VLAN簡介
虛擬區域網路(Virtual Local Area Network或簡寫VLAN, V-LAN)是一種建構於區域網路交換技術(LAN Switch)的網路管理的技術,網管人員可以藉此透過控制交換器有效分派出入區域網的封包到正確的出入埠,達到對不同實體區域網中的裝置進行邏輯分群(Grouping)管理,並降低區域網內大量資料流通時,因無用封包過多導致壅塞的問題,以及提昇區域網的資訊安全保障。 簡言之,VLAN實現了對不同位置設備的虛擬區域網路分群(對廣播域進行分群),方便進行管理。
本文目標
將Host的一網路界面與Netns中的網路界面劃歸在同一VLAN下,使得Host與Netns在同一VLAN下通訊
環境
VM:Debian10
Netns: 1
2root@YoungDebian:~# ip netns ls
net1 (id: 0)
Veth pair: 1
2
3
4
5
6
7
8
9root@YoungDebian:~# ifconfig
veth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::c028:efff:feb3:b9e4 prefixlen 64 scopeid 0x20<link>
ether c2:28:ef:b3:b9:e4 txqueuelen 1000 (Ethernet)
RX packets 15 bytes 1202 (1.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 40 bytes 4891 (4.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
1 | root@YoungDebian:~# ip netns exec net1 ifconfig |
安裝vconfig
1 | root@YoungDebian:~# apt-get install vlan |
載入802.1Q模塊並確認
1 | root@YoungDebian:~# modprobe 8021q |
設定VLAN到Vethpair(tag為100)
1 | root@YoungDebian:~# vconfig add veth0 100 |
1 | root@YoungDebian:~# ip netns exec net1 vconfig add veth1 100 |
測試連通性
Terminal1: 1
2
3
4
5
6
7
8
9
10root@YoungDebian:~# ping -vI veth0.100 192.168.1.101
PING 192.168.1.101 (192.168.1.101) from 192.168.1.100 veth0.100: 56(84) bytes of data.
64 bytes from 192.168.1.101: icmp_seq=1 ttl=64 time=0.080 ms
64 bytes from 192.168.1.101: icmp_seq=2 ttl=64 time=0.073 ms
64 bytes from 192.168.1.101: icmp_seq=3 ttl=64 time=0.089 ms
64 bytes from 192.168.1.101: icmp_seq=4 ttl=64 time=0.109 ms
^C
--- 192.168.1.101 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 77ms
rtt min/avg/max/mdev = 0.073/0.087/0.109/0.017 ms
Terminal2: 1
2
3
4
5
6
7root@YoungDebian:~# tcpdump -i veth0 -v -e
tcpdump: listening on veth0, link-type EN10MB (Ethernet), capture size 262144 bytes
22:40:56.202264 c2:28:ef:b3:b9:e4 (oui Unknown) > e6:00:36:fd:38:e6 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 100, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 54754, offset 0, flags [DF], proto ICMP (1), length 84)
YoungDebian > 192.168.1.101: ICMP echo request, id 3352, seq 1, length 64
22:40:56.202313 e6:00:36:fd:38:e6 (oui Unknown) > c2:28:ef:b3:b9:e4 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 100, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 38346, offset 0, flags [none], proto ICMP (1), length 84)
192.168.1.101 > YoungDebian: ICMP echo reply, id 3352, seq 1, length 64
22:40:57.227785 c2:28:ef:b3:b9:e4 (oui Unknown) > e6:00:36:fd:38:e6 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 100, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 54795, offset 0, flags [DF], proto ICMP (1), length 84)
可見Host端的veth0.100和Netns端的veth1.100通過tag100成功溝通。
後記
- 本文是VLAN的簡單實踐,較複雜情況的模擬後續可拓展
- 新年快樂!