br0とveth(v0とv1)ブリッジを作成しましたが、相互運用できません。 tcpdump は、ICMP の IP ソースが変更されたことを示します。マスクが/ 24の場合、相互運用が可能です。ご協力ありがとうございます。
[root@VM-12-6-centos ~]# ip netns exec n1 ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
1147: v0@if1146: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 46:39:b5:cf:bd:b6 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.0.2/16 scope global v0
valid_lft forever preferred_lft forever
inet6 fe80::4439:b5ff:fecf:bdb6/64 scope link
valid_lft forever preferred_lft forever
[root@VM-12-6-centos ~]# ip netns exec n2 ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
1149: v1@if1148: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 56:c0:82:05:6f:7d brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.0.3/16 scope global v1
valid_lft forever preferred_lft forever
inet6 fe80::54c0:82ff:fe05:6f7d/64 scope link
valid_lft forever preferred_lft forever
[root@VM-12-6-centos ~]# ip netns exec n2 ping 192.168.0.2
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data. ^C
--- 192.168.0.2 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 81ms
[root@VM-12-6-centos ~]# ip netns exec n1 tcpdump -ni v0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on v0, link-type EN10MB (Ethernet), capture size 262144 bytes
23:49:35.395270 IP 10.0.12.6 > 192.168.0.2: ICMP echo request, id 7989, seq 1, length 64 23:49:40.562143 ARP, Request who-has
192.168.0.2 tell 192.168.0.3, length 28 23:49:40.562154 ARP, Reply 192.168.0.2 is-at 46:39:b5:cf:bd:b6, length 28
[root@VM-12-6-centos ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.12.1 0.0.0.0 UG 100 0 0 eth0
10.0.12.0 0.0.0.0 255.255.252.0 U 100 0 0 eth0
10.42.0.0 0.0.0.0 255.255.255.0 U 0 0 0 cni0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.20.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker_gwbridge
172.31.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-3f74298c82df
192.168.0.0 0.0.0.0 255.255.240.0 U 0 0 0 br-447c96a995be
[root@VM-12-6-centos ~]# brctl show bridge name bridge id STP enabled interfaces br-3f74298c82df 8000.0242cacea67f no vethf4618dd br-447c96a995be 8000.024273831baf no vethbf5d89d br0 8000.7ae1f3216832 no br-v0
br-v1 cni0 8000.52bc6b3b510e no veth0f9960a8
veth1cd3811c
veth2a89c6ed
veth3aeb1ce7
vethca9494e3 docker0 8000.0242fcf19461 no docker_gwbridge
8000.02420fc41a90 no veth85a243e
vethd1cfb42
ベストアンサー1
すべてが正しく機能するためには、2対のvethパイプを作成する必要があります。一方では、ブリッジに含める必要があります。ブリッジと veth インターフェイスは、ルートネットワークの名前空間で終了します。パイプv1とv2のもう一方の端は、それぞれ名前空間n1と名前空間n2にあります。例:
ip netns add n1
ip netns add n2
ブリッジに含まれる2つの端をbv1とbv2と呼びます。
ip link add v1 netns n1 type veth peer name bv1
ip link add v2 netns n2 type veth peer name bv2
ip link add br0 type bridge
ip link set br0 up
ip link set bv1 master br0
ip link set bv2 master br0
ip link set bv1 up
ip link set bv2 up
brctl show
bridge name bridge id STP enabled interfaces
br0 8000.d2dba1636571 no bv1
bv2
n1に移動:
nsenter --net=/var/run/netns/n1
ip addr add 192.168.0.2/16 dev v1
ip link set v1 up
ip link set lo up
exit
n2に移動:
nsenter --net=/var/run/netns/n2
ip addr add 192.168.0.3/16 dev v2
ip link set v2 up
ip link set lo up
exit
結果:
ip netns exec n1 ping -c2 -I v1 192.168.0.3
PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data.
64 bytes from 192.168.0.3: icmp_seq=1 ttl=64 time=0.265 ms
64 bytes from 192.168.0.3: icmp_seq=2 ttl=64 time=0.220 ms
ip netns exec n2 ping -c2 -I v2 192.168.0.2
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.195 ms
64 bytes from 192.168.0.2: icmp_seq=2 ttl=64 time=0.227 ms