Shulou(Shulou.com)06/01 Report--

This article is to share with you about how to analyze Linux veth pair, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

Linux veth pair detailed explanation

Veth pair is a kind of virtual network device interface that appears in pairs, one end is connected to the network protocol stack, and the other end is connected to each other. As shown in the following figure:

Because of this feature, it is often used to build virtual network topologies. For example, connecting two different network namespaces (netns), connecting docker containers, connecting bridges (Bridge) and so on, one of the common cases is that the underlying layer of OpenStack Neutron uses it to build a very complex network topology.

How to use it?

Create a pair of veth

Ip link add type veth peer name experiment

We modified the netns experiment we completed in the previous section, using veth pair to connect the two isolated netns. As shown in the following figure:

We first create a pair of veth devices, move the veth devices to each of the two netns and start them.

# create a pair of vethip link add veth0 type veth peer name veth2# to move veth to netns, ip link set veth0 netns ns0ip link set veth2 netns ns1# to start ip netns exec ns0ip link set veth0 upip netns exec ns1 ip link set veth2 up

Next, let's test it.

Use ip netns exec ns0 ping 10.0.0.2 to test network connectivity to tap1 in the namespace ns0.

PING 10.0.0.2 (10.0.0.2) 56 (84) bytes of data.From 10.0.0.1 icmp_seq=1 Destination Host UnreachableFrom 10.0.0.1 icmp_seq=2 Destination Host UnreachableFrom 10.0.0.1 icmp_seq=3 Destination Host Unreac hable ^ C-- 10.0.0.2 ping statistics-5 packets transmitted, 0 received, + 3 errors, 100% packet loss, time 77mspipe 4

Use ip netns exec ns1 ping 10.0.0.1 to test network connectivity to tap0 in the namespace ns1.

PING 10.0.0.1 (10.0.0.1) 56 (84) bytes of data.From 10.0.0.2 icmp_seq=1 Destination Host UnreachableFrom 10.0.0.2 icmp_seq=2 Destination Host UnreachableFrom 10.0.0.2 icmp_seq=3 Destination Host Unreac hable ^ C-- 10.0.0.1 ping statistics-4 packets transmitted, 0 received, + 3 errors, 100% packet loss, time 108mspipe 4

What happened? Why is the network still not working? The answer is that there is a problem with the routing configuration.

Use ip netns exec ns0 route-n to view the routing table of ns0.

Kernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0

Use ip netns exec ns1 route-n to view the routing table of ns1.

Kernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap1

Originally, all the traffic accessing 10.0.0.0amp 24 is sent from the tap device, and because the tap device is not connected to other devices, the data packets sent out will not be processed, so the destination IP is still not accessible. Let's modify the route so that the traffic accessing 10.0.0.0amp 24 is sent from the veth device.

# modify the route exit to vethip netns exec ns0 ip route change 10.0.0.0 dev veth0ip netns exec ns1 ip route change 24 via 0.0.0.0 dev veth0ip netns exec ns1 ip route change 10.0.0.0 Universe 24 via 0.0.0.0 dev veth2

Let's take a look at the routing again.

Use ip netns exec ns0 route-n to view the routing table of ns0.

Kernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 veth0

Use ip netns exec ns1 route-n to view the routing table of ns1.

Kernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 veth2

Finally, let's test it again.

Use ip netns exec ns0 ping 10.0.0.2 to test network connectivity to tap1 in the namespace ns0.

PING 10.0.0.2 (10.0.0.2) 56 (84) bytes of data.64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.031 ms64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.035 ms64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.037 ms64 bytes from 10.0.0.2: icmp_seq=4 ttl=64 time=0.043 Ms ^ C-- 10.0.0.2 ping statistics-4 packets transmitted, 4 received, 0% packet loss Time 103msrtt min/avg/max/mdev = 0.031 ms 0.036 max 0.043 Universe 0.007

Use ip netns exec ns1 ping 10.0.0.1 to test network connectivity to tap0 in the namespace ns1.

PING 10.0.0.1 (10.0.0.1) 56 (84) bytes of data.64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.027 ms64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.047 ms64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.051 ms64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=0.042 Ms ^ C-- 10.0.0.1 ping statistics-4 packets transmitted, 4 received, 0% packet loss Time 66msrtt min/avg/max/mdev = 0.027amp 0.041 ms 0.051 pound 0.012

You can see that we successfully connected the two isolated netns together using veth pair.

However, this kind of network topology has a drawback. With the increase of network devices, the complexity of network connection will increase exponentially. If you connect three netns, the network connection will look like the following figure

If you connect four netns, the network connection will look like the following figure

If there are five devices.

Is there any technology that can solve this problem? The answer is yes, Linux Bridge. In the next section, we will use bridges to connect multiple isolated netns, so that the network connection is very clean.

The above is how to analyze Linux veth pair, the editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.