up
root@ubuntu22-25:~# ip netns exec ns2 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: veth2.1@veth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 3a:bf:7f:75:16:89 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.200/24 scope global veth2.1
       valid_lft forever preferred_lft forever
    inet6 fe80::38bf:7fff:fe75:1689/64 scope link 
       valid_lft forever preferred_lft forever
10: veth2@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 3a:bf:7f:75:16:89 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::38bf:7fff:fe75:1689/64 scope link 
       valid_lft forever preferred_lft forever
root@ubuntu22-25:~# 
2.6 ns3中创建veth3的子网卡veth3.2,vlan id设置为2;ns4中创建veth4的子网卡veth4.2,vlan id设置为2
  • ns3中创建veth3的子网卡veth3.2,vlan id 2
// ns3中创建veth3的子网卡veth3.2,vlan id 2
root@ubuntu22-25:~# ip netns exec ns3 ip link add link veth3 name veth3.2 type vlan id 2
// 配置IP
root@ubuntu22-25:~# ip netns exec ns3 ip addr add 172.16.1.100/24 dev veth3.2
root@ubuntu22-25:~# ip netns exec ns3 ip link set lo up
root@ubuntu22-25:~# ip netns exec ns3 ip link set veth3 up
root@ubuntu22-25:~# ip netns exec ns3 ip link set veth3.2 up
root@ubuntu22-25:~# ip netns exec ns3 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: veth3.2@veth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 5a:d2:22:1e:6f:75 brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.100/24 scope global veth3.2
       valid_lft forever preferred_lft forever
    inet6 fe80::58d2:22ff:fe1e:6f75/64 scope link 
       valid_lft forever preferred_lft forever
12: veth3@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 5a:d2:22:1e:6f:75 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::58d2:22ff:fe1e:6f75/64 scope link 
       valid_lft forever preferred_lft forever
root@ubuntu22-25:~# 
  • ns4中创建veth4的子网卡veth4.2,vlan id设置为2
// ns4中创建veth4的子网卡veth4.2,vlan id设置为2
root@ubuntu22-25:~# ip netns exec ns4 ip link add link veth4 name veth4.2 type vlan id 2
// 配置IP
root@ubuntu22-25:~# ip netns exec ns4 ip addr add 172.16.1.200/24 dev veth4.2
root@ubuntu22-25:~# ip netns exec ns4 ip link set lo up
root@ubuntu22-25:~# ip netns exec ns4 ip link set veth4 up
root@ubuntu22-25:~# ip netns exec ns4 ip link set veth4.2 up
root@ubuntu22-25:~# ip netns exec ns4 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: veth4.2@veth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether e2:e2:06:53:3a:72 brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.200/24 scope global veth4.2
       valid_lft forever preferred_lft forever
    inet6 fe80::e0e2:6ff:fe53:3a72/64 scope link 
       valid_lft forever preferred_lft forever
14: veth4@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether e2:e2:06:53:3a:72 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::e0e2:6ff:fe53:3a72/64 scope link 
       valid_lft forever preferred_lft forever
root@ubuntu22-25:~# 
2.7 测试ns1中Ping ns2的192.168.10.200,通(相同vlan1);Ping ns3的172.16.1.100不通(vlan1与vlan2隔离)
  • 查看ns1中网络
// 查看ns1中IP
root@ubuntu22-25:~# ip netns exec ns1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: veth1.1@veth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9a:72:89:8d:28:29 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.100/24 scope global veth1.1
       valid_lft forever preferred_lft forever
    inet6 fe80::9872:89ff:fe8d:2829/64 scope link 
       valid_lft forever preferred_lft forever
8: veth1@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9a:72:89:8d:28:29 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::9872:89ff:fe8d:2829/64 scope link 
       valid_lft forever preferred_lft forever
  • ping ns2中通vlan 1的192.168.10.200网络通
root@ubuntu22-25:~# ip netns exec ns1 ping 192.168.10.200 -c3
PING 192.168.10.200 (192.168.10.200): 56 data bytes
64 bytes from 192.168.10.200: icmp_seq=0 ttl=64 time=0.163 ms
64 bytes from 192.168.10.200: icmp_seq=1 ttl=64 time=0.096 ms
64 bytes from 192.168.10.200: icmp_seq=2 ttl=64 time=0.070 ms
--- 192.168.10.200 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.070/0.110/0.163/0.039 ms
  • ping ns3中通vlan 2的172.16.1.100网络不通
root@ubuntu22-25:~# ip netns exec ns1 ping 172.16.10.100 -c3
PING 172.16.10.100 (172.16.10.100): 56 data bytes
ping: sending packet: Network is unreachable
ping: sending packet: Network is unreachable
  • 同样,ns3中ping ns4(同vlan 2)和ns1(不通vlan)结果与上相同
// 查看ns3中IP
root@ubuntu22-25:~# ip netns exec ns3 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: veth3.2@veth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 5a:d2:22:1e:6f:75 brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.100/24 scope global veth3.2
       valid_lft forever preferred_lft forever
    inet6 fe80::58d2:22ff:fe1e:6f75/64 scope link 
       valid_lft forever preferred_lft forever
12: veth3@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 5a:d2:22:1e:6f:75 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::58d2:22ff:fe1e:6f75/64 scope link 
       valid_lft forever preferred_lft forever
// 测试ping ns4
root@ubuntu22-25:~# ip netns exec ns3 ping 172.16.1.200 -c3
PING 172.16.1.200 (172.16.1.200): 56 data bytes
64 bytes from 172.16.1.200: icmp_seq=0 ttl=64 time=0.128 ms
64 bytes from 172.16.1.200: icmp_seq=1 ttl=64 time=0.095 ms
64 bytes from 172.16.1.200: icmp_seq=2 ttl=64 time=0.164 ms
--- 172.16.1.200 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.095/0.129/0.164/0.028 ms
// 测试ping ns3
root@ubuntu22-25:~# ip netns exec ns3 ping 192.168.1.100 -c3
PING 192.168.1.100 (192.168.1.100): 56 data bytes
ping: sending packet: Network is unreachable
root@ubuntu22-25:~# 

3. 测试不同命名空间中不同vlan的通讯情况

Linux bridge模拟测试同Vlan与跨Vlan通讯-LMLPHP

  • 测试不同命名空间中不同vlan的通讯情况(跨vlan通讯)
    • 创建1对veth pair:veth_hostveth_host_brveth_host_br加入br0
    • 创建veth_host的子网卡veth_host.1(vlan 1),子网卡veth_host.2(vlan 2)
    • veth_host.1配置IP 192.168.10.1并启用,veth_host.2配置IP 172.16.1.1并启用
    • ns1ns2中,增加vlan 1的默认路由指向192.168.10.1ns3ns4中,增加vlan 2的默认路由指向172.16.1.1
    • 开启宿主机的NAT ip_forward 转发功能
    • 增加 veth_host.1veth_host.2之间的forward转发规则
    • 测试ns1中Ping ns3172.16.1.100通(三层转发);Ping ns4172.16.1.200通(三层转发)

3.1 创建1对veth pair:veth_host和veth_host_br,veth_host_br加入br0
// 创建veth pair
root@ubuntu22-25:~# ip link add name veth_host type veth peer veth_host_br
root@ubuntu22-25:~# ip link set veth_host up
root@ubuntu22-25:~# ip link set veth_host_br up
// 加入br0
root@ubuntu22-25:~# brctl addif br0 veth_host_br
3.2 创建veth_host的子网卡veth_host.1(vlan 1),子网卡veth_host.2(vlan 2)

在宿主机创建vlan,与之前的ns1、ns2、ns3、ns4中的vlan不在同一命名空间。

// 创建vlan
root@ubuntu22-25:~# ip link add link veth_host name veth_host.1 type vlan id 1
root@ubuntu22-25:~# ip link add link veth_host name veth_host.2 type vlan id 2
3.3 veth_host.1配置IP 192.168.10.1并启用,veth_host.2配置IP 172.16.1.1并启用

配置vlan 1和vlan 2的IP,作为vlan的网关。

// 配置网关
root@ubuntu22-25:~# ip addr add 192.168.10.1/24 dev veth_host.1
root@ubuntu22-25:~# ip addr add 172.16.1.1/24 dev veth_host.2
root@ubuntu22-25:~# ip link set veth_host.1 up
root@ubuntu22-25:~# ip link set veth_host.2 up
3.4 ns1和ns2中,增加vlan 1的默认路由指向192.168.10.1;ns3和ns4中,增加vlan 2的默认路由指向172.16.1.1
  • ns1增加vlan 1的默认路由指向192.168.10.1
// 增加默认路由
root@ubuntu22-25:~# ip netns exec ns1 ip route add default via 192.168.10.1 dev veth1.1
root@ubuntu22-25:~# ip netns exec ns1 ip route
default via 192.168.10.1 dev veth1.1 
192.168.10.0/24 dev veth1.1 proto kernel scope link src 192.168.10.100 
root@ubuntu22-25:~# 
  • ns2增加vlan 1的默认路由指向192.168.10.1
// 增加默认路由
root@ubuntu22-25:~# ip netns exec ns2 ip route add default via 192.168.10.1 dev veth2.1
root@ubuntu22-25:~# ip netns exec ns2 ip route
default via 192.168.10.1 dev veth2.1 
192.168.10.0/24 dev veth2.1 proto kernel scope link src 192.168.10.200 
root@ubuntu22-25:~# 
  • ns3增加vlan 2的默认路由指向172.16.1.1
// 增加默认路由
root@ubuntu22-25:~# ip netns exec ns3 ip route add default via 172.16.1.1 dev veth3.2
root@ubuntu22-25:~# ip netns exec ns3 ip route
default via 172.16.1.1 dev veth3.2 
172.16.1.0/24 dev veth3.2 proto kernel scope link src 172.16.1.100 
root@ubuntu22-25:~# 
  • ns4增加vlan 2的默认路由指向172.16.1.1
// 增加默认路由
root@ubuntu22-25:~# ip netns exec ns4 ip route add default via 172.16.1.1 dev veth4.2
root@ubuntu22-25:~# ip netns exec ns4 ip route
default via 172.16.1.1 dev veth4.2 
172.16.1.0/24 dev veth4.2 proto kernel scope link src 172.16.1.200 
root@ubuntu22-25:~# 
3.5 开启宿主机的NAT ip_forward 转发功能,增加 veth_host.1和veth_host.2之间的forward转发规则
  • 开启宿主机的NAT ip_forward 转发功能
// 暂时开启方式1
root@ubuntu22-25:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@ubuntu22-25:~# cat /proc/sys/net/ipv4/ip_forward 
1
root@ubuntu22-25:~# 
// 或者 暂时开启方式2
root@ubuntu22-25:~# sysctl -w net.ipv4.ip_forward=1
root@ubuntu22-25:~# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
// 永久开启,修改/etc/sysctl.conf 
root@ubuntu22-25:~# vim /etc/sysctl.conf

Linux bridge模拟测试同Vlan与跨Vlan通讯-LMLPHP

// 使修改立即生效
sysctl -p /etc/sysctl.conf
3.6 增加 veth_host.1和veth_host.2之间的forward转发规则
  • iptables 增加 filter表 FORWARD规则
// 增加默认filter的转发规则,允许veth_host.1与veth_host.2之间通讯
root@ubuntu22-25:~# iptables -A FORWARD -i veth_host.1 -o veth_host.2 -j ACCEPT
root@ubuntu22-25:~# iptables -A FORWARD -i veth_host.2 -o veth_host.1 -j ACCEPT
// 查看结果
root@ubuntu22-25:~# iptables -L -v -n -t filter

Linux bridge模拟测试同Vlan与跨Vlan通讯-LMLPHP

3.7 测试ns1中Ping ns3的172.16.1.100,通(三层转发);Ping ns4的172.16.1.200,通(三层转发)
  • 查看ns1的IP
// 查看ns1的IP
root@ubuntu22-25:~# ip netns exec ns1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: veth1.1@veth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9a:72:89:8d:28:29 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.100/24 scope global veth1.1
       valid_lft forever preferred_lft forever
    inet6 fe80::9872:89ff:fe8d:2829/64 scope link 
       valid_lft forever preferred_lft forever
8: veth1@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9a:72:89:8d:28:29 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::9872:89ff:fe8d:2829/64 scope link 
       valid_lft forever preferred_lft forever
  • 测试ns1中Ping ns3172.16.1.100通(三层转发)
// ping vlan2的网关172.16.1.1
root@ubuntu22-25:~# ip netns exec ns1 ping 172.16.1.1 -c3
PING 172.16.1.1 (172.16.1.1): 56 data bytes
64 bytes from 172.16.1.1: icmp_seq=0 ttl=64 time=0.290 ms
64 bytes from 172.16.1.1: icmp_seq=1 ttl=64 time=0.104 ms
64 bytes from 172.16.1.1: icmp_seq=2 ttl=64 time=0.105 ms
--- 172.16.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.104/0.166/0.290/0.087 ms
// ping ns3中vlan2 IP 172.16.1.100
root@ubuntu22-25:~# ip netns exec ns1 ping 172.16.1.100 -c3
PING 172.16.1.100 (172.16.1.100): 56 data bytes
64 bytes from 172.16.1.100: icmp_seq=0 ttl=63 time=0.119 ms
64 bytes from 172.16.1.100: icmp_seq=1 ttl=63 time=0.204 ms
64 bytes from 172.16.1.100: icmp_seq=2 ttl=63 time=0.131 ms
--- 172.16.1.100 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.119/0.151/0.204/0.038 ms
  • 测试ns1中Ping ns4172.16.1.200通(三层转发)
// ping ns4中vlan2 IP 172.16.1.200
root@ubuntu22-25:~# ip netns exec ns1 ping 172.16.1.200 -c3
PING 172.16.1.200 (172.16.1.200): 56 data bytes
64 bytes from 172.16.1.200: icmp_seq=0 ttl=63 time=0.134 ms
64 bytes from 172.16.1.200: icmp_seq=1 ttl=63 time=0.138 ms
64 bytes from 172.16.1.200: icmp_seq=2 ttl=63 time=0.130 ms
--- 172.16.1.200 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.130/0.134/0.138/0.000 ms
root@ubuntu22-25:~# 

总结

通过单台宿主机上配置多个命名空间,并在其中创建vlan1和vlan2,验证了相同vlan下,网络是通的。配合启用NAT转发,通过三层也可以实现不同vlan之间的通讯。

01-11 20:40