Linux使用tun模块实现tun/tap,tun工作在L3,tap工作在L2
# 查看和加载tun模块 modinfo tun lsmod | grep tun modprobe tun # 安装tunctl vi /etc/yum.repos.d/nux-misc.repo [nux-misc] name=Nux Misc baseurl=http://li.nux.ro/download/nux/misc/el7/x86_64/ enabled=0 gpgcheck=1 gpgkey=http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro yum --enablerepo=nux-misc install tunctl -y # 创建tap tunctl -t tap1 ip addr add 10.0.0.1/24 dev tap1 ip link set tap1 up一个namespace提供了一套独立的网络协议栈
# 创建namespace ip netns add ns1 # 将tap移入namespace ip link set tap1 netns ns1 ip netns exec ns1 ip addr add 10.0.0.1/24 dev tap1 ip netns exec ns1 ip link set tap1 up # 打开namespace的转发 ip netns exec ns1 sysctl -w net.ipv4.ip_forward=1veth pair用于连接两个虚拟网络设备
# 创建veth pair ip link add tap1 type veth peer name tap2 ip netns add ns1 ip netns add ns2 ip link set tap1 netns ns1 ip link set tap2 netns ns2 ip netns exec ns1 ip addr add 10.0.0.1/24 dev tap1 ip netns exec ns2 ip addr add 10.0.0.2/24 dev tap2 ip netns exec ns1 ip link set tap1 up ip netns exec ns2 ip link set tap2 up ip netns exec ns1 ping 10.0.0.2 ip netns exec ns2 ping 10.0.0.1bridge相当于一个二层交换机
yum install bridge-utils -y ip link add tap1 type veth peer name peer1 ip link add tap2 type veth peer name peer2 ip link add tap3 type veth peer name peer3 ip link add tap4 type veth peer name peer4 ip netns add ns1 ip netns add ns2 ip netns add ns3 ip netns add ns4 # 将veth pair的一端加入namespace ip link set tap1 netns ns1 ip link set tap2 netns ns2 ip link set tap3 netns ns3 ip link set tap4 netns ns4 # 创建bridge brctl addbr br1 # 将veth pair的另一端加入bridge brctl addif br1 peer1 brctl addif br1 peer2 brctl addif br1 peer3 brctl addif br1 peer4 ip netns exec ns1 ip addr add 10.0.0.1/24 dev tap1 ip netns exec ns2 ip addr add 10.0.0.2/24 dev tap2 ip netns exec ns3 ip addr add 10.0.0.3/24 dev tap3 ip netns exec ns4 ip addr add 10.0.0.4/24 dev tap4 ip link set br1 up ip link set peer1 up ip link set peer2 up ip link set peer3 up ip link set peer4 up ip netns exec ns1 ip link set tap1 up ip netns exec ns2 ip link set tap2 up ip netns exec ns3 ip link set tap3 up ip netns exec ns4 ip link set tap4 up ip netns exec ns1 ping 10.0.0.2 ip netns exec ns1 ping 10.0.0.3 ip netns exec ns1 ping 10.0.0.4linux本身就是一个路由器
cat /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward ip link add tap1 type veth peer name peer1 ip link add tap2 type veth peer name peer2 ip netns add ns1 ip netns add ns2 ip link set tap1 netns ns1 ip link set tap2 netns ns2 ip addr add 10.0.1.1/24 dev peer1 ip addr add 10.0.2.1/24 dev peer2 ip netns exec ns1 ip addr add 10.0.1.2/24 dev tap1 ip netns exec ns2 ip addr add 10.0.2.2/24 dev tap2 ip link set peer1 up ip link set peer2 up ip netns exec ns1 ip link set tap1 up ip netns exec ns2 ip link set tap2 up ip netns exec ns1 ip route add 10.0.2.0/24 via 10.0.1.1 ip netns exec ns2 ip route add 10.0.1.0/24 via 10.0.2.1 ip netns exec ns1 ping 10.0.2.2 ip netns exec ns2 ping 10.0.1.2在router的基础上建立ipip隧道
ip netns exec ns1 ip tunnel add tun1 mode ipip remote 10.0.2.2 local 10.0.1.2 ip netns exec ns2 ip tunnel add tun2 mode ipip remote 10.0.1.2 local 10.0.2.2 ip netns exec ns1 ip addr add 10.0.3.2/24 dev tun1 ip netns exec ns2 ip addr add 10.0.4.2/24 dev tun2 ip netns exec ns1 ip link set tun1 up ip netns exec ns2 ip link set tun2 up ip netns exec ns1 ip route add 10.0.4.0/24 dev tun1 ip netns exec ns2 ip route add 10.0.3.0/24 dev tun2 # iptables放行ipip iptables -I FORWARD -p 4 -j ACCEPT ip netns exec ns1 ping 10.0.4.2 ip netns exec ns2 ping 10.0.3.2配置vm1
ip link add vxlan1 type vxlan id 1 dstport 4789 group 239.1.1.1 dev ens33 ip addr add 10.0.0.1/24 dev vxlan1 ip link set vxlan1 up # iptables放行udp 4789 iptables -I INPUT -p udp --dport 4789 -j ACCEPT配置vm2
ip link add vxlan1 type vxlan id 1 dstport 4789 group 239.1.1.1 dev ens33 ip addr add 10.0.0.2/24 dev vxlan1 ip link set vxlan1 up # iptables放行udp 4789 iptables -I INPUT -p udp --dport 4789 -j ACCEPTvm1和vm2互ping
ping 10.0.0.2 ping 10.0.0.1