版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/hz5034/article/details/83446157
tap
Linux使用tun模块实现tun/tap,tun工作在L3,tap工作在L2
modinfo tun
lsmod | grep tun
modprobe tun
# vi /etc/yum.repos.d/nux-misc.repo
[nux-misc]
name=Nux Misc
baseurl=http://li.nux.ro/download/nux/misc/el7/x86_64/
enabled=0
gpgcheck=1
gpgkey=http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
yum --enablerepo=nux-misc install tunctl -y
tunctl -t tap1
ifconfig -a
ip addr add 10.0.0.1/24 dev tap1
namespace
一个namespace提供了一套独立的网络协议栈
ip netns add ns1
ip netns list
ip link set tap1 netns ns1
ip netns exec ns1 ifconfig -a
ip netns exec ns1 ip addr add 10.0.0.1/24 dev tap1
# 打开ns1的转发
ip netns exec ns1 sysctl -w net.ipv4.ip_forward=1
veth pair
ip link add tap1 type veth peer name tap2
ip netns add ns1
ip netns add ns2
ip link set tap1 netns ns1
ip link set tap2 netns ns2
ip netns exec ns1 ip addr add 10.0.0.1/24 dev tap1
ip netns exec ns2 ip addr add 10.0.0.2/24 dev tap2
ip netns exec ns1 ifconfig tap1 up
ip netns exec ns2 ifconfig tap2 up
ip netns exec ns1 ping 10.0.0.2
ip netns exec ns2 ping 10.0.0.1
bridge
yum install bridge-utils -y
ip link add tap1 type veth peer name peer1
ip link add tap2 type veth peer name peer2
ip link add tap3 type veth peer name peer3
ip link add tap4 type veth peer name peer4
ip netns add ns1
ip netns add ns2
ip netns add ns3
ip netns add ns4
ip link set tap1 netns ns1
ip link set tap2 netns ns2
ip link set tap3 netns ns3
ip link set tap4 netns ns4
brctl addbr br1
brctl addif br1 peer1
brctl addif br1 peer2
brctl addif br1 peer3
brctl addif br1 peer4
ip netns exec ns1 ip addr add 10.0.0.1/24 dev tap1
ip netns exec ns2 ip addr add 10.0.0.2/24 dev tap2
ip netns exec ns3 ip addr add 10.0.0.3/24 dev tap3
ip netns exec ns4 ip addr add 10.0.0.4/24 dev tap4
ifconfig br1 up
ifconfig peer1 up
ifconfig peer2 up
ifconfig peer3 up
ifconfig peer4 up
ip netns exec ns1 ifconfig tap1 up
ip netns exec ns2 ifconfig tap2 up
ip netns exec ns3 ifconfig tap3 up
ip netns exec ns4 ifconfig tap4 up
ip netns exec ns1 ping 10.0.0.2
ip netns exec ns1 ping 10.0.0.3
ip netns exec ns1 ping 10.0.0.4
router
linux本身就是一个路由器
cat /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_forward
ip link add tap1 type veth peer name peer1
ip link add tap2 type veth peer name peer2
ip netns add ns1
ip netns add ns2
ip link set tap1 netns ns1
ip link set tap2 netns ns2
ip addr add 10.0.1.1/24 dev peer1
ip addr add 10.0.2.1/24 dev peer2
ip netns exec ns1 ip addr add 10.0.1.2/24 dev tap1
ip netns exec ns2 ip addr add 10.0.2.2/24 dev tap2
ifconfig peer1 up
ifconfig peer2 up
ip netns exec ns1 ifconfig tap1 up
ip netns exec ns2 ifconfig tap2 up
ip netns exec ns1 ip route add 10.0.2.0/24 via 10.0.1.1
ip netns exec ns2 ip route add 10.0.1.0/24 via 10.0.2.1
ip netns exec ns1 ping 10.0.2.2
ip netns exec ns2 ping 10.0.1.2
tun
ip netns exec ns1 ip tunnel add tun1 mode ipip remote 10.0.2.2 local 10.0.1.2
ip netns exec ns2 ip tunnel add tun2 mode ipip remote 10.0.1.2 local 10.0.2.2
ip netns exec ns1 ip addr add 10.0.3.2/24 dev tun1
ip netns exec ns2 ip addr add 10.0.4.2/24 dev tun2
ip netns exec ns1 ifconfig tun1 up
ip netns exec ns2 ifconfig tun2 up
ip netns exec ns1 ip route add 10.0.4.0/24 dev tun1
ip netns exec ns2 ip route add 10.0.3.0/24 dev tun2
iptables -I FORWARD -p 4 -j ACCEPT
ip netns exec ns1 ping 10.0.4.2
ip netns exec ns2 ping 10.0.3.2