我想获得下一个目前没有互联网访问的虚拟网络结构:
br0
|
| - vhost1 < -- > vguest1
| - vhost2 < -- > vguest2
| - tap
vguest1 和 vguest2 位于隔离命名空间中。
我的脚本是:
#!/bin/bash
set -ex
# because of this, do not run script itself under sudo:
YOUR_USER=$(whoami)
network=192.168.41
down_interface() {
# 2>/dev/null
sudo ip link set "$1" down || true
sudo ip link delete "$1" || true
}
setup_tap() {
#tap:
sudo ip tuntap add dev "$1" mode tap # user "${YOUR_USER}" group netdev
sudo ip link set "$1" master $br
sudo ip link set "$1" up
# sudo bridge vlan add dev "$1" vid "$2" pvid untagged master
}
setup_veth() {
sudo ip link add "$1" type veth peer name "$2"
#sudo ip link set "$1" master $br
sudo ip -4 addr add "$3" dev "$1"
sudo ip link set "$1" up
sudo ip link set "$2" netns guests
sudo ip netns exec guests bash -c "ip -4 addr add $4 dev $2 ; ip link set $2 up"
}
br=br0
sudo ip netns del guests
down_interface tap_emu
down_interface vhost1
down_interface vhost2
down_interface $br
sudo usermod -a -G netdev "${YOUR_USER}"
#bridge:
sudo ip link add name $br type bridge # vlan_filtering 1
sudo ip -4 addr add "$network".1/24 dev $br
sudo ip link set $br up # promisc on arp on
setup_tap tap_emu 10
# guests namespace:
sudo ip netns add guests
setup_veth vhost1 vguest1 "$network".21/24 "$network".22/24
setup_veth vhost2 vguest2 "$network".23/24 "$network".24/24
ip addr show
ping -c 2 -W 1 -I vhost1 "$network".1
ping -c 2 -W 1 -I vhost2 "$network".1
ping -c 2 -W 1 -I vhost2 "$network".22
ping -c 2 -W 1 -I vhost2 "$network".24
在创作过程中,我受到了 如何设置 `veth` 虚拟网络 和 https://habr.com/ru/post/549414/
我想知道,为什么脚本末尾的所有 ping 都不起作用。我错过了什么?