让我们创建两个 macvlan 并将网络命名空间附加到它们:
$ sudo ip link add macvlan1 link eth0 type macvlan mode bridge
$ sudo ip link add macvlan2 link eth0 type macvlan mode bridge
$ sudo ip netns add net1
$ sudo ip netns add net2
$ sudo ip link set macvlan1 netns net1 # attach net1 to macvlan1
$ sudo ip link set macvlan2 netns net2 # attach net2 to macvlan2
接下来,让我们在其中一个命名空间中启动一个简单的 tcp 服务器,启动它并确保它正常工作:
# let's bring loopback up
$ sudo ip netns exec net1 ip link set lo up
# start a server listening on port 5000
$ sudo ip netns exec net1 /bin/bash -c 'while (sleep 1); do echo "hello from net1"; done | nc -lk 5000 &'
# Now, from inside the net1 namespace, we can connect to the server
$ sudo ip netns exec net1 nc localhost 5000
hello from net1
hello from net1
hello from net1
hello from net1
hello from net1
hello from net1
现在,显然我无法从主机或 macvlan2 连接到该服务器:
# from the host
$ sudo nc localhost 5000
Ncat: Connection refused.
# from mcvlan2
$ sudo ip netns exec net2 nc localhost 5000
Ncat: Network is unreachable.
问题
我的问题是,如何让主机和 mcvlan2 (net2) 可以使用这个简单的 tcp 服务器?为了便于理解,假设我需要几十个这样的网络命名空间/macvlan。
编辑
$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9001
inet 172.31.15.87 netmask 255.255.240.0 broadcast 172.31.15.255
inet6 fe80::413:87ff:fe9c:f21b prefixlen 64 scopeid 0x20<link>
ether 06:13:87:9c:f2:1b txqueuelen 1000 (Ethernet)
RX packets 767 bytes 76228 (74.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 713 bytes 107200 (104.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
$ ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 06:13:87:9c:f2:1b brd ff:ff:ff:ff:ff:ff
$ sudo ip netns exec net1 ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 18 bytes 1552 (1.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 18 bytes 1552 (1.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
$ sudo ip netns exec net1 ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: macvlan1@if2: <BROADCAST,MULTICAST> mtu 9001 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether ae:d3:ae:64:24:99 brd ff:ff:ff:ff:ff:ff link-netnsid 0
解决方案尝试 #1
# change the tcp server to listen on all hosts
$ sudo ip netns exec net1 /bin/bash -c 'while (sleep 1); do echo "hello from net1"; done | nc -lk 0.0.0.0 5000'
# add ip addr to macvlan1 and bring it up
$ sudo ip netns exec net1 ifconfig macvlan1 192.168.2.1/32 up
# add default route to net1
$ sudo ip netns exec net1 ip route add default via 192.168.2.1
# attempt to connect to tcp server from host
$ sudo nc 192.168.2.1 5000
Ncat: Connection timed out.