Thursday, March 25, 2021

Linux virtual networking

Posted on March 25, 2021 by  with No comments

  1. Bridge

    • Linux bridge hoạt động như network switch. Nó forward packet giữa các interface. Nó thường được sử dụng để forward packet trên routers, gateways, giữa các VMs và network namespace trên 1 host. Bridge hỗ trợ STP, VLAN filter, multicast snooping
                

    • Cli

#brctl show
thiennl@VM-THIENNL:~$ brctl show
bridge name bridge id STP enabled interfaces
br-2d03c46e820a 8000.024213278b6a no
docker0 8000.02421791715d no

thiennl@VM-THIENNL:~$ ifconfig docker0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
ether 02:42:17:91:71:5d txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

thiennl@VM-THIENNL:~$ ifconfig br-2d03c46e820a
br-2d03c46e820a: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.17.1 netmask 255.255.255.0 broadcast 172.17.17.255
ether 02:42:13:27:8b:6a txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0




  • Bonded interface

  • Team Device

  • VLAN: 

    • Virtual LAN. VLAN chia nhỏ miền broadcast bằng cách gán các tags cho các network packets


    • Tạo VLAN
thiennl@ubuntu:~$ ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:c3:cb:c6 brd ff:ff:ff:ff:ff:ff
inet 172.17.16.47/24 brd 172.17.16.255 scope global dynamic ens33
valid_lft 1609sec preferred_lft 1609sec
inet6 fe80::20c:29ff:fec3:cbc6/64 scope link
valid_lft forever preferred_lft forever
3: ens38: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:c3:cb:d0 brd ff:ff:ff:ff:ff:ff

thiennl@ubuntu:~$ sudo ip link add link ens38 name ens38.2 type vlan id 2
[sudo] password for thiennl:
thiennl@ubuntu:~$ sudo ip link add link ens38 name ens38.3 type vlan id 3

thiennl@ubuntu:~$ ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:c3:cb:c6 brd ff:ff:ff:ff:ff:ff
inet 172.17.16.47/24 brd 172.17.16.255 scope global dynamic ens33
valid_lft 1553sec preferred_lft 1553sec
inet6 fe80::20c:29ff:fec3:cbc6/64 scope link
valid_lft forever preferred_lft forever
3: ens38: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:c3:cb:d0 brd ff:ff:ff:ff:ff:ff
4: ens38.2@ens38: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:c3:cb:d0 brd ff:ff:ff:ff:ff:ff
5: ens38.3@ens38: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:c3:cb:d0 brd ff:ff:ff:ff:ff:ff
    • Mô hình sau khi tạo vlan


    • Khi tạo vlan trên host, switch kết nối đến host phải hỗ trợ vlan tag (port kết nối đến host là mode trunk)

  • VXLAN

    • VXLAN là 1 tuneling protocol, nó đóng gói L2 frame với 1 VXALN header vào trong 1 UDP-IP packet

    • VXLAN ID (VXLAN Network Identifier) gồm 24bit -> có thể tạo được 2^24 virtual LAN
    • VXLAN thường được triển khai ở các host ảo hóa trong data center



  • MACVLAN

  • IPVLAN

  • MACVTAP/IPVTAP

  • MACsec

  • VETH




0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)