linux虚拟网络设备之vlan配置详解
<p><span><strong>简介</strong></span></p>
<p>
VLAN是网络栈的一个附加功能,且位于下两层。首先来学习Linux中网络栈下两层的实现,再去看如何把VLAN这个功能附加上去。下两层涉及到具体的硬件设备,日趋完善的Linux内核已经做到了很好的代码隔离,对网络设备驱动也是如此,如下图所示:</p>
<p>
<img title="linux虚拟网络设备之vlan配置详解" alt="linux虚拟网络设备之vlan配置详解" src="https://zhuji.jb51.net/uploads/img/202305/6ee68a69afbd6d10f1d10f6984b77dfb.jpg"></p>
<p>
这里要注意的是,Linux下的网络设备net_dev并不一定都对应实际的硬件设备,只要注册一个struct net_device{}结构体(netdevice.h)到内核中,那么这个网络设备就存在了。该结构体很庞大,其中包含设备的协议地址(对于IP即IP地址),这样它就能被网络层识别,并参与路由系统,最有名的当数loopback设备。不同的设备(包括硬件和非硬件)的ops操作方法各不相同,由驱动自己实现。一些通用性的、与设备无关的操作流程(如设备锁定等)则被Linux提炼出来,我们称为驱动框架。</p>
<p>
<span><strong>linux虚拟网络设备之vlan配置 </strong></span></p>
<p>
我们通过一个网桥两个设备对,来连接两个网络名字空间,每个名字空间中创建两个vlan</p>
<p>
<img title="linux虚拟网络设备之vlan配置详解" alt="linux虚拟网络设备之vlan配置详解" src="https://zhuji.jb51.net/uploads/img/202305/bab30095ea73fa039df56160b3c38d27.jpg"></p>
<p>
借助vconfig来配置vlan:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_706454">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
<div class="line number10 index9 alt1">
10</div>
<div class="line number11 index10 alt2">
11</div>
<div class="line number12 index11 alt1">
12</div>
<div class="line number13 index12 alt2">
13</div>
<div class="line number14 index13 alt1">
14</div>
<div class="line number15 index14 alt2">
15</div>
<div class="line number16 index15 alt1">
16</div>
<div class="line number17 index16 alt2">
17</div>
<div class="line number18 index17 alt1">
18</div>
<div class="line number19 index18 alt2">
19</div>
<div class="line number20 index19 alt1">
20</div>
<div class="line number21 index20 alt2">
21</div>
<div class="line number22 index21 alt1">
22</div>
<div class="line number23 index22 alt2">
23</div>
<div class="line number24 index23 alt1">
24</div>
<div class="line number25 index24 alt2">
25</div>
<div class="line number26 index25 alt1">
26</div>
<div class="line number27 index26 alt2">
27</div>
<div class="line number28 index27 alt1">
28</div>
<div class="line number29 index28 alt2">
29</div>
<div class="line number30 index29 alt1">
30</div>
<div class="line number31 index30 alt2">
31</div>
<div class="line number32 index31 alt1">
32</div>
<div class="line number33 index32 alt2">
33</div>
<div class="line number34 index33 alt1">
34</div>
<div class="line number35 index34 alt2">
35</div>
<div class="line number36 index35 alt1">
36</div>
<div class="line number37 index36 alt2">
37</div>
<div class="line number38 index37 alt1">
38</div>
<div class="line number39 index38 alt2">
39</div>
<div class="line number40 index39 alt1">
40</div>
<div class="line number41 index40 alt2">
41</div>
<div class="line number42 index41 alt1">
42</div>
<div class="line number43 index42 alt2">
43</div>
<div class="line number44 index43 alt1">
44</div>
<div class="line number45 index44 alt2">
45</div>
<div class="line number46 index45 alt1">
46</div>
<div class="line number47 index46 alt2">
47</div>
<div class="line number48 index47 alt1">
48</div>
<div class="line number49 index48 alt2">
49</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash comments">#创建网桥</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain">brctl addbr br-</code><code class="bash functions">test</code><code class="bash plain">-vlan </code>
</div>
<div class="line number3 index2 alt2">
<code class="bash comments">#创建veth对儿</code>
</div>
<div class="line number4 index3 alt1">
<code class="bash plain">ip link add veth01 </code><code class="bash functions">type</code> <code class="bash plain">veth peer name veth10</code>
</div>
<div class="line number5 index4 alt2">
<code class="bash plain">ip link add veth02 </code><code class="bash functions">type</code> <code class="bash plain">veth peer name veth20 </code>
</div>
<div class="line number6 index5 alt1">
<code class="bash comments">#将veth对儿的一段添加到网桥</code>
</div>
<div class="line number7 index6 alt2">
<code class="bash plain">brctl addif br-</code><code class="bash functions">test</code><code class="bash plain">-vlan veth01</code>
</div>
<div class="line number8 index7 alt1">
<code class="bash plain">brctl addif br-</code><code class="bash functions">test</code><code class="bash plain">-vlan veth02 </code>
</div>
<div class="line number9 index8 alt2">
<code class="bash comments">#启动设备</code>
</div>
<div class="line number10 index9 alt1">
<code class="bash plain">ip link </code><code class="bash functions">set</code> <code class="bash plain">dev br-</code><code class="bash functions">test</code><code class="bash plain">-vlan up</code>
</div>
<div class="line number11 index10 alt2">
<code class="bash plain">ip link </code><code class="bash functions">set</code> <code class="bash plain">dev veth01 up</code>
</div>
<div class="line number12 index11 alt1">
<code class="bash plain">ip link </code><code class="bash functions">set</code> <code class="bash plain">dev veth02 up</code>
</div>
<div class="line number13 index12 alt2">
<code class="bash plain">ip link </code><code class="bash functions">set</code> <code class="bash plain">dev veth10 up</code>
</div>
<div class="line number14 index13 alt1">
<code class="bash plain">ip link </code><code class="bash functions">set</code> <code class="bash plain">dev veth20 up </code>
</div>
<div class="line number15 index14 alt2">
<code class="bash comments">#创建网络名字空间</code>
</div>
<div class="line number16 index15 alt1">
<code class="bash plain">ip netns add </code><code class="bash functions">test</code><code class="bash plain">-vlan-vm01</code>
</div>
<div class="line number17 index16 alt2">
<code class="bash plain">ip netns add </code><code class="bash functions">test</code><code class="bash plain">-vlan-vm02 </code>
</div>
<div class="line number18 index17 alt1">
<code class="bash comments">#将设备对儿的另一端添加到另个名字空间(其实在一个名字空间也能玩,只是两个名字空间更加形象)</code>
</div>
<div class="line number19 index18 alt2">
<code class="bash plain">ip link </code><code class="bash functions">set</code> <code class="bash plain">veth10 netns </code><code class="bash functions">test</code><code class="bash plain">-vlan-vm01</code>
</div>
<div class="line number20 index19 alt1">
<code class="bash plain">ip link </code><code class="bash functions">set</code> <code class="bash plain">veth20 netns </code><code class="bash functions">test</code><code class="bash plain">-vlan-vm02 </code>
</div>
<div class="line number21 index20 alt2">
<code class="bash comments">#分别进入两个名字空间创建vlan和配置ip</code>
</div>
<div class="line number22 index21 alt1">
<code class="bash comments">#配置名字空间test-vlan-vm01</code>
</div>
<div class="line number23 index22 alt2">
<code class="bash plain">ip netns </code><code class="bash functions">exec</code> <code class="bash functions">test</code><code class="bash plain">-vlan-vm01 </code><code class="bash functions">bash</code>
</div>
<div class="line number24 index23 alt1">
<code class="bash comments">#配置vlan 3001 和 vlan 3002</code>
</div>
<div class="line number25 index24 alt2">
<code class="bash plain">vconfig add veth10 3001</code>
</div>
<div class="line number26 index25 alt1">
<code class="bash plain">vconfig add veth10 3002</code>
</div>
<div class="line number27 index26 alt2">
<code class="bash comments">#启动两个vlan的设备</code>
</div>
<div class="line number28 index27 alt1">
<code class="bash plain">ip link </code><code class="bash functions">set</code> <code class="bash plain">veth10.3001 up</code>
</div>
<div class="line number29 index28 alt2">
<code class="bash plain">ip link </code><code class="bash functions">set</code> <code class="bash plain">veth10.3002 up </code>
</div>
<div class="line number30 index29 alt1">
<code class="bash comments">#分别在两个vlan上配置ip (这里简单起见,使用了同一个网段了IP,缺点是,需要了解一点儿路由的知识)</code>
</div>
<div class="line number31 index30 alt2">
<code class="bash plain">ip a add 172.16.30.1</code><code class="bash plain">/24</code> <code class="bash plain">dev veth10.3001</code>
</div>
<div class="line number32 index31 alt1">
<code class="bash plain">ip a add 172.16.30.2</code><code class="bash plain">/24</code> <code class="bash plain">dev veth10.3002 </code>
</div>
<div class="line number33 index32 alt2">
<code class="bash comments">#添加路由</code>
</div>
<div class="line number34 index33 alt1">
<code class="bash plain">route add 172.16.30.21 dev veth10.3001</code>
</div>
<div class="line number35 index34 alt2">
<code class="bash plain">route add 172.16.30.22 dev veth10.3002 </code>
</div>
<div class="line number36 index35 alt1">
<code class="bash comments">#配置名字空间test-vlan-vm02</code>
</div>
<div class="line number37 index36 alt2">
<code class="bash plain">ip netns </code><code class="bash functions">exec</code> <code class="bash functions">test</code><code class="bash plain">-vlan-vm02 </code><code class="bash functions">bash</code>
</div>
<div class="line number38 index37 alt1">
<code class="bash comments">#配置vlan 3001 和 vlan 3002</code>
</div>
<div class="line number39 index38 alt2">
<code class="bash plain">vconfig add veth20 3001</code>
</div>
<div class="line number40 index39 alt1">
<code class="bash plain">vconfig add veth20 3002</code>
</div>
<div class="line number41 index40 alt2">
<code class="bash comments">#启动两个vlan的设备</code>
</div>
<div class="line number42 index41 alt1">
<code class="bash plain">ip link </code><code class="bash functions">set</code> <code class="bash plain">veth20.3001 up</code>
</div>
<div class="line number43 index42 alt2">
<code class="bash plain">ip link </code><code class="bash functions">set</code> <code class="bash plain">veth20.3002 up</code>
</div>
<div class="line number44 index43 alt1">
<code class="bash comments">#分别在两个vlan上配置ip (这里简单起见,使用了同一个网段了IP,缺点是,需要了解一点儿路由的知识)</code>
</div>
<div class="line number45 index44 alt2">
<code class="bash plain">ip a add 172.16.30.21</code><code class="bash plain">/24</code> <code class="bash plain">dev veth20.3001</code>
</div>
<div class="line number46 index45 alt1">
<code class="bash plain">ip a add 172.16.30.22</code><code class="bash plain">/24</code> <code class="bash plain">dev veth20.3002 </code>
</div>
<div class="line number47 index46 alt2">
<code class="bash comments">#添加路由</code>
</div>
<div class="line number48 index47 alt1">
<code class="bash plain">route add 172.16.30.1 dev veth20.3001</code>
</div>
<div class="line number49 index48 alt2">
<code class="bash plain">route add 172.16.30.2 dev veth20.3002</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
查看一下vlan配置:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_132411">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash comments"># cat /proc/net/vlan/config </code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain">VLAN Dev name | VLAN ID</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash plain">Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD</code>
</div>
<div class="line number4 index3 alt1">
<code class="bash plain">veth10.3001 | 3001 | veth10</code>
</div>
<div class="line number5 index4 alt2">
<code class="bash plain">veth10.3002 | 3002 | veth10</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
现在,我们可以分别在两个名字空间来ping另外一个名字空间的两个IP,虽然两个IP都能ping通,但是使用的源IP是不同的,走的vlan也是不同的,我们可以在veth01/veth10/veth02/veth20/br-test-vlan 任意一个上抓包,会看到vlan信息:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_866983">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash comments"># tcpdump -i veth10 -nn -e</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain">tcpdump: verbose output suppressed, use -</code><code class="bash functions">v</code> <code class="bash plain">or -vv </code><code class="bash keyword">for</code> <code class="bash plain">full protocol decode</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash plain">listening on veth10, link-</code><code class="bash functions">type</code> <code class="bash plain">EN10MB (Ethernet), capture size 262144 bytes</code>
</div>
<div class="line number4 index3 alt1">
<code class="bash plain">15:38:18.381010 82:f7:0e:2d:3f:62 > 9e:58:72:fa:11:15, ethertype 802.1Q (0x8100), length 102: vlan <span style=</code><code class="bash string">"color: #ff0000;"</code><code class="bash plain">>3001<</code><code class="bash plain">/span</code><code class="bash plain">>, p 0, ethertype IPv4, <strong><span style=</code><code class="bash string">"color: #ff0000;"</code><code class="bash plain">>172.16.30.1 > 172.16.30.21<</code><code class="bash plain">/span</code><code class="bash plain">><</code><code class="bash plain">/strong</code><code class="bash plain">>: ICMP </code><code class="bash functions">echo</code> <code class="bash plain">request, </code><code class="bash functions">id</code> <code class="bash plain">19466, </code><code class="bash functions">seq</code> <code class="bash plain">1, length 64</code>
</div>
<div class="line number5 index4 alt2">
<code class="bash plain">15:38:18.381183 9e:58:72:fa:11:15 > 82:f7:0e:2d:3f:62, ethertype 802.1Q (0x8100), length 102: vlan <span style=</code><code class="bash string">"color: #ff0000;"</code><code class="bash plain">><strong>3001<</code><code class="bash plain">/strong</code><code class="bash plain">><</code><code class="bash plain">/span</code><code class="bash plain">>, p 0, ethertype IPv4, 172.16.30.21 > 172.16.30.1: ICMP </code><code class="bash functions">echo</code> <code class="bash plain">reply, </code><code class="bash functions">id</code> <code class="bash plain">19466, </code><code class="bash functions">seq</code> <code class="bash plain">1, length 64</code>
</div>
<div class="line number6 index5 alt1">
<code class="bash plain">15:38:19.396796 82:f7:0e:2d:3f:62 > 9e:58:72:fa:11:15, ethertype 802.1Q (0x8100), length 102: vlan 3001, p 0, ethertype IPv4, 172.16.30.1 > 172.16.30.21: ICMP </code><code class="bash functions">echo</code> <code class="bash plain">request, </code><code class="bash functions">id</code> <code class="bash plain">19466, </code><code class="bash functions">seq</code> <code class="bash plain">2, length 64</code>
</div>
<div class="line number7 index6 alt2">
<code class="bash plain">15:38:19.396859 9e:58:72:fa:11:15 > 82:f7:0e:2d:3f:62, ethertype 802.1Q (0x8100), length 102: vlan 3001, p 0, ethertype IPv4, 172.16.30.21 > 172.16.30.1: ICMP </code><code class="bash functions">echo</code> <code class="bash plain">reply, </code><code class="bash functions">id</code> <code class="bash plain">19466, </code><code class="bash functions">seq</code> <code class="bash plain">2, length 64</code>
</div>
<div class="line number8 index7 alt1">
<code class="bash plain">15:38:23.162052 82:f7:0e:2d:3f:62 > 9e:58:72:fa:11:15, ethertype 802.1Q (0x8100), length 102: vlan 3002, p 0, ethertype IPv4, 172.16.30.2 > <strong><span style=</code><code class="bash string">"color: #ff0000;"</code><code class="bash plain">>172.16.30.22<</code><code class="bash plain">/span</code><code class="bash plain">><</code><code class="bash plain">/strong</code><code class="bash plain">>: ICMP </code><code class="bash functions">echo</code> <code class="bash plain">request, </code><code class="bash functions">id</code> <code class="bash plain">19473, </code><code class="bash functions">seq</code> <code class="bash plain">1, length 64</code>
</div>
<div class="line number9 index8 alt2">
<code class="bash plain">15:38:23.162107 9e:58:72:fa:11:15 > 82:f7:0e:2d:3f:62, ethertype 802.1Q (0x8100), length 102: vlan 3002, p 0, ethertype IPv4, <strong><span style=</code><code class="bash string">"color: #ff0000;"</code><code class="bash plain">>172.16.30.22 > 172.16.30.2<</code><code class="bash plain">/span</code><code class="bash plain">><</code><code class="bash plain">/strong</code><code class="bash plain">>: ICMP </code><code class="bash functions">echo</code> <code class="bash plain">reply, </code><code class="bash functions">id</code> <code class="bash plain">19473, </code><code class="bash functions">seq</code> <code class="bash plain">1, length 64</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
如果试图从veth10.3001 去ping 172.16.30.22 是不能通的,因为是不同的vlan呀:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_55041">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash comments"># ping -I veth10.3001 172.16.30.22</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain">PING 172.16.30.22 (172.16.30.22) from 172.16.30.1 veth10.3001: 56(84) bytes of data.</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash plain">^C</code>
</div>
<div class="line number4 index3 alt1">
<code class="bash plain">--- 172.16.30.22 </code><code class="bash functions">ping</code> <code class="bash plain">statistics ---</code>
</div>
<div class="line number5 index4 alt2">
<code class="bash plain">9 packets transmitted, 0 received, 100% packet loss, </code><code class="bash functions">time</code> <code class="bash plain">8231ms</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
不适用vconfig的解法:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_50047">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">ip link add link veth10 name veth10.3001 </code><code class="bash functions">type</code> <code class="bash plain">vlan </code><code class="bash functions">id</code> <code class="bash plain">3001</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
另: vlan 一般以 设备名.vlanid 来命名,不过并非强制,如下命名为 vlan3003也是没问题的</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_183270">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash comments"># ip link add link veth10 name vlan3003 type vlan id 3003</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
<span><strong>注意:</strong></span>一个主设备上相同vlan好的子设备最多只能有一个</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_440282">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash comments"># ip link add link veth10 name vlan3001 type vlan id 3001</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash spaces"> </code><code class="bash plain">RTNETLINK answers: File exists</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
所以,正常来讲,一般是这样的:</p>
<p>
<img title="linux虚拟网络设备之vlan配置详解" alt="linux虚拟网络设备之vlan配置详解" src="https://zhuji.jb51.net/uploads/img/202305/5ddc89f64e1fa449d5754d9d738fad9b.jpg"></p>
<p>
参考: http://network.51cto.com/art/201504/473419.htm</p>
<p>
<span><strong>总结</strong></span></p>
<p>
以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作具有一定的参考学习价值,如果有疑问大家可以留言交流,谢谢大家对的支持。</p>
<p>
原文链接:https://phpor.net/blog/post/7109</p>
頁:
[1]