Linux中网络命名空间实战各种坑

root@ubuntu:/home/ubuntu# ip netns --helpCommand "--help" is unknown, try "ip netns help".
root@ubuntu:/home/ubuntu# ip netns helpUsage: ip netns list
       ip netns add NAME
       ip netns set NAME NETNSID
       ip [-all] netns delete [NAME]
       ip netns identify [PID]
       ip netns pids NAME
       ip [-all] netns exec [NAME] cmd ...
       ip netns monitor
       ip netns list-id

root@ubuntu:/home/ubuntu# ip netns add demoroot@ubuntu:/home/ubuntu# ip netns lsdemo

ip link add veth1 type veth peer name veth2

ip link set veth1 netns demo

ip addr add 172.17.0.1/24 dev veth2

ip link set dev veth2 up

root@ubuntu:/home/ubuntu# ifconfig -v veth2veth2: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500        inet 172.17.0.1  netmask 255.255.255.0  broadcast 0.0.0.0
        ether 8e:7e:64:ff:30:8a  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

root@ubuntu:/home/ubuntu# ip netns exec demo ip addr add 172.17.0.2/24 dev veth1root@ubuntu:/home/ubuntu# ip netns exec demo ip link set dev veth1 uproot@ubuntu:/home/ubuntu# ip netns exec demo ifconfigveth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500        inet 172.17.0.2  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::38d1:35ff:fe2a:757b  prefixlen 64  scopeid 0x20<link>
        ether 3a:d1:35:2a:75:7b  txqueuelen 1000  (Ethernet)
        RX packets 8  bytes 656 (656.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 8  bytes 656 (656.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

root@ubuntu:/home/ubuntu# ping 172.17.0.1PING 172.17.0.1 (172.17.0.1) 56(84) bytes of data.
64 bytes from 172.17.0.1: icmp_seq=1ttl=64time=0.107 ms
64 bytes from 172.17.0.1: icmp_seq=2ttl=64time=0.159 ms
64 bytes from 172.17.0.1: icmp_seq=3ttl=64time=0.158 ms
^C
---172.17.0.1 ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 2025ms
rtt min/avg/max/mdev =0.107/0.141/0.159/0.026 ms
root@ubuntu:/home/ubuntu# ping 172.17.0.2PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1ttl=64time=0.162 ms
64 bytes from 172.17.0.2: icmp_seq=2ttl=64time=0.096 ms
64 bytes from 172.17.0.2: icmp_seq=3ttl=64time=0.092 ms
^C
---172.17.0.2 ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 2148ms
rtt min/avg/max/mdev =0.092/0.116/0.162/0.034 ms
root@ubuntu:/home/ubuntu# ip netns exec demo ping 172.17.0.1PING 172.17.0.1 (172.17.0.1) 56(84) bytes of data.
64 bytes from 172.17.0.1: icmp_seq=1ttl=64time=0.217 ms
64 bytes from 172.17.0.1: icmp_seq=2ttl=64time=0.090 ms
64 bytes from 172.17.0.1: icmp_seq=3ttl=64time=0.096 ms
^C
---172.17.0.1 ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 2115ms
rtt min/avg/max/mdev =0.090/0.134/0.217/0.059 ms
root@ubuntu:/home/ubuntu# ip netns exec demo ping 172.17.0.2PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.

root@ubuntu:/home/ubuntu# ping 127.0.0.1connect: Network is unreachable
root@ubuntu:/home/ubuntu# ping 0.0.0.0connect: Network is unreachable
root@ubuntu:/home/ubuntu# ip link set dev lo uproot@ubuntu:/home/ubuntu# ping 0.0.0.0PING 0.0.0.0 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1ttl=64time=0.070 ms
64 bytes from 127.0.0.1: icmp_seq=2ttl=64time=0.086 ms
^C
---0.0.0.0 ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 1013ms
rtt min/avg/max/mdev =0.070/0.078/0.086/0.008 ms
root@ubuntu:/home/ubuntu# ping 172.17.0.2PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1ttl=64time=0.077 ms
64 bytes from 172.17.0.2: icmp_seq=2ttl=64time=0.087 ms
^C
---172.17.0.2 ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 1022ms
rtt min/avg/max/mdev =0.077/0.082/0.087/0.005 ms

root@ubuntu:/home/ubuntu# ip netns exec demo ping 114.114.114.114connect: Network is unreachable

root@ubuntu:/home/ubuntu# ip netns exec demo routeKernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.17.0.0      0.0.0.0         255.255.255.0   U     000 veth1

ip netns exec demo route add default gw 172.17.0.1
echo1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s172.17.0.0/24 -o enp0s2 -j MASQUERADE

root@ubuntu:/home/ubuntu# ip netns exec demo ping 114.114.114.114PING 114.114.114.114 (114.114.114.114) 56(84) bytes of data.
64 bytes from 114.114.114.114: icmp_seq=1ttl=58time=13.4 ms
64 bytes from 114.114.114.114: icmp_seq=2ttl=58time=7.34 ms
64 bytes from 114.114.114.114: icmp_seq=3ttl=58time=10.7 ms

root@ubuntu:/home/ubuntu# ip netns exec demo ping www.baidu.comping: www.baidu.com: Temporary failure in name resolution

root@ubuntu:/home/ubuntu# ip netns exec demo bashroot@ubuntu:/home/ubuntu# mkdir -p /etc/netns/demoroot@ubuntu:/home/ubuntu# vim /etc/netns/demo/resolv.confroot@ubuntu:/home/ubuntu# cat /etc/netns/demo/resolv.confnameserver 114.114.114.114

root@ubuntu:/home/ubuntu# strace  -f ip netns exec demo sleep 1 2>&1|egrep '/etc/|clone|mount|unshare'|egrep -vw '/etc/ld.so|access'unshare(CLONE_NEWNS)                    =0mount("", "/", 0x55ebf359d725, MS_REC|MS_SLAVE, NULL) =0umount2("/sys", MNT_DETACH)             =0mount("demo", "/sys", "sysfs", 0, NULL) =0openat(AT_FDCWD, "/etc/netns/demo", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) =5mount("/etc/netns/demo/resolv.conf", "/etc/resolv.conf", 0x55ebf359d725, MS_BIND, NULL) =0

root@ubuntu:/home/ubuntu# ip netns exec demo bashroot@ubuntu:/home/ubuntu# ping www.baidu.comPING www.a.shifen.com (36.152.44.95) 56(84) bytes of data.
64 bytes from 36.152.44.95 (36.152.44.95): icmp_seq=1ttl=49time=12.8 ms
64 bytes from 36.152.44.95 (36.152.44.95): icmp_seq=2ttl=49time=11.0 ms
64 bytes from 36.152.44.95 (36.152.44.95): icmp_seq=3ttl=49time=13.2 ms