Linux创建Macvlan网络

最近在看Docker的网络，测试Macvlan部分时，发现Docker创建Macvlan与预期测试结果不一样。所以查阅了Linux下配置Macvlan，记录如下。

参考

1.Linux Macvlan
2.图解几个与Linux网络虚拟化相关的虚拟网卡-VETH/MACVLAN/MACVTAP/IPVLAN
3.创建macvlan的命令

环境

Centos7.9

准备

1. 安装包

[root@centos7-10 ~]# yum install -y net-tools iputils telnet traceroute iproute bridge-utils  

• net-tools：netstat命令
• iputils：ping命令
• telnet：telnet命令
• traceroute：traceroute命令
• iproute：ip命令
• bridge-utils：brctl命令

创建Macvlan

1. 创建命令

1.1 创建命令

• 命令说明

[root@centos7-10 ~]# ip link help
Usage: ip link add [link DEV] [ name ] NAME
                   [ txqueuelen PACKETS ]
                   [ address LLADDR ]
                   [ broadcast LLADDR ]
                   [ mtu MTU ] [index IDX ]
                   [ numtxqueues QUEUE_COUNT ]
                   [ numrxqueues QUEUE_COUNT ]
                   type TYPE [ ARGS ]

       ip link delete { DEVICE | dev DEVICE | group DEVGROUP } type TYPE [ ARGS ]
       
	   省略 ......
		   
		   ip link afstats [ dev DEVICE ]
		   
			 ip link help [ TYPE ]

TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | macvtap |
          bridge | bond | team | ipoib | ip6tnl | ipip | sit | vxlan |
          gre | gretap | ip6gre | ip6gretap | vti | nlmon | team_slave |
          bond_slave | ipvlan | geneve | bridge_slave | vrf | macsec }
[root@centos7-10 ~]# 

• TYPE 说明
  • macvlan 网络包括：private 、vepa 、bridge 、passthru 、source，概念参见 Linux Macvlan 和 图解几个与Linux网络虚拟化相关的虚拟网卡-VETH/MACVLAN/MACVTAP/IPVLAN

[root@centos7-10 ~]# ip link help macvlan  // TYPE类型是macvlan
Usage: ... macvlan mode MODE [flag MODE_FLAG] MODE_OPTS

MODE: private | vepa | bridge | passthru | source
MODE_FLAG: null | nopromisc
MODE_OPTS: for mode "source":
        macaddr { { add | del } <macaddr> | set [ <macaddr> [ <macaddr>  ... ] ] | flush }
[root@centos7-10 ~]# 

1.2 创建Macvlan

• 基于enp0s5创建两块macvlan网卡，分别是enp0s5.100

// 创建两个macvlan，模式bridge
[root@centos7-10 ~]# ip link add link enp0s5 name enp0s5.100 type macvlan mode bridge
[root@centos7-10 ~]# 
[root@centos7-10 ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s5: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:1c:42:ae:b6:41 brd ff:ff:ff:ff:ff:ff
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:e7:1d:3a:b1 brd ff:ff:ff:ff:ff:ff
18: enp0s5.100@enp0s5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 9a:a3:e9:6d:aa:af brd ff:ff:ff:ff:ff:ff

2. 设置命令

2.1 配置网卡

• 配置网卡 IP

// 配置IP，更多命令详见 ip address help
[root@centos7-10 ~]# ip addr add 10.211.55.129/24 dev enp0s5.100
[root@centos7-10 ~]# 
[root@centos7-10 ~]# ip a | grep -A3 enp0s5.100@enp0s5
18: enp0s5.100@enp0s5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 9a:a3:e9:6d:aa:af brd ff:ff:ff:ff:ff:ff
    inet 10.211.55.129/24 scope global enp0s5.100
       valid_lft forever preferred_lft forever
[root@centos7-10 ~]# 

• 配置混杂模式（promisc）

// 配置Promisc，更多命令详见 ip link set help
[root@centos7-10 ~]# ip link set enp0s5.100 promisc on
[root@centos7-10 ~]# ip a | grep -A3 enp0s5.100@enp0s5
18: enp0s5.100@enp0s5: <BROADCAST,MULTICAST,PROMISC> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 9a:a3:e9:6d:aa:af brd ff:ff:ff:ff:ff:ff
    inet 10.211.55.129/24 scope global enp0s5.100
       valid_lft forever preferred_lft forever
[root@centos7-10 ~]# 

• 启用网卡

// 启动网卡，更多命令详见 ip link set help
[root@centos7-10 ~]# ip link set enp0s5.100 up
[root@centos7-10 ~]# ip a | grep -A3 enp0s5.100@enp0s5
18: enp0s5.100@enp0s5: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9a:a3:e9:6d:aa:af brd ff:ff:ff:ff:ff:ff
    inet 10.211.55.129/24 scope global enp0s5.100
       valid_lft forever preferred_lft forever
[root@centos7-10 ~]# 

3. 测试网络

3.1 测试网络

• 测试网络

// ping 自己，通
[root@centos7-10 ~]# ping -c3 10.211.55.129
PING 10.211.55.129 (10.211.55.129) 56(84) bytes of data.
64 bytes from 10.211.55.129: icmp_seq=1 ttl=64 time=0.044 ms
64 bytes from 10.211.55.129: icmp_seq=2 ttl=64 time=0.054 ms
64 bytes from 10.211.55.129: icmp_seq=3 ttl=64 time=0.126 ms

--- 10.211.55.129 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.044/0.074/0.126/0.037 ms
// ping 网关，通
[root@centos7-10 ~]# ping -c3 10.211.55.1
PING 10.211.55.1 (10.211.55.1) 56(84) bytes of data.
64 bytes from 10.211.55.1: icmp_seq=1 ttl=128 time=0.299 ms
64 bytes from 10.211.55.1: icmp_seq=2 ttl=128 time=0.313 ms
64 bytes from 10.211.55.1: icmp_seq=3 ttl=128 time=0.299 ms

--- 10.211.55.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.299/0.303/0.313/0.021 ms
// ping 网络其它IP，通
[root@centos7-10 ~]# ping -c3 10.211.55.18
PING 10.211.55.18 (10.211.55.18) 56(84) bytes of data.
64 bytes from 10.211.55.18: icmp_seq=1 ttl=64 time=0.570 ms
64 bytes from 10.211.55.18: icmp_seq=2 ttl=64 time=0.507 ms
64 bytes from 10.211.55.18: icmp_seq=3 ttl=64 time=0.471 ms

--- 10.211.55.18 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.471/0.516/0.570/0.040 ms
// ping 外网，通
[root@centos7-10 ~]# ping -c3 www.baidu.com
PING www.a.shifen.com (110.242.68.3) 56(84) bytes of data.
64 bytes from 110.242.68.3 (110.242.68.3): icmp_seq=1 ttl=128 time=12.5 ms
64 bytes from 110.242.68.3 (110.242.68.3): icmp_seq=2 ttl=128 time=14.2 ms
64 bytes from 110.242.68.3 (110.242.68.3): icmp_seq=3 ttl=128 time=12.6 ms

--- www.a.shifen.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 3035ms
rtt min/avg/max/mdev = 12.503/13.130/14.244/0.800 ms
[root@centos7-10 ~]#