Linux 及 Kubernetes 网络原理实操整理
1. 环境搭建
基于 virtualbox + Vagrant 自动编排可验证的统一实验环境。
- 安装 virtualbox、vagrant (参考)
# Installation virtualbox (for example ubuntu20.04)
curl -OL 'https://download.virtualbox.org/virtualbox/6.1.32/virtualbox-6.1_6.1.32-149290~Ubuntu~eoan_amd64.deb'
sudo dpkg -i virtualbox-*.deb
# Installation vagrant
sudo apt update
sudo apt install -y vagrant vagrant-hostmanager- Vagrantfile
cat <<-'EOF' > ./Vagrantfile
plugins_dependencies = %w( vagrant-hostmanager)
plugin_status = false
plugins_dependencies.each do |plugin_name|
unless Vagrant.has_plugin? plugin_name
system("vagrant plugin install #{plugin_name}")
plugin_status = true
puts " #{plugin_name} Dependencies installed"
end
end
if plugin_status === true
exec "vagrant #{ARGV.join' '}"
else
puts "All Plugin Dependencies already installed"
end
Vagrant.configure("2") do |config|
config.vm.box = "generic/alpine314"
config.hostmanager.enabled = true
config.hostmanager.include_offline = true
config.hostmanager.manage_host = true
config.vm.provision :hostmanager
config.vm.define "node1" do |c|
c.ssh.insert_key = 'true'
c.vm.hostname = "node1"
c.vm.network "private_network", ip: "10.10.10.10"
c.vm.provision "shell", inline: "sudo sed -i 's/sjc.edge.kernel.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories"
c.vm.provision "shell", inline: "sudo apk add iproute2 git zsh"
c.vm.provision "shell", inline: 'REMOTE=https://gitee.com/mirrors/oh-my-zsh.git sh -c "$(curl -fsSL https://gitee.com/mirrors/oh-my-zsh/raw/master/tools/install.sh)"'
c.vm.provision "shell", inline: <<-SHELL
sudo cp -r /root/.oh-my-zsh/ /home/vagrant/
sudo sed -i s/robbyrussell/ys/g /root/.zshrc
sudo cp -r /root/.zshrc /home/vagrant/
SHELL
c.vm.provider "virtualbox" do |vb|
vb.memory = "1024"
vb.cpus = 1
end
end
config.vm.define "node2" do |c|
c.ssh.insert_key = 'true'
c.vm.hostname = "node2"
c.vm.network "private_network", ip: "10.10.10.11"
c.vm.provision "shell", inline: "sudo sed -i 's/sjc.edge.kernel.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories"
c.vm.provision "shell", inline: "sudo apk add iproute2 git zsh"
c.vm.provision "shell", inline: 'REMOTE=https://gitee.com/mirrors/oh-my-zsh.git sh -c "$(curl -fsSL https://gitee.com/mirrors/oh-my-zsh/raw/master/tools/install.sh)"'
c.vm.provision "shell", inline: <<-SHELL
sudo cp -r /root/.oh-my-zsh/ /home/vagrant/
sudo sed -i s/robbyrussell/ys/g /root/.zshrc
sudo cp -r /root/.zshrc /home/vagrant/
SHELL
c.vm.provider "virtualbox" do |vb|
vb.memory = "1024"
vb.cpus = 1
end
end
end
EOF- 并行启动虚拟机(大概需要两分钟启动并安装环境)
grep config.vm.define Vagrantfile | awk -F '"' '{print $2}' | xargs -P2 -I {} vagrant up {}- 如果在做实验的过程中,觉得哪里配错了,环境出问题了,那么请直接
vagrant destroy -f && vagrant up
2. IPVLAN、MacVLAN、bridge、route 等实操
- 登录虚拟机 (密码:
vagrant)
ssh vagrant@127.0.0.1 -p 2200 # node1
ssh vagrant@127.0.0.1 -p 2222 # node2- 实验步骤
# 2 Class Materials Kubernetes Network IPVLAN And MacVLAN
[root@k8s-1 ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02420fc5558c no veth41b2167
[root@k8s-1 ~]# # 创建 IPvlan L2
[root@k8s-1 ~]# ip netns list
[root@k8s-1 ~]# ip netns add net1
[root@k8s-1 ~]# ip netns list
net1
[root@k8s-1 ~]# ip netns add net2
[root@k8s-1 ~]# ip link add ipvlan1 link ens33 type ipvlan l2
ipvlan: unknown option "l2"?
Usage: ... ipvlan [ mode { l2 | l3 | l3s } ]
[root@k8s-1 ~]#
[root@k8s-1 ~]# ip link add ipvlan1 link ens33 type ipvlan mode l2
[root@k8s-1 ~]# ip link add ipvlan2 link ens33 type ipvlan mode l2
[root@k8s-1 ~]# ip link set ipvlan1 netns net1
[root@k8s-1 ~]# ip link set ipvlan2 netns net2
[root@k8s-1 ~]#
[root@k8s-1 ~]# ip netns exec net1 ifconfig ipvlan1 172.12.1.5/24 up
[root@k8s-1 ~]# ip netns exec net2 ifconfig ipvlan2 172.12.1.6/24 up
[root@k8s-1 ~]#
[root@k8s-1 ~]# # 父接口所在的 gateway
[root@k8s-1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.12.1.2 0.0.0.0 UG 100 0 0 ens33
172.12.1.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
[root@k8s-1 ~]#
[root@k8s-1 ~]# net1 172.12.1.5 172.12.1.2 ?
[root@k8s-1 ~]# net1 172.12.1.5 114.114.114.114 ?
[root@k8s-1 ~]# net1 172.12.1.5 172.12.1.30-p-intreface ?
00:0c:29:8a:c3:29 SrcMAC SrcIP172.12.1.5
00:0c:29:8a:c3:29 DstMAC DstIP172.12.1.30
P1
P2
P2
ICMP Request :
172.12.1.5
172.12.1.2
Src MAC =/ DstMAC
[root@k8s-1 ~]# net1 172.12.1.5 114.114.114.114 ?
[root@k8s-1 ~]# ip netns exec net1 ping 114.114.114.114
connect: Network is unreachable
[root@k8s-1 ~]#
[root@k8s-1 ~]# # 无路由到 114.114.114.114
[root@k8s-1 ~]# ip netns exec net1 route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.12.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ipvlan1
[root@k8s-1 ~]#
[root@k8s-1 ~]# ip netns exec net1 route add -net 0.0.0.0/0 gw 172.12.1.2
[root@k8s-1 ~]# ip netns exec net1 ping 114.114.114.114
PING 114.114.114.114 (114.114.114.114) 56(84) bytes of data.
64 bytes from 114.114.114.114: icmp_seq=1 ttl=128 time=61.6 ms
^C
--- 114.114.114.114 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 60.729/61.193/61.657/0.464 ms
[root@k8s-1 ~]#
[root@k8s-1 ~]# ip netns exec net1 route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.12.1.2 0.0.0.0 UG 0 0 0 ipvlan1
172.12.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ipvlan1
[root@k8s-1 ~]#
# net1 再创建一个ip 172.12.1.7
# 172.12.1.6 通?
# 此时172.12.1.5 - 172.12.1.6 ?
# https://github.com/nokia/danm
Slack:
# IPVLAN L2:
[root@k8s-1 ~]# ip netns add net1
[root@k8s-1 ~]# ip netns add net2
[root@k8s-1 ~]#
[root@k8s-1 ~]# ip link add ipvlan1 link ens33 type ipvlan mode l3
[root@k8s-1 ~]# ip link add ipvlan2 link ens33 type ipvlan mode l3
[root@k8s-1 ~]# ip link set ipvlan1 netns net 1
Error: argument "net" is wrong: Invalid "netns" value
[root@k8s-1 ~]# ip link set ipvlan1 netns net1
[root@k8s-1 ~]# ip link set ipvlan2 netns net2
[root@k8s-1 ~]#
[root@k8s-1 ~]#
[root@k8s-1 ~]# ip netns exec net1 ifconfig 172.12.10.5/24 up
172.12.10.5/24: ERROR while getting interface flags: No such device
[root@k8s-1 ~]# ip netns exec net1 ifconfig ipvlan1 172.12.10.5/24 up
[root@k8s-1 ~]# ip netns exec net2 ifconfig ipvlan2 172.12.20.5/24 up
[root@k8s-1 ~]#
[root@k8s-1 ~]#
[root@k8s-1 ~]# ip netns exec net1 ping 172.12.20.5
connect: Network is unreachable
[root@k8s-1 ~]# ip netns exec net1 route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.12.10.0 0.0.0.0 255.255.255.0 U 0 0 0 ipvlan1
[root@k8s-1 ~]#
[root@k8s-1 ~]#
[root@k8s-1 ~]# ip netns exec net1 ping 172.12.20.5
connect: Network is unreachable
[root@k8s-1 ~]# ip netns exec net1 route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.12.10.0 0.0.0.0 255.255.255.0 U 0 0 0 ipvlan1
[root@k8s-1 ~]# ip netns exec net1 route add -net 172.12.20.0/24 dev ipvlan1
[root@k8s-1 ~]# ip netns exec net1 route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.12.10.0 0.0.0.0 255.255.255.0 U 0 0 0 ipvlan1
172.12.20.0 0.0.0.0 255.255.255.0 U 0 0 0 ipvlan1
[root@k8s-1 ~]# ip netns exec net2 route add -net 172.12.10.0/24 dev ipvlan2
[root@k8s-1 ~]#
[root@k8s-1 ~]# ip netns exec net2 route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.12.10.0 0.0.0.0 255.255.255.0 U 0 0 0 ipvlan2
172.12.20.0 0.0.0.0 255.255.255.0 U 0 0 0 ipvlan2
[root@k8s-1 ~]# ip netns exec net1 ping 172.12.20.5
PING 172.12.20.5 (172.12.20.5) 56(84) bytes of data.
64 bytes from 172.12.20.5: icmp_seq=1 ttl=64 time=0.054 ms
64 bytes from 172.12.20.5: icmp_seq=2 ttl=64 time=0.061 ms
^C
--- 172.12.20.5 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1054ms
rtt min/avg/max/mdev = 0.054/0.057/0.061/0.008 ms
[root@k8s-1 ~]#
[root@k8s-1 ~]#
[root@k8s-1 ~]# ip netns exec net2 ifconfig -a
ipvlan2: flags=4291<UP,BROADCAST,RUNNING,NOARP,MULTICAST> mtu 1500
inet 172.12.20.5 netmask 255.255.255.0 broadcast 172.12.20.255
inet6 fe80::c:2900:28a:c329 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:8a:c3:29 txqueuelen 1000 (Ethernet)
RX packets 2 bytes 224 (224.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2 bytes 196 (196.0 B)
TX errors 0 dropped 7 overruns 0 carrier 0 collisions 0
lo: flags=8<LOOPBACK> mtu 65536
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@k8s-1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:8a:c3:29 brd ff:ff:ff:ff:ff:ff
inet 172.12.1.30/24 brd 172.12.1.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::18e1:8491:8e93:276b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:0f:c5:55:8c brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:fff:fec5:558c/64 scope link
valid_lft forever preferred_lft forever